Writing

Feed Software, technology, sysadmin war stories, and more.

Sunday, August 10, 2014

Compromised customer databases

Long ago, I used to buy tech stuff for work from a company called CDW. I also set up a "tagged" e-mail address which only was given to them. Nobody else had that particular variant. I also never sent mail from it, since it was only used for inbound order confirmations and the usual one-way gunk associated with buying online.

This went fine for a long time. It was a clean address which only got mail from the one vendor. Then, one day about 10 years ago, it changed. I got mail from "MNJ Technologies Direct". This to me had "data leak" written all over it. I looked them up when this happened, and it turned out both companies were based in Illinois and were only about five miles apart.

At the time I figured it was either two branches of the same bigger (hidden) company, or some rogue employee had sold them out. This same pattern had just happened with other well-known companies, so it wouldn't have been much of a surprise.

I reported it to CDW and (unsurprisingly) never heard back.

Well, I have a long memory for these things, and this whole story randomly resurfaced today. A quick search of the web turned up a great bit of data and it all makes sense. The web of 2014 has sites where people review their employers. One of these reviews... is for MNJ Tech. What does it say? This:

Almost all of the sales people come from other VARS. 90% are from CDW. Upper management is from CDW.

It all makes sense now. Some sales type obviously jumped ship and took some or all of the customer database with them. Go watch Mad Men reruns: it happened then and it happens now.

I like closure to mysteries even if many years elapse in the middle.

What can be learned from this? First, databases leak. Constantly. If you use a tagged e-mail address, you will eventually have this happen. If you don't have one, well, it's probably happened but you can't tell.

If you have a list of customers and any employees, you have a non-zero chance of a data leak, whether from inside or outside. You might not know this has happened until one of your fake customer accounts is contacted. You do have fake customer accounts which act as canaries, right?