Don't do anything online that you absolutely want to keep private.Case in point:
I was looking through the form submissions to my company's web site. There is consistently some percentage of submissions that are auto-submitted SPAM. Sometimes, it's obvious and sometimes not.
Today, I was researching one submission and googled her name and email. The search brought me to a page that listed a spreadsheet of form submissions to another site - complete with names, email, phone numbers, and comments. Some obvious spam, but others obviously real.
They're showing up because of a technical glitch or security issue on the site. The google search brought me directly to the site's administrative page with no logon.
What makes this story interesting is that the site is a Las Vegas escort service and some of the form submissions read as follows:
- From a student (@uwec.edu) - "very interested"
- From a student (@wvu.edu) - "I need a price on ____"
- From someone claiming to work at Microsoft - "Hi, I'm planning a trip to Vegas with my fiance but I wanna get away from her for one night. What is the limit to your services and who would you recommend? I need a girl with _____. Thank you for your time." (how polite) ...he may not have put his real company, but another quick search found his email address with a profile telling me that he lives in Seattle(!)
- From a Web Developer in MN - "I am interested in an escort to accompany me to dinner" - (I found his LinkedIn profile because he provided his real company name)
- First, the obvious one - don't trust web sites to keep your information private.
- Second, (to the security practitioners who read this blog) - don't underestimate how willing people are to give up their personal information to even the most suspect organizations.
btw - Who thinks this privacy breach will be reported?