Splitcoaststampers.com - the world's #1 papercrafting community
You're currently viewing Splitcoaststampers as a GUEST. We pride ourselves on being great hosts, but guests have limited access to some of our incredible artwork, our lively forums and other super cool features of the site! You can join our incredible papercrafting community at NO COST. So what are you waiting for?
I might be overreacting. I probably am, but wonder what all of you think.
A company that many of us enjoy has a generous policy of giving away gift certificates. You sign up for their newsletters and then they have drawings from their subscribers to give away the gift certificates. In the newsletter they list the winners name and then most of the winners email address. Here is a made-up example.
Susie Stamper email address Sus****[email protected].
My problem is that many people could easily figure out that the email address is probably [email protected]. So if that is your email now everyone on the newsletter list has your name and email address.
I have over the years commented to the company when they have sent out surveys etc. that I wish they would change this policy. This week they made a mistake and forgot to put the **** into the newsletter. I know I have provided them with my personal information, but do you think they should publish that information to all of their subscribers? Customer Service just said unsubscribe if it bugs you. I do enjoy the inspiration they supply and would like to keep getting their emails, but I don't want hundreds of people having access to my personal information. Does this bother you?
Yes it absolutely would. That is irresponsible of them to me. They dont need to put your email in there at all.
You giving them your info is NOT the same thing as putting it out in the world like that. Which is why all the companies bend over backwards to make us know they don't sell it etc. What are they going to do to help you if you start getting spammed?
I have never seen that. Usually I see them list names and ask you to email them your info.
I think that is ridiculous. I personally would unsubscribe. I don't care how much I liked them. Did you speak to the company owner? If not, I would try to directly. You may get a very different response, esp if you say you have no choice but unsubscribe.
I don't think that you're overreacting at all. This is incredibly irresponsible and is likely violating their privacy policy, as well. I would suggest reading their privacy policy and copying/pasting whatever relevant info is there in my next email to the company. Is there some kind of web watchdog agency that could weigh in on this?
I have an email address just for blogs and newsletters and I use it every time I am prompted at a website. I get lots of junk mail and empty it out every morning when I am checking my actual email address. I wouldn't really care, I don't think, if my email was in a crafty newsletter. Whats the worst that could happen, I get more junk mail? Maybe I'm missing something - is there something horrible that could happen and I just don't know it? I guess I figure the majority of websites sell or share your info anyway even if they tell you they don't.
__________________ "For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack" ~Rudyard Kipling my gallery
I have an email address just for blogs and newsletters and I use it every time I am prompted at a website. I get lots of junk mail and empty it out every morning when I am checking my actual email address. I wouldn't really care, I don't think, if my email was in a crafty newsletter. Whats the worst that could happen, I get more junk mail? Maybe I'm missing something - is there something horrible that could happen and I just don't know it? I guess I figure the majority of websites sell or share your info anyway even if they tell you they don't.
In this day of cyber-bullies and smear campaigns and all the rest of it, you just never know what any particular individual might do with your personal information. I personally know several people who took down blogs and/or erased all trace of themselves online because of attacks through their email. If someone is intent on getting your information I'm sure they could do it, but why make it easier for them? Better to stay as protected as possible, which is why websites have privacy policies in the first place, I would assume...
In this day of cyber-bullies and smear campaigns and all the rest of it, you just never know what any particular individual might do with your personal information. I personally know several people who took down blogs and/or erased all trace of themselves online because of attacks through their email. If someone is intent on getting your information I'm sure they could do it, but why make it easier for them? Better to stay as protected as possible, which is why websites have privacy policies in the first place, I would assume...
I agree, it doesn't need to be made easier. I guess in this case I just figure it was a mistake that someone made in not ***ing out the email address and I would say odds are that no harm came of it. I think that blocking parts of an email address is fine though.
__________________ "For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack" ~Rudyard Kipling my gallery
Our privacy is being compromised everywhere and every day. I take pains to be as anonymous out there as possible and what you describe sounds very sketchy and risky to me.
I am also very distrusting of Alexa and all that AI as well. There are just wayyyy too many ways to track us and our activities. My privacy is very important to me, as much as is possible nowadays anyway.
Want to hear something creepy? Coworkers and I were just chatting over lunch one day and health concerns came up..no one was actually on their phones but we all had them in the vicinity. That evening one lady had ads pop up on her Pinterest feed - ads for the very product she had mentioned as being helpful. That was unsettling for me!
If a company isn’t concerned about privacy, how much effort are they putting into website security?
Hacking is huge, with personal information stolen, aggregated and sold on the dark web. At one point +/-1000 spam email a day landed in my in-box.
Our credit card bank sent us new cards several times in the last few years - not because our account was hacked, stores we shopped at were - Home Depot and Target. If they have security problems, you bet these comparably tiny companies can.
Cardmaker2, your creepy story has Facebook and data collectors (companies) written all over it. A similar example was given in the book “Zucked: Waking Up to the Facebook Catastrophe.” Worth reading, or listening to an interview the author gave. An investor, he worked with Zuckerman.
He told about two women who didn’t know each other who chatted during a concert. Shortly afterwards their info appeared in each other’s FB feeds. It’s worse. Facebook set up Internet access in a poor country. Of course people were unsophisticated about the internet. An onslaught of lies one group posted about a minority group caused attacks with hundreds killed. (Even here people believe absurd lies on FB, Twitter, etc.)
Here’s an interview I found with the author. Just hit the arrow on the page. And in the top right corner a small box has the start/stop buttons for pausing: Why We Keep Forgiving Facebook : NPR
It may seem unrelated, but it all has to do with loss of privacy, security, hacking. And no, you are so not overreacting. Just my take: YMMV!
Thanks for your supportive comments. I started to think I was Henny Penny and no one else would share my concerns. I haven't spoken directly to the company owner but have been dealing with more than one customer service rep regarding a botched order. I mentioned my concerns during those conversations and was basically dismissed.
I have an email address just for blogs and newsletters and I use it every time I am prompted at a website. I get lots of junk mail and empty it out every morning when I am checking my actual email address. I wouldn't really care, I don't think, if my email was in a crafty newsletter. Whats the worst that could happen, I get more junk mail? Maybe I'm missing something - is there something horrible that could happen and I just don't know it? I guess I figure the majority of websites sell or share your info anyway even if they tell you they don't.
That's just it. You have a dedicated email for this. If it got hacked and you shut it down-it isnt the end of the world. That's actually pretty smart of you.
Many people only have ONE email address. If it gets banged-that's a big problem for them-esp these days with doctors and hospitals all emailing us too to pre-register for appts etc. Having to go around and try to remember who all has it would be a nightmare to me.
I have 4 addresses for this reason. One is my "public" one -like misc companies or whatever. Separate from my family, friends, etc
Good point. If they are sloppy with your security, I don't know how much better they are with their own.
I am also having a problem with the attitude they are giving you about it.
Really, I just think it is lazy on their part. And it is stupid frankly. All any online company needs is for a damaged customer to start telling people...or even just that there is a risk.
Ugh. I cant even....I hate FB and his arrogant flippant attitude about having changed people's private info into public w/o permission. How dare he? I am SO glad my profile is absolutely the min and half made up. I have NO choice if I want to keep up with some family members.
You want to freak yourself out-watch the documentary Terms and Conditions. After that DH looked at me and asked if we could live without the internet period.:shock:
You want to freak yourself out-watch the documentary Terms and Conditions. After that DH looked at me and asked if we could live without the internet period.:shock:
There's another one on Netflix called The Great Hack. Once you see that it will be like all the little puzzle pieces falling together. My children are that perfect age where they were growing as technology was growing so I had a responsibility to them to stay up on things. There is volumes that I don't know but I do know that everything that anyone needs is already out there. That genie was let out of the bottle a long time ago. I would bet that most cases of identity theft aren't because a person was careless but more because someone they trusted had theirdata compromised.
__________________ "For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack" ~Rudyard Kipling my gallery
This is so long. I am sorry. This is so important to me. This is probably the most important thing to me in the world.
I know a few of you already know this about me. I do freelance cybersecurity. I am a hacker. I am not a cracker or those other bad ones. I do hack legally. I am the one companies usually go to for the final stages of things being released.
I mean no ill or slamming for any companies. I think a lot of smaller websites have a false sense of security. I do understand that. It's my job to uncover these things so you all can have that sense of security. As an assault survivor I want people to have a false sense of security. I know how it feels not to have it. I hope I explained that without it sounding mean or slamming a company.
I do get concerned when I see a company such as this example. It takes a what I will call a level one hacker twenty minutes to undo all those asterisks. I can do it in thirty seconds. Level 2 can now get your passwords, level three is now has your home address. Level 4 now has your credit cards. Level 5 now has your personal medical info. All from a simple newsletter. All done in one hour or less. I can do a level five in five to fifteen minutes top. That is a government agency I can hack that fast. That's why companies and agencies use me to see how fast these crackers can exploit vulnerabilities. I am explaining this in laymen terms, of course there is a lot more to this.
I don't write this to brag about how fast I am. I am really trying to show businesses and individuals about how serious this is. We worked so hard for our things. NOBODY has a right to them. NOBODY has a right to take our safety and security away. Crackers are fast. Nowadays they are on teams. Large teams that do a large amount of data. It's not the high school kid setting in his room any more. There is still that but it's done more professionally now with servers set up all over the world.
I have seen some pretty scary things and I am just hacking things that are test. This isn't real people. Even the "fake" people things I have seen is just scary what I can uncover and retrieve.
Internet Brands of course has to comply. This is who hosts SCS. They are doing a really good job of it. I do hope smaller companies reading this please add better security protocols.
I do really understand. You want your customers to feel familiar and appreciated. I know it's expensive to pay your hosting companies. I know it's also very time consuming. Pretty please I beg you don't be lax on security with your company.
I promise this is not a rant. It is just a begging please, please, please be more safe. I don't want to see anyone get hurt. I am a professional in this industry and I have been hacked three times. Three times, big massive times!!! Trust me I get lax on sites too. It's just human nature. Three times I got hacked I had my security protocols set very high and they still got in. Luckily because they were set high my family was not hurt as others were. Those were the big hacks that made the news.
I had subscribed to their newsletter because I was lured by the chance of winning one of their gift certificates. Then a few months later, I unsubscribed because of two things: one, what you mentioned; two, the sheer amount of email I was getting from them.
DeeAnn, thank you for bringing that to everyone's attention. I think people nowadays assume it will never happen to them, but we should always try to be as careful as possible with our digital info.
Please also keep in mind how many people and companies have your email address - not even considering that it can be "hacked" easily with the **'s. Imagine how easy it is to get your info when they already have the whole address. I'm not trying to minimize security, I just don't like seeing people overly worried. Personally, I don't think there is a need to be worried or scared or "outing" a company because of a mistake like this. We all make them and, as I said, how many people that you don't know have your email address? How many newsletters, paypal transactions done on this site and others, how many blogs, utility companies...I bet it's a long list.
__________________ "For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack" ~Rudyard Kipling my gallery
It’s not the mistake. You’re so right, any person, any company can make a mistake. It’s the cavalier attitude that raises a question of how far they go to maintain overall security on the website.
Most websites can be hacked into by someone with enough chops, so we’re all taking a risk, but I’d rather buy from a company that shows they try to maintain security and keep information private.
For me it’s not about outting punitively. It’s that I rarely visit company blogs and would rather stick with companies that haven’t given me a reason to wonder about how serious they are about security.
My hair salon owner was cavalier about privacy, and used the cc column in emails for hundreds of names. (It should be bcc. We were taught that in the 1980s!) Unless something has changed - DeeAnn? - if any recipient’s computer has been hacked and has a virus, all the email addresses can be gobbled up.)
Like in Annie*’s post, her casualness made me wonder about overall security. So I asked my stylist to remove my record and I pay in cash. (I’m probably still in their system somewhere, but not for the last couple years and our credit card has changedl )
I have an email address just for blogs and newsletters and I use it every time I am prompted at a website. I get lots of junk mail and empty it out every morning when I am checking my actual email address. I wouldn't really care, I don't think, if my email was in a crafty newsletter. Whats the worst that could happen, I get more junk mail? Maybe I'm missing something - is there something horrible that could happen and I just don't know it? I guess I figure the majority of websites sell or share your info anyway even if they tell you they don't.
My IT department sent out a newsletter one time encouraging us to have several email accounts. One especially for signing up for these companies. I have 2, my good email account and one for stuff like this.
That’s a good idea when possible. The account of mine that was slammed with spam for a good while was my business/consulting address, so changing it or using another one wasn’t workable.
And while a different email address nicely avoids spam going to a personal address, and if it’s spammed too much you can switch to yet a different one, all mail goes to the same computer, so a separate address does not necessarily protect the computer from viruses/being hacked.
No, we don't want to out the company. I don't even know what company it is. I want and imploring the company to be aware and take steps to fix these issues in the future. I have very high confidence that they will. I know you SCS girls I am sure one of you sent a link to this thread to them. ;) I don't want them to get hacked either. If they do get hacked the financial loss could destroy their company. I am assuming this is a small company that could not recoup like a bigger business. I don't want to see this said business lose their livelihood because of crackers.
Please, even if you are tempted don't out the company. I have seen a lot of smaller businesses never recover from a breach and hack. Everything I wrote in my above post was for them also to protect themselves. I was thinking of their safety when I wrote my post.
bjeans- Yes, you are right about your hair dresser. She also shouldn't send BCC either. BCC is a five second hack and you have two hundred email addresses. You don't even need a virus infected computer.
jah636- You should have several e-mail accounts. They should be unique and not similar. You have a good IT department.
There has just been a recent data breach- Absolutely humongous data breach exposes more than a billion records I checked my two billion email addresses, lol. They were fine. There is a link in the article to check. As you can see from the article this happened because of a server that was not password protected. That is more common that most realize. It can be something weather related or just a simple IT tech was tired and forgot to reset.
I received an email from the company regarding my order and they also addressed the email issue. I think they will be making some changes in the future. Hopefully there will finally be positive changes that benefit the security of their customers.
I’d like to know the company name, not to broadcast it, but to leave it off my list for now.
If someone wouldn’t mind sending me a PM I’d really appreciate it, and will not pass it on.
I agree with not slamming companies, but protecting ourselves is also legit. And we’ve shared our own difficult experiences about specific companies here.
In any case, maybe their website is fairly secure, and it’s just their contest announcements that needs to be changed.
ETA: The name was PM’d to me, so thank you!
ETA means Edited to Add. (A few people were saying so many abbreviations weren’t loved, so defining.)
Last edited by bjeans; 11-24-2019 at 08:44 AM..
Reason: ETA
Looks like the company may have made changes...I receive their email daily and today's only included the winner's name and not the poorly disguised email address.
Does this bother you?
