back to article Cyber security challenge organisers in email privacy blunder

Organisers of the UK's cyber security challenge committed an embarrassing email blunder by inadvertently revealing the email addresses of everyone who entered a forensics challenge to each other. A single challenge registration confirmation email was CCed to everyone who entered, handing over a complete email list in the …

COMMENTS

This topic is closed for new posts.
  1. Alexander Hanff 1

    Common Problem

    About 2 years ago when switching email address I sent a notification to all my press contacts (including el reg) and did exactly the same thing - which is more than a little embarrassing for a privacy advocate.

    Of course, now I am very careful to use BCC, but it is a common problem (I receive a lot of emails with other parties cc'd instead of bcc'd).

  2. Anonymous Coward
    FAIL

    Amateurs

    I looked at that site when it was launched, and concluded that it was run by a bunch of f*cking amateurs. The long delay in getting anything running (and an extended period when the site was misconfigured) did not change my opinion. Thankfully I didn't sign up, as this latest cock-up shows how sloppy the whole thing is.

    1. Anonymous Coward
      Flame

      This level of incompetence

      This level of incompetence puts them at want to be class which is below amateur.

  3. Anonymous Coward
    Anonymous Coward

    It didn't include EVERYONE....

    I registered and got a response last month, Neither the confirmation or the notification emails had other addresses on and, correspondingly, i didn't get the affected email. I can only presume it was one batch of emails that was affected and not the entire population of the competition. Still, nice to know that so-called experts are not as clever as we think they are.

  4. Peter 39
    Alert

    sanity check

    'Bout time emailers did a sanity check if you try to send to hundreds and hundreds.

    At least make it an option so you're prompted "Are you sure?"

    I once received one with 88K of addresses. It was the company's entire list of customers, and included some addresses that had previously been kept very quiet.

  5. Anonymous Coward
    Thumb Up

    It dint include everyone!

    I've registered for it too and dint really get any emails with any such details. However, just to quote that these guys have been extremely helpful and very professional in all the emails.I wish them the very best!

  6. Anonymous Coward
    Flame

    trivial my ASS

    Gross incompetence is never trivial.

    This kind of fuck up says a lot about the organization.

  7. Martin Lee 1

    People make mistakes...

    which is why there is a security industry. If everything was always perfect there wouldn't be a need for security professionals. Even supposedly professional security people sometimes make mistakes or implement systems that allow this kind of thing to happen.

    Maybe the really interesting nugget of information is the relatively small number of recipients of the email. Only 150 or so people correctly completed the cipher challenge out of a few thousand entrants (IIRC), this email run was sent to only 370 individuals. Maybe the number of people working or interested in the security domain in the UK is smaller than I imagined.

  8. Anonymous Coward
    FAIL

    Rubbish!

    I agree with Anonamous - I looked at the site when it started and it took them quite a while to get the challenges up and running.

    Unfortunatly I was on the receiving end of this email and find it hard to believe an organisiation based around cyber security can fu*k up like this! I guess it must have been an administration issue where some unfortunate staff member probably with no knowledge of cyber security had been given the task to send this out.

    I suppose on the up side, I now have a list of 369 email address of potential IT professionals that I can now contact to help configure my firewall </Sarcasm>

This topic is closed for new posts.

Other stories you might like