On 3/13/2000 at 9:38:25 AM, I bought the Bundesbahn Pi font from Adobe (yep, back then they were a font company).
On 10/31/2013 at 11:36:01 AM, I got a spam because of that purchase.
I knew that the spam was Adobe’s fault because I give everyone a very special email address. I never give out the same address twice and I keep track of who I gave each and every address to. This way, whenever I get a spam I can look up what address the spam was sent to and know who to blame.
Sometimes companies leak an email address on purpose by selling their customer list. Sometimes they do it unintentionally when they accidentally publish the list in a public document. But usually the leak happens because of a a security problem – either someone with access to the list got a virus, or the servers that hold the list got hacked into. Sadly, it happens all the time.
I was therefore not surprised when I saw Adobe’s announcement that they were hacked. At least they found out about it and acknowledged it. Most of the time when I get a spam on a special email address, the company that leaked the address is unaware and uninterested.
Here is the telltale spam…
From: Oolya <email@example.com> Sent: Thursday, October 31, 2013 7:36 AM Subject: Olechka How is it going? Hello!!! My name is Olia! I look for a second half. I love fitness and arting.. Reply me letter on firstname.lastname@example.org Regards, Olia.
If you’ve ever given your email address to Adobe, you probably got a spam like this too.
If I were a big company, I would sprinkle lots of special email accounts and username/passwords around my systems, and then keep a very close eye out to see if they every get used. At least this way I’d know something bad was happening, and maybe I could use the info about what got leaked and when to figure out what happened.