Customer databases are hacked more often than you might think

Although I can’t prove this – only the biggest of companies will admit to the most egregious data breaches – I’m convinced there’s a near-constant theft of customer data happening from improperly secured servers. And I’d bet that in many cases, the company involved doesn’t even realize it. Hackers don’t make their presence known unless they have reason to.

How do I know this? I use unique email aliases whenever I give out my email address. I use catch-all email forwarding for jasondunn.com. So if I sign up for something from company XYZ, I give them xyz@ as my email address. It’s hilarious when I do this in person, watching the expression as people try to process it. 🤯 They sometimes think that I work for their company. 😂

I do this to have some control over incoming email; every email address becomes a “burner” that I can throw away by routing it into an inbox with only 1 MB of storage space (so it bounces all incoming email at this point). I have easily over 100 email addresses that are routed this way. These email addresses are compromised in various ways: some are shared/sold to other legitimate companies (“cross marketing”), some keep getting email even after I’ve tried to unsubscribe, and some are used by spammers/phishers like this one below.

I’d contacted Congressman Adam Smith via his online contact form, using this unique email address that had never been used anywhere else before, and a couple of months after using it, I started getting repeated email spam to that alias.

I’ve seen this many times before; I used to try and follow up with the company to point out they might have a problem. Once, years ago, when I did this with an online reseller of Roomba products, they got back to me and confirmed that they did in fact have a security breach and customer contact info was stolen – and they hadn’t realized it. It’s more efficient now for me to just rout the compromised email address into oblivion than to try and make the case that my info was compromised by a third party.

This type of issue happens several times a year to me, so I’m glad I have the ability to control the inflow of email. It will be very hard to go back to the “regular” way of doing email if I ever can’t do an email catch-all…🤔

Leave a Reply