Forgot your password?
typodupeerror
Security

+ - Ask Slashdot: Telling vendor email was compromised 2

Submitted by John Jorsett
John Jorsett (171560) writes "I create for myself a unique email address for every vendor with which I do business, and that address isn't kept in my address book. When a spammer sends something to that address, I know that the vendor's email address database has been compromised. Trouble is, when I notify the vendor that their customer's email addresses are leaking and that they should check their security, I get no response and, as far as I can tell, no action is ever taken. I just change to a different email address, so should I even be bothering with notification, and if so, what's the best way to inform a vendor that their security needs attention?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Telling vendor email was compromised

Comments Filter:
  • Could mean a compromise but more likely they sold the data. Many times hidden in the privacy policy companies say they sometimes will "share" the data with partners, etc.
    • Unlikely that any of them sold it, at least formally. The spam I get is so crude (typically one or two lines, ungrammatical, misspelled, sometimes just a link by itself) that whatever is originating it can't have paid the price for a confirmed email address of a business customer and then wasted it on something so obviously spam. While it might be a rogue employee at every one of these businesses, I think it's more probable that it was obtained thru an easy hack on the business' web site.

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...