On Fri, May 31, 2019 at 01:17:19PM +0000, Richard wrote: > When I have looked into this type of issue for my unique addressing > some did trace back to back-end db hacks (e.g., adobe), but I found > that the most likely culprit was the 3rd-party bulk mailer that > handled the organization's marketing mail. It could be a non-zeroed > disk thrown into the trash or an inside job, but it almost always > traced back to one or two bulk mailing companies.
FYI, I've been running numerous experiments in this area for many years using unique non-guessable non-typo'able addresses. Explaining the results in full would take many pages, so let me summarize: 3rd party bulk mailers leak like sieves. "How?" remains an open question: could be that they're selling, could be that they have security issues, could be that insiders are selling on their own, could be any number of things: it's really not possible to say. But they are unquestionably leaking. This is hardly surprising: many of them are spammers-for-hire, many of them use invasive tracking/spyware, and none of them actually care in the slightest about privacy or security -- after all, it's not *their* data, why should they? Which are some of the many reasons that outsourcing your mailing lists is a terrible idea, doubly so when it's quite easy to run your own with Mailman (or equivalent). ---rsk
