An Article from Aaron's Article ArchiveInsecure Companies Leak My Email Address: Vonage and Zions Bank
Photo: Fire in the Saddle (Timbertop Mountain)IPv4You are not logged in. Click here to log in.
Use Google to search aarongifford.com:
Insecure Companies Leak My Email Address: Vonage and Zions Bank
Wednesday, 26 May 2010 9:25 AM MDT
I'm one of those paranoid people who creates a new email address for each and every different service I sign up for or organization I give out my address to. That allows me to track down problems more easily, and also, should I start receiving junk mail at an address, identify the organization who leaked my information.
For the past few years, I've been getting junk email to an address I created exclusively for and only used for communicating with Zions Bank, an address that would be relatively difficult for a spammer or junk emailer to guess. Fortunately the junk mail volume is fairly low, but it does make me wonder, how did a bank, those financial organizations we trust with our money, managed to drop my email address into the hands of spammers?
Just today I got my first item of junk mail addressed to my old Vonage VoIP email address. Several years ago, I was a Vonage customer. I created the email address back then exclusively for communications with Vonage, and it too would be relatively difficult for a junk mail sender to guess out of the blue, even using a dictionary to brute-force attack my mail server.
I haven't been a customer of Vonage for years, but now I start getting junk email via the address that only Vonage should have had on record. Oops! Looks like Vonage's customer data is insecure just like Zions Bank's customer data.
It's difficult to want to trust either of these organizations in the future. At least it (so far) appears to only be my email address, and not other personal information. I don't see any unusual activity to indicate identity theft, but I'll certainly keep my eyes open.
Good luck, Zions Bank and Vonage, in earning my trust in the future. Once trust is broken, it's difficult to earn it back.
[UPDATE: 06 September 2011]
Fidelity Investments now joins the list of email leakers in this Hall of Shame. [EDIT: Link to 'blog entry added 17 Apr. 2012]
I suppose I have to include The Official Time Waster's Guide forums as well. Apparently in April of 2011, a hacker exploited a software bug and stole the forum database. Fortunately the passwords were hashed (sort of like being encrypted). In late August, I discovered junk mail addressed to my unique address, and so logged into the web site and changed my email address and posted alerts to other users about the problem. A quick Google search had turned up a few posts about the hack including links to the user database. Sadly after I reported the problem, the forum administrators decided to retire the site, because upgrading the software to close the security hole would require too much time. I totally understand, but nevertheless am a bit sad. (Even though I didn't frequent the site much.)
[UPDATE: 17 April 2012]
I forgot to add Equifax to the Hall of Shame back in December. This should remedy that omission.