Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission + - Ask Slashdot: Telling vendor email was compromised 2

John Jorsett writes: I create for myself a unique email address for every vendor with which I do business, and that address isn't kept in my address book. When a spammer sends something to that address, I know that the vendor's email address database has been compromised. Trouble is, when I notify the vendor that their customer's email addresses are leaking and that they should check their security, I get no response and, as far as I can tell, no action is ever taken. I just change to a different email address, so should I even be bothering with notification, and if so, what's the best way to inform a vendor that their security needs attention?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Telling vendor email was compromised

Comments Filter:
  • Could mean a compromise but more likely they sold the data. Many times hidden in the privacy policy companies say they sometimes will "share" the data with partners, etc.
    • Unlikely that any of them sold it, at least formally. The spam I get is so crude (typically one or two lines, ungrammatical, misspelled, sometimes just a link by itself) that whatever is originating it can't have paid the price for a confirmed email address of a business customer and then wasted it on something so obviously spam. While it might be a rogue employee at every one of these businesses, I think it's more probable that it was obtained thru an easy hack on the business' web site.

Computer programmers do it byte by byte.