We all freaked out a little bit last week over what may have been the worst breach in e-mail address security ever. For me, the rolling thunder of annoyance came in the drip drip drip of e-mail alerts from a number of companies with whom I’ve done business saying that the address I had shared with them for limited, specific purposes had been acquired by a hacker.
A bigger story emerged only later: These were not individual notes, but rather a symphony of breach because e-mail addresses from lots of customers shared with lots of companies were all stored in one place, a company called Epsilon.
Most people probably didn’t realized they had agreed to share their addresses with Epsilon, whose business includes managing marketing mailing lists, by virtue of the contracts they have with thousands of retailers. Nobody really reads privacy agreements and the terms of service because — and let me make a bold assertion here — they are needlessly long and verbose precisely to deter anyone from attempting to do so.
So the circumstances made it possible, a la Oceans 11, to do the cyber equivalent of robbing three casinos by breaking into a single, not quite impenetrable vault.
There could be cause for some concern. It’s possible that your e-mail address could be an important puzzle piece for identity theft. But by far the most likely worst case scenario is just plain annoying: You’ll get more spam, and a lot of those are sent to trick you into selling yourself out.