Case Study: Email Lists leaked

Saturday, June 23, 2007

This is a real case study of a email list of a startup being leaked not because their servers were hacked but fairly because of a small mistake that they did.

The startup is a Local Search engine for india and with very impressive UI and features but the mistake they did was in their monthly newsletter they sent the emails to all of their members with whats new and whats happening. They sent that newletter to whole of their userbase of a city (where they are based) in the cc list of the email.

Whole userbase of the city was in the cc list and everybody was able to see the email addresses of the users. At first i just notifed the concerned person of the company and he agreed of making the mistake and was very sorry about it, but things become worst when people started to reply to all the people and after sometime people started to count the email addresses and make guesses of how many registered users they have.

Now what are the implications of such an error ?

1) Confidentiality of users breached
2) Trust is lost
3) Business takes a hit (people like to bitch about others mistakes)
4) Bloggers started writing about the blunder (free marketing but bad stuff)
5) The leaked list can be used by a spammer which is worst, users take a hit

What can be done to avoid it ?

1) A security policy on list management would have helped stopped the disaster.
2) If they would have used a simple mail merge utility that costs around $10, it would have send personalized newsletters which is more pleasing than one email for everybody
3) Startups work just to get the work done and that is the reason these small things dont matter much to them
4) A simple checklist would have helped stopping the disaster.


Small things make or break companies so its always better to make sure what you are doing on the customer facing site.

A simple security policy for list management would have helped stop the error.

The incident might be soon forgotten but the people whose emails got leaked will ultimately pay the price.

-- Anish

0 comments:

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP