What Really Motivates List Thieves
Silverpop was put on the defensive again last week when Play.com CEO John Perkins claimed that spam his customers received was probably the result of a months-old data breach at the email service provider.
Silverpop received a slew of negative press in the tech trades when the breach was first revealed last year. And Play.com's recent warning to its customers has prompted a new round of less-than-favorable press for Silverpop.
But while it has had the honor of getting the most press over stolen email files, Silverpop isn’t remotely alone.
The entire industry has been under attack for more than a year. Clearly, clean email lists are valuable enough for someone to want to steal them. But with spam filters likely to identify messages resulting from the thefts as spam and block them, what is it about these lists that makes them so valuable?
A plausible answer from an expert appears below.
First, some background: On March 20, some Play.com customers reportedly received spam at addresses they only used at Play.com.
“We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps,” stated Perkins. “We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider Silverpop.”
This latest development led Silverpop to release the following statement: “Silverpop was among several technology providers targeted as part of a broader cyber attack that occurred in the fall of 2010. At that time, we very quickly stopped the attack, notified all customers impacted by the activity and began working with law enforcement and third party security experts to help identify those responsible and take any additional steps necessary to ensure this did not happen again. We are confident that the breach last year remains an isolated incident.”
Meanwhile, TripAdvisor has also issued a recent warning to its customers that its email list has been stolen.
“We discovered that an unauthorized third party has recently stolen part of TripAdvisor's member email list. We're taking this incident very seriously,” said a statement on the site. “We've identified the vulnerability, shut it down and are vigorously pursuing the matter with law enforcement. We sincerely apologize for this inconvenience.”
TripAdvisor signed on with email service provider ExactTarget in 2008.
ExactTarget did not immediately return a call for comment.
Last November, Return Path CEO Matt Blumberg published a post on CircleID saying the email-service-provider industry had been under attack for almost a year leading to multiple systems breaches and that Return Path’s systems had also been breached.
Email service provider AWeber suffered a breach in late 2009.
Clearly, the entire industry is under sustained attack.
Laura Atkins, principal at email deliverability consultancy Word to the Wise, has a plausible answer.
“The simple answer is that the list thieves are after valid email addresses that are deliverable. They can then sell them to other companies,” she wrote in an email exchange with The Magill Report. “They never have to send the mail to make money. If the victims/customers end up getting blocked, who cares?”
Author’s note: There’s a lesson here for marketers: Don’t buy email lists. Purchased email lists are worse than worthless. They’re dangerous. If Atkins is right—and I suspect she is, given it’s the only plausible answer I’ve heard so far—it means if marketers stop buying lists, the market will dry up for list thieves.