back to article El Reg in email address blunder

Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers. Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry. We would like to offer our genuine and …

COMMENTS

This topic is closed for new posts.

Page:

  1. Eponymous Retard
    FAIL

    Ooops!

    Wonder how many aeons will pass before you live this one down...

    1. Anonymous Coward
      Anonymous Coward

      Pastebin

      It's already on Pastebin :( So I think they're pretty much NEVER going to live it down!

    2. This post has been deleted by its author

      1. Fryerman

        Well, that's an easy one; 'coz they're reporters. It's their job to report on that sort of stuff. Don't confuse the hacks who do the stories with the tit in the IT dept who caused this fuck up. It's good to see them own up and follow the correct procedures.

        1. raving angry loony

          quick on the trigger there Fryerman.

          Pretty quick to blame the "tit in the IT dept" aren't you sunshine? Why would someone in IT be sending out emails though? It's more likely to be someone in marketing or management - that's my usual blame target. People who don't listen to IT tell them for the Nth bloody time to not do it that way.

  2. AceRimmer
    WTF?

    How many

    "46,524 of our readers."

    Personally, I'm just astonished that you have more than 50 readers!

    1. Jim jimminy jim jim jim jim

      you need to type more carefully, you put the 0 in the wrong place....

    2. dredmorbius
      Holmes

      It's one reader ...

      ... with a very bad case of OCD.

      ... not to mention talking to myself.

      But I knew that already.

    3. Wize

      And have they let everyone...

      ...who's address was sent out know they won the lucky raffle?

      1. adfh
        Thumb Up

        I concur.. should we be receiving notifications if our details have been leaked?

  3. Samo

    Well, I guess even the hacks ^H^H^H^H^H techies in El Reg can make mistakes in a hurry...

    Are the vultures circling the person who pressed the SEND button?

  4. Anonymous Coward
    Anonymous Coward

    ffs

    awwww, damn. I didn't get a copy. let me know next time, yeh ?

    1. Fred Flintstone Gold badge
      Facepalm

      Pssst,

      Well, what's a copy worth to you? Genuine, live email addresses, just waiting for you to send them anything you like. All you need is to make sure it appears to come from The Register, and especially titles like "BOFH" will ensure it'll get opened.

      Actually, no, I'm keeping it for myself. Still have some water in powder form to sell..

      Duh. Duh. Duh. Next time, drink coffee first, THEN start work...

    2. wayward4now
      Linux

      Me neither!!

      I didn't get a copy either! Now I'm REALLY jerked.

    3. John Gamble
      Alien

      Re: ffs

      Yeah, me neither. What, I don't rate a good e-mail leak?

      Alien pic chosen as the only good approximation of a pout available.

      1. Danny 14
        Thumb Up

        hmm

        wonder if I got one, i'll need to remember the logon to the spam hotmail account to do so.

  5. Tom 15
    Mushroom

    Ouch

    Ouch

    1. melt
      1. A. Lewis
        1. BoldMan
          1. Dunstan Vavasour

            D'oh

            D'oh

    2. Roger 11
      1. Shannon Jacobs

        ouch

        ouch

        Why doesn't the Reg support stronger downstream anti-spam tools to help break the spammers' "business" models? Right now most of the effective anti-spam work is being done upstream by Microsoft.

    3. Anonymous Coward
      Anonymous Coward

      Yikes!

      1. Alan Esworthy
        Megaphone

        Eek

        Eek

    4. Lupus

      I'm not angry, just disappointed.

  6. Whitter
    Unhappy

    Hurry schmurry.

    You do know that the system should be designed so you can't do that, right?

    1. Anonymous Coward
      Anonymous Coward

      Easier said than done. Set one flag wrong in a sql query and it doesn't matter how many tests. I'd like to know why the email address was compiled in the first place though.

      1. A. Lewis

        ^This

        My first thought was "where were you trying to send the list of names and e-mail addresses?"

        1. Nasty Nick
          Holmes

          yes, yes, A. Lewis, this is the big issue on this one,

          Go on, Reg, tell us the truth, the whole truth and nothing but the truth..

          Reg, good that you fessed, but when you've told 3,521 of the nosiest and nosiest readers around, there was no other option.

          But once you'd decided to fess, there was no point fudging, and that explanation is straight from the fudge factory.

          You'd have got more credibility by telling the whole, awful truth. Or, is it that the Reg minion really meant to send out bulk email addresses, unencrypted, by email, but just got the wrong address list!

          And when they realised it was hitting the fan, they tried to kill the send, but only managed to do it after it had got down to the 3,521st address!!.

          I think we should be told.

      2. Daf L
        Facepalm

        I'm not sure that the Register marketing department would be setting SQL flags (whatever they are?) or getting anywhere near SQL. I presume they were adding field codes, which should always be programmed to make sure that the sender can see a post merged sample before sending.

        Pretty freakin' poor show if you ask me. A company who goes to great pleasure in sneering at other organisations who commit the same mistake, then doesn't have the same tight controls it 'demands' of others is more than a bit hypocritical.

        I wonder whether the Register would have been so forthcoming in divulging this information if it wasn't so readily going to be exposed very quickly by one of the thousands who received it?

        I'm sure "lessons will be learned", "procedures will be tightened" and so forth in line with everyone else and it will be done about the same time they find $20 to fork out on an SSL certificate to protect your login to the site!

        However, now for some people there will be some nice targeted spam with your name attached and some nice IT related text. Luckily no will fall for the inevitable targeted phishing attacks - will they?

        1. Jobless
          WTF?

          Oh dear

          How on earth are they hyporcritical??

          hypocritcial - of the natureof hypocrisy, or pretense of having virtues, beliefs, principles, etc., that one does not actually possess.

          Key word being pretense - in no way did they show pretense in not wanting to live up to these values .... they just screwed up! You're saying that they never had any intention of repsecting privacy???

          Fail.

    2. Anonymous Coward
      Anonymous Coward

      and if you can do that

      many millions await you. Blocking this from happening would have required a system to scan the content of the message being sent and to detect that it contained thousands of addresses rather than standard marketing material. Maybe not so difficult in this instance, but making it 100% effective would be a challenge.

      The recent Hays cockup was caused (I have it on unreliable authority) <http://www.theregister.co.uk/2011/08/24/hays_rbs_email_fail/> by someone picking the wrong file to attach from a directory - instead of a standard HR attachment, they got a list of everyone's day rates.

      It's an old but true saying: anyone can make a system foolproof; with some effort and skill you can even make it idiotproof; but no-one will ever make a system cretinproof.

      1. XMAN

        if(count($email_addresses)>10)

        if(count($email_addresses)>10){

        echo 'WARNING: Your email is going out to '.count($email_addresses).' people. Are you sure you want to do this?';

        }

        1. Shannon Jacobs
          Holmes

          They did want to do that

          What they did NOT want to do was include the payload with the email addresses.

      2. The Jester
        Stop

        Firewalls

        Many (decent) firewalls block emails with a large (>100) number of recipients by default.

      3. Anonymous Coward
        Anonymous Coward

        How about...

        A system that scans the email and rejects for further review anything with more than, say, 100 '@' symbols in it?

        1. Anonymous Coward
          FAIL

          Or how about ...

          ... a mailing system that sends one email to one recipient at a fucking time. That's all your mass-mailer should be able to do. For anything else, use vanilla email.

          If your system is capable of including mass customer data in a mass email, it is broken.

      4. Anonymous Coward
        Anonymous Coward

        Been there done that...

        http://media.checkpoint.com/flash/dlp-demo/index.html

        1. adfh
          Happy

          Big brother has never seemed so smiley and PR video ready :)

      5. Rex Alfie Lee
        FAIL

        I notice the reason you didn't put your name on your puppet is because you have absolutely zero idea of what you speak. The protections to stop this kind of idiocy aren't that hard. Marketing database, check emails against customers, yes 4 thou customers, check respondent companies, check, many companies get our email customers, no, false, stop... See, pretty easy logic. Now please refrain from talking crap...

    3. Anonymous Coward
      Happy

      Nah, editors should be trained so that they won't do that instead.

      Makes you wonder; is this part of an El Reg plot? As soon as the government comes knocking on their door /someone/ hits this big red "DON'T PUSH" button and all accounts get sent across the Innernet?

  7. Rob Kendrick
    FAIL

    BitTorrent?

    I wonder how long this data will take to appear on BitTorrent. You only need one person out of the 3,512 people to be a shit. And to be honest, that's quite likely :)

    1. Aulty

      email list

      How much could I sell this list for ?

      1. Cliff

        Seeing as it is freely up on pastebin for every spambot to find, £0.00, I imagine.

  8. Anonymous Coward
    Anonymous Coward

    hahahahahahahahahahahahahahaha

  9. Caff

    Managers love incident reports.

    When can we expect the full incident report with a follow up detailing process improvements to ensure no repeat incident occurs.

    1. Patrick O'Reilly

      CC us

      When you're sending off your report to the ICO be sure to CC the rest of us.

      1. Jason 24
        Facepalm

        I'll take a BCC cheers

        1. Anonymous Coward
          Anonymous Coward

          Umm...

          Umm, yea, that was the joke.

          Anonymous... until the next "oops".

Page:

This topic is closed for new posts.