Two highly profiled attacks on email marketing services were recently performed by hackers. These services are Aweber and iContact, and each was hit within 30 days of each other. Both are email marketing services providing business solutions to online businesses and websites. Professional email marketing is a legitimate business, and worth the marketing dollars allocated by businesses interested in utilizing the internet for marketing purposes to lure customers.
Professional email marketing services require subscribers to choose to option to a subscriber list. In short, legitimate services want consumers to willingly subscribe to the business listings themselves before the business actively adds them to their marketing consumer email lists. In this way, the email addresses of the customers are used with permission by the consumer. This is in opposition to spammers who harvest email addresses, import them into an email marketing service and then start spamming those listed with products and services they have never intended to hear about.
When a company offers opt-in options to the consumers, the consumers are expecting to hear from the company and will open subsequent emails sent by the company in its marketing efforts. In this way, the customers know that the correspondence from the company is legitimate content and not just spam from unknown sources.
Many people who are leery about subscribing to lists in the first instance, had registered for companies using unique email listings. For example, if a consumer was approached to register for a pet company, that customer would register as email@example.com, and for a car company at firstname.lastname@example.org. When Lisa the consumer noticed getting spam emails, she knew that these had to come from single sources, since she had taken the effort to uniquely register on each site that had interested her in the past.
This was the case with Aweber and iContact when their systems were indeed the subject of hackers. Both companies noticed that their subscriber email systems had been compromised, although their customer account and billing systems seemed secure. The hackers knew that many people set up email addresses the way our example consumer Lisa had done – tracked with unique email addresses for each site she registered on. And, the hackers also knew that they sat on a virtual gold mine of valid real life email addresses from unsuspecting consumers as well. The hackers held the keys that opened the door to the customer data. Unfortunately, the servicing companies were unable to get that door closed again, and the hackers won the first round.
Many people use only one email address for family and friends, and take no notice when they register on websites for products, services or even to get information from a website. Some people have the same email address that they have had for years, original email addresses with shortened usernames (ones that they could never get today). They would never consider changing these addresses, and the hackers are counting on that fact to spam them now and later in the future.
Email marketers are taking the fall for this one. The consumers expect their information to be kept secure if they tout "secure" websites and registration forums. In the larger scheme of managing hackers, Lisa will just receive a couple more spam emails than usual, after this type of incident hits the internet. Hackers will most likely use compromised servers and botnets to send their spam messages, and the computer Lisa uses at home and work will most likely find the spam and block or delete it before it becomes an issue for her. It just shows that spam and hacking are a reality and all a part of doing legitimate business on the internet.