back to article El Reg in email address blunder

Between 8:58 and 10:20 BST this morning we sent an email to 3,521 of you that contained the names and email addresses of 46,524 of our readers. Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry. We would like to offer our genuine and …


This topic is closed for new posts.
  1. Eponymous Retard


    Wonder how many aeons will pass before you live this one down...

    1. Anonymous Coward
      Anonymous Coward


      It's already on Pastebin :( So I think they're pretty much NEVER going to live it down!

    2. This post has been deleted by its author

      1. Fryerman

        Well, that's an easy one; 'coz they're reporters. It's their job to report on that sort of stuff. Don't confuse the hacks who do the stories with the tit in the IT dept who caused this fuck up. It's good to see them own up and follow the correct procedures.

        1. raving angry loony

          quick on the trigger there Fryerman.

          Pretty quick to blame the "tit in the IT dept" aren't you sunshine? Why would someone in IT be sending out emails though? It's more likely to be someone in marketing or management - that's my usual blame target. People who don't listen to IT tell them for the Nth bloody time to not do it that way.

  2. AceRimmer

    How many

    "46,524 of our readers."

    Personally, I'm just astonished that you have more than 50 readers!

    1. Jim jimminy jim jim jim jim

      you need to type more carefully, you put the 0 in the wrong place....

    2. dredmorbius

      It's one reader ...

      ... with a very bad case of OCD.

      ... not to mention talking to myself.

      But I knew that already.

    3. Wize

      And have they let everyone...

      ...who's address was sent out know they won the lucky raffle?

      1. adfh
        Thumb Up

        I concur.. should we be receiving notifications if our details have been leaked?

  3. Samo

    Well, I guess even the hacks ^H^H^H^H^H techies in El Reg can make mistakes in a hurry...

    Are the vultures circling the person who pressed the SEND button?

  4. Anonymous Coward
    Anonymous Coward


    awwww, damn. I didn't get a copy. let me know next time, yeh ?

    1. Fred Flintstone Gold badge


      Well, what's a copy worth to you? Genuine, live email addresses, just waiting for you to send them anything you like. All you need is to make sure it appears to come from The Register, and especially titles like "BOFH" will ensure it'll get opened.

      Actually, no, I'm keeping it for myself. Still have some water in powder form to sell..

      Duh. Duh. Duh. Next time, drink coffee first, THEN start work...

    2. wayward4now

      Me neither!!

      I didn't get a copy either! Now I'm REALLY jerked.

    3. John Gamble

      Re: ffs

      Yeah, me neither. What, I don't rate a good e-mail leak?

      Alien pic chosen as the only good approximation of a pout available.

      1. Danny 14
        Thumb Up


        wonder if I got one, i'll need to remember the logon to the spam hotmail account to do so.

  5. Tom 15



    1. melt
      1. A. Lewis
        1. BoldMan
          1. Dunstan Vavasour



    2. Roger 11
      1. Shannon Jacobs



        Why doesn't the Reg support stronger downstream anti-spam tools to help break the spammers' "business" models? Right now most of the effective anti-spam work is being done upstream by Microsoft.

    3. Anonymous Coward
      Anonymous Coward


      1. Alan Esworthy



    4. Lupus

      I'm not angry, just disappointed.

  6. Whitter

    Hurry schmurry.

    You do know that the system should be designed so you can't do that, right?

    1. Anonymous Coward
      Anonymous Coward

      Easier said than done. Set one flag wrong in a sql query and it doesn't matter how many tests. I'd like to know why the email address was compiled in the first place though.

      1. A. Lewis


        My first thought was "where were you trying to send the list of names and e-mail addresses?"

        1. Nasty Nick

          yes, yes, A. Lewis, this is the big issue on this one,

          Go on, Reg, tell us the truth, the whole truth and nothing but the truth..

          Reg, good that you fessed, but when you've told 3,521 of the nosiest and nosiest readers around, there was no other option.

          But once you'd decided to fess, there was no point fudging, and that explanation is straight from the fudge factory.

          You'd have got more credibility by telling the whole, awful truth. Or, is it that the Reg minion really meant to send out bulk email addresses, unencrypted, by email, but just got the wrong address list!

          And when they realised it was hitting the fan, they tried to kill the send, but only managed to do it after it had got down to the 3,521st address!!.

          I think we should be told.

      2. Daf L

        I'm not sure that the Register marketing department would be setting SQL flags (whatever they are?) or getting anywhere near SQL. I presume they were adding field codes, which should always be programmed to make sure that the sender can see a post merged sample before sending.

        Pretty freakin' poor show if you ask me. A company who goes to great pleasure in sneering at other organisations who commit the same mistake, then doesn't have the same tight controls it 'demands' of others is more than a bit hypocritical.

        I wonder whether the Register would have been so forthcoming in divulging this information if it wasn't so readily going to be exposed very quickly by one of the thousands who received it?

        I'm sure "lessons will be learned", "procedures will be tightened" and so forth in line with everyone else and it will be done about the same time they find $20 to fork out on an SSL certificate to protect your login to the site!

        However, now for some people there will be some nice targeted spam with your name attached and some nice IT related text. Luckily no will fall for the inevitable targeted phishing attacks - will they?

        1. Jobless

          Oh dear

          How on earth are they hyporcritical??

          hypocritcial - of the natureof hypocrisy, or pretense of having virtues, beliefs, principles, etc., that one does not actually possess.

          Key word being pretense - in no way did they show pretense in not wanting to live up to these values .... they just screwed up! You're saying that they never had any intention of repsecting privacy???


    2. Anonymous Coward
      Anonymous Coward

      and if you can do that

      many millions await you. Blocking this from happening would have required a system to scan the content of the message being sent and to detect that it contained thousands of addresses rather than standard marketing material. Maybe not so difficult in this instance, but making it 100% effective would be a challenge.

      The recent Hays cockup was caused (I have it on unreliable authority) <> by someone picking the wrong file to attach from a directory - instead of a standard HR attachment, they got a list of everyone's day rates.

      It's an old but true saying: anyone can make a system foolproof; with some effort and skill you can even make it idiotproof; but no-one will ever make a system cretinproof.

      1. XMAN



        echo 'WARNING: Your email is going out to '.count($email_addresses).' people. Are you sure you want to do this?';


        1. Shannon Jacobs

          They did want to do that

          What they did NOT want to do was include the payload with the email addresses.

      2. The Jester


        Many (decent) firewalls block emails with a large (>100) number of recipients by default.

      3. Anonymous Coward
        Anonymous Coward

        How about...

        A system that scans the email and rejects for further review anything with more than, say, 100 '@' symbols in it?

        1. Anonymous Coward

          Or how about ...

          ... a mailing system that sends one email to one recipient at a fucking time. That's all your mass-mailer should be able to do. For anything else, use vanilla email.

          If your system is capable of including mass customer data in a mass email, it is broken.

      4. Anonymous Coward
        Anonymous Coward

        Been there done that...

        1. adfh

          Big brother has never seemed so smiley and PR video ready :)

      5. Rex Alfie Lee

        I notice the reason you didn't put your name on your puppet is because you have absolutely zero idea of what you speak. The protections to stop this kind of idiocy aren't that hard. Marketing database, check emails against customers, yes 4 thou customers, check respondent companies, check, many companies get our email customers, no, false, stop... See, pretty easy logic. Now please refrain from talking crap...

    3. Anonymous Coward

      Nah, editors should be trained so that they won't do that instead.

      Makes you wonder; is this part of an El Reg plot? As soon as the government comes knocking on their door /someone/ hits this big red "DON'T PUSH" button and all accounts get sent across the Innernet?

  7. Rob Kendrick


    I wonder how long this data will take to appear on BitTorrent. You only need one person out of the 3,512 people to be a shit. And to be honest, that's quite likely :)

    1. Aulty

      email list

      How much could I sell this list for ?

      1. Cliff

        Seeing as it is freely up on pastebin for every spambot to find, £0.00, I imagine.

  8. Anonymous Coward
    Anonymous Coward


  9. Caff

    Managers love incident reports.

    When can we expect the full incident report with a follow up detailing process improvements to ensure no repeat incident occurs.

    1. Patrick O'Reilly

      CC us

      When you're sending off your report to the ICO be sure to CC the rest of us.

      1. Jason 24

        I'll take a BCC cheers

        1. Anonymous Coward
          Anonymous Coward


          Umm, yea, that was the joke.

          Anonymous... until the next "oops".

  10. b166er

    Oh noes! Everyone has my fictitious name and disposable email address.


    Armitage Shanks

    PS Reg, on the very naughty step with you!

    1. Anonymous Coward
      Anonymous Coward

      Dear Armitage Shanks,

      Buy high quality porcelain toilets, low cost and fast shipping!


      Chinese industry spammer

    2. Anonymous Coward
      Anonymous Coward

      Don't worry

      I already know who you are.



    3. Asgard
      Big Brother

      @"fictitious name and disposable email address"

      I do wonder how much longer it will be before state data mining can associate disposable email addresses with real people. For example, I know for a fact the state has been able to identify people on Facebook for a few years now, including finding their phone number when their phone number isn't given out on Facebook and that includes knowing their email addresses and everyone they contact.

      I think this variation on the idea of security through obscurity, of in this case, disposable email addresses, is becoming increasingly less likely to work.

      The state through the endless guise of the perpetual war on terror wants to know everyones political thoughts to find the terrorists among us and that means finding and accumulating the political thoughts of everyone. Terrorists after all are the most extreme political dissidents but then all of us who simply hate the corrupt lying arrogance of the governments and banks are by definition a political dissident, as in disagreeing or dissenting, with the state opinions which they arrogantly hold to.

      Plus more than a few of us show our free thinking dissent of the government on sites like The Register, so the state would happily add and collect email lists from sites such as this, (if they could get them). More educated free thinkers are after all, historically some of the first political dissenters of each generation of governments because they don't blindly follow what they are told. Therefore governments would secretly happily want lists of email addresses from sites with higher percentages of free thinkers and sure there will be a lot of false positives from any list, but that false positive reduces over time as more data becomes available from ever more sources cross referencing with the accumulating data, so its a continuing process of accumulating ever more information to increasingly highlight the degree of political dissent.

      It doesn't worry me and frankly I think the government can fuck off with its greed and arrogance at our expense (literally) and I would happily say that to any MP's face. But I do think the whole idea of a fictitious name and disposable email address is becoming increasingly less likely to work and the state will continue to do all it can to expose everyone to it in every way it can. They are determined to do that, not least by continuing to make deals with the bigger companies to find more information on everyone. I just think its inevitable.

      Of course as usual, the ignorant and the two faced will deny what I've said. The ignorant continue to fail to learn and the two faced don't want to learn, because they secretly want an ever more controlled state.

      For anyone else who doesn't yet know, but does want to see some evidence, check out something called “NarusInsight” e.g.

      Also here's some info on the big databases more countries are build on people, e.g.

      There's many more examples like this I could give of increasing state database building and increasing state spying on all of us, but I think most of us already know this. So I have to wonder why the myth of "fictitious name and disposable email address" is still perpetuated?. It really can't work for much longer and I very much doubt it works even now.

      1. Scorchio!!

        ""fictitious name and disposable email address"

        I do wonder how much longer it will be before state data mining can associate disposable email addresses with real people."

        If the data truly are fictitious then this ought not to be possible. My registered name and address were selected using common sense techniques, including facilities available online. That doesn't mean 'traceably' and it doesn't mean I fell into the trap of selecting data that I somehow liked or chimed with my personal circumstances and ID. How fortunate, because I am one of the "3,521 individuals".

        Interestingly the Register asked me to delete any data I'd wrongfully received, but I don't think I did. However, because I'm mostly unable to spare time for lists and the like I've been deleting all mail apart from that which seemed important; clearly the latter looked that way. A quick check in my password database shows I ought not to worry on my own behalf and I wish the same for others.

  11. Anonymous Coward


    Press the unsend button!

    1. Silverburn
      Thumb Up

      unsend button = Best...invention...eva...

      I'm just left wondering how many companies will claim they own the patent on this, when someone does actually make this practical on normal mail servers (MS exchange's recall facility not included).

      1. Anonymous Coward
        Anonymous Coward

        Re: unsend button = Best...invention...eva...

        Doesn't the unsend button involve spinning up the Goldeneye satellite, though?

  12. Anonymous Coward
    Anonymous Coward

    > You only need one person out of the 3,512 people to be a shit. And to be honest, that's quite likely :)

    These are Reg readers, expect something more original than that!

  13. Barry Tabrah

    Security Protocol

    Thank goodness I only gave you my garbage (see HotMail) email account. At least you didn't post my password, which is unique to this site and highly secure (note to self, must change password - probably add a 1 on the end. Yeah, that'll do it)

  14. Adam Inistrator

    and from

    says it all ...

  15. Aberdeen Angus
    Thumb Up

    When will you be sending it out the the remaining 43,003

    It's only fair.

  16. My Alter Ego

    My faith in humanity has hit rock bottom*

    1). Is the number 46,524 all of your users, or is it a selection of the users?

    2). How do we know if we were included in the list?

    * Well, what little I had left.

    1. Greg J Preece

      I did post earlier that someone wasn't in the list I received, but it occurs to me now that this list is probably compiled from real name fields, and that your comment handles may well be (and it seems, often are) different from the name you input, so I will shut my trap and let El Reg answer from here on in.

    2. This post has been deleted by its author

    3. Anonymous Coward

      Re My Alter Ego

      Re (2) - tell you what; you send me your email address and I'll tell you if it's on the list they sent me ;-)

    4. Youngdog

      On point number 2

      I would say that the fact that I haven't yet recieved a mail from El Reg today could mean that my address was inserted into the content rather than the Recipient field!

      Can anyone at Vulture Towers who knows what went wrong give me some reassurance that I'm mistaken?

    5. Owen Carter

      Yes; that was what I was wondering; should I assume my email is compromised?

      It's not a huge issue to me (spammers have it already) but it would be nice to know. Will you be doing due-diligence and informing all those who have had their mail exposed?

      1. The Wegie

        The emails are in plain text in the body of the message.

        Definitely not what one expects to find in the <emails to ancient account box> in the morning.

      2. Anonymous Coward
        Anonymous Coward

        You're A-OK...

        Just checked and "Owen Carter" is not on the list. The list was supposed to be for a "cloud" webinar so probably not all Reg readers where included.

        For me however... looks like I'll find out just how good my anti-spam filter is :-(

    6. diodesign Silver badge

      1) It's a selection of users, the ones who have at some point opted-in to receive events-related marketing mail from us.

      2) If you're affected, you'll get a message shortly to say your details were leaked.


    7. Anonymous Coward
      Anonymous Coward

      "Is the number 46,524 all of your users"

      As of this moment in time it seems the last registered person was called ashR and he was user 54159

      "Frankie" has the honour of being user number 1

    8. Anonymous Coward
      Anonymous Coward

      If you didn't see this, probably not...

      Well I got an email telling me I was on the list - lets see if it gets past the meoderators:


      This morning the name and email address you used to register for The

      Register was mistakenly sent to 3,521 individuals, also readers of

      The Register.

      We've contacted them asking them to delete the email and respect your


      We are of course terribly sorry for this error and have reported

      ourselves to the ICO. Our initial statement is here:

      You are free to edit or delete your account details here:

      If you have any questions or would just like to rant at us please

      send emails to

      Best Regards

      The Register"

      1. Youngdog


        Just read my own copy of the above email. Ok El Reg this is serious - if I start getting links to hardcore pornography or invitations from young ladies in my area who are 'up for it' then I will, er, hang on a mo, then I will, um, look I am bit busy right now let me get back to you Ok?

  17. Greg J Preece

    Kinda split on this - half amused because it's you guys, but also as unimpressed as I would be by anyone else chucking my info around. I did get a copy, and it looks like someone pasted a big CC set in the wrong field and then didn't proof-read anything... Can we get a "rolling my eyes" icon?

    Did decide to have a shuftie through the list for rude words and spambots, just because I'm a sad shit.

    1. Anonymous Coward

      Didn't proof-read anything?

      That doesn't sound like the standard operating procedures at el Reg at all!

  18. Forget It
    Thumb Up

    lucky I signed with a secondary email conceived only for transient signs ups and to attract spam.

  19. Baudwalk

    "We are in the process of blowing the whistle on ourselves"

    PlayMobil or it didn't happen!

    1. Owen Carter

      This would make a good start:

  20. Eponymous Cowherd

    Shit happens

    But you *will* be informing those who had their emails compromised, won't you?

    1. Elmer Phud

      no, they'll be mailing everyone else by mistake

  21. Graham Dresch

    Simon's Revenge

    ( BOFH episode 15 )

  22. Colin A. Mackay

    I admire your honesty

    ...And prompt announcement that you are human, just like the rest of us.

    So many other companies attempt to make themselves look infallible.

    1. I ain't Spartacus Gold badge
      Black Helicopters

      Human? I wouldn't go that far

      I rather suspect that the Reg staff are emissaries from the planet Vulton, where the Vulture People rule, and are here to enslave us!

      I believe that there plan is to post so many ridiculous RoTM stories, like killer loos and such, that we become inured to the news, and don't notice when the killer vulture death robots are landed, and start harvesting us all for meat.

      I'm not quite sure how this particular security breach fits in with the plan though.

      Perhaps they've decided we're the techno-elite of the world, and this list has been leaked in a transparent attempt to shift the blame when we're all, ruthlessly terminated. Or perhaps it was just a cut 'n' paste error, as they were uploading this targeting list to the robo-death vulture fleet that is attacking at this ver...........

      [sound of static]

    2. handle

      I'm a bit more cynical

      Honesty yes, but necessity born of damage limitation. The mistake would be bound to come to light - so many people know about it - and if the site hadn't put its hand up to it immediately it would have been sunk.

    3. Anonymous Coward
      Anonymous Coward

      They sent it out to 3500 furrytooths...

      ...keeping it secret wasn't an option. Fessing up and paying the price was the only possible course of action. And that price is that the Reg is going to have the piss taken out of them for the rest of eternity.

      I wouldn't like to be the next Reg staffer who has to write a story about a data escape.

  23. This post has been deleted by its author

  24. James Weston

    He's a very naughty boy

    Don't worry, ICO will only give you a slap on the wrist and tell everyone "El Reg is not the Messiah. He's a very naughty boy! Now go away!"

  25. Deft


    I made a mistake once, but luckily no-one ever found out and I covered it up.

  26. Joe 48

    Ok so you dropped the ball.

    More importantly who do I contact to find out if my email address was 'miss placed'?

    1. Greg J Preece

      ME! ;-)

      Your username doesn't seem to be in the list I got.

      1. handle


        I expect you are breaking the DPA yourself by looking through the data, rather than deleting the email as soon as you know it wasn't meant for you.

    2. This post has been deleted by its author

  27. Anonymous Coward
    Anonymous Coward

    Could this be the end of amanfrommars?

    Will his true identity be leaked? If so, who really cares, it's not like he's Batman, now that would be a disaster.

    1. awomanfromVenus
      Black Helicopters

      I got curious about amanfromMars once, there's either a lot of them out there, or else its amazing what you can find using a search engine.

      1. Agent Weebley

        amanfromMars is at

        But I guess you already knew that . . . There are a lot of them out there . . . and growing in numbers.

        It's too bad that El Reg fell apart on that email thingie. I just got word from them about me being on that MegaList. Am I angry? Nah. Maybe they'll give come together and me a free subscription . . .

        1. Anonymous Coward
          Anonymous Coward

          re: There are a lot of them out there

          Agent Weebley@ "There are a lot of them out there . . . and growing in numbers"

          [blank line]

          [blank line]

          I think I met one .. in an Internet Cafe .. apparently the international Freemason-Illuminati conspiracy is shooting electric shocks, through invisible wires, into the contestants on Come Dancing. The dancers idiosyncratic dancing thus directing secret msgs through the television into my friends living room. In order to preserve the evidence he's taping all the episodes. Excuse me now, I need to go and change my tin-foil hat ...

  28. Z-Eden

    <Spultter> WHAT!


    - Disgusted of Tunbridge Wells

  29. Dazzz


    We've heard of it...

  30. Adam Inistrator


    "The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry." is an utterly pathetic excuse by someone without a clue about security. full marks for posting it as news item though.

  31. Anonymous Coward
    Anonymous Coward


    After all the derogatory stories about the ineffectuality of the ICO and the even worse comments this could be payback time for them. Let us know if the put their teeth in for this one.

  32. Remy Redert


    Is what the culprit needs to be. No, not that way. Out a cannon!

  33. John Sager

    Just shows how hard it is to be good

    So, a relatively small organisation, with trained people and its heart in the right place can still screw up under pressure. Not perhaps too surprising. So even less surprising when big, essentially incompetent organisations do the same thing, even when they are not under pressure.

    Hope the Information Commissioner doesn't have to ceremonially thrash you all with a cat 'o nine tails smeared with ghost pepper sauce!

  34. John Brookes

    How incredibly embarrassing!

    ... I've been outed as a reg reader!

    Bad Reg, naughty Reg - wash your mail server out with soap and water, then stand in the corner of the datacentre and think about what you've done..... FACING THE WALL!

  35. Edwin


    It is indeed an impressive list (and yes Neil, I found you on it)

    I agree a notification to the 46k plus recipients would be in order. I can send you a copy if you'd like.

    Sorry El Reg, but there is NO excuse!

    1. Neil Brown

      "yes Neil, I found you on it"


      1. Neil Greatorex

        "yes Neil, I found you on it"

        Double gulp!

  36. codejunky Silver badge

    Accidents happen

    Noting how well our email addresses are used anyway on any site which bundles us up for marketting it isnt really much to worry about. Nearly any site wanting an account asks for our email and thats exactly what this site is too.

    Obviously there must be an effort not to repeat this but I hope you dont give too hard a time to whoever did this (although I am sure they are getting plenty stick).

    And at least you have the backbone to own up to it pretty quick.

    For people who are worried on here I will remind you that nearly every stranger you talk to will ask your name and I am sure you give it. And for every account you sign up to online you have given away your email address. While we prefer to be masters of our own information we unfortunately are not.

  37. Anonymous Coward
    Anonymous Coward

    So I can expect some emails from an El Reg "employee/lawyer" asking me to help him to get the money out of the company for a cut. All he asks for is my banking details, online banking password and I will be an instant millionaire. :-)

  38. Anonymous Coward
    Anonymous Coward

    Pot, meet kettle

    Fortunately I am registered with a keyboard-mash name and a 10 Minute Mail e-mail address.

  39. vilemeister


    At least the reg admitted to it giving exact numbers. More than other companies (ahem*Sony*ahem) would do.

  40. Dave W

    This is becoming an increasingly common occurrence across the globe, and you can bet for every time you hear about such a mistake, there are a few dozen data security breaches which are covered up.

    46,500 people affected pales into insignificance alongside the size of breaches by the NHS and local council authorities for example which often run into the millions of records.

    <exaggeration warning>Chances are, if you've been alive for more than a week then some of your data's probably been leaked somewhere. More than once.</exaggeration warning>

    So, fresh perspective, your name isn't sensitive information. Chances are your email address isn't all that sensitive either (are they both on your business card? You've never lost one of these incredibly sensitive wallet-sized documents, or handed one to someone you don't know right?)

    If it was financial or medical details I'd be livid, but with a sense of perspective it's not all that bad.

    At least the senders of junk mail might start spelling my name right now. And if they know I've got an interest in IT it might even be well-targeted spam. Exciting.

    1. Svantevid
      Thumb Up

      "At least the senders of junk mail might start spelling my name right now. "


      That's the spirit! ;-)

      But I must complain... I got no mail from El Reg (*sniff*) and no extra spam either... I feel neglected.

  41. Heironymous Coward


    I didn't get it - could you please resend.


    1. Anonymous Coward
      Anonymous Coward

      Come on everybody...

      Reply all!

  42. Steven Raith
    Paris Hilton


    Come on, 'fess up - who from the staff is on tea making duties for a month, then?

    Glad I used my old bt account to sign up, all those years ago, though!

    Steven R

  43. Red Bren

    Well done and watch out

    Well done for holding your hands up. Watch out the ICO don't decide to make an example of you.

    Will you be notifying the affected?

    1. Anonymous IV

      Shows what happens when key staff leave....

      This email fiasco would never have been allowed to happen if Sarah Bee had still been working for you.

      1. Alan W. Rateliff, II
        Paris Hilton

        If only Sarah...

        Or, she might give said culpable individual a sound thrashing. Now THAT is most certainly PlayMobil-worthy.

        Paris... why not?

  44. Michael Jarve

    Well done!

    And added to my woes, the spacebar on my keyboard has started to act funny... Coincidence? I surely think not!

    But, as someone will undoubtedly point out, passing along the email addresses of 42k+ furry toothed, not entirely naive or defenseless geeks is not half as bad as say, your NHS leaving about the generous gift of names, numbers, addresses, whatever equivalent of SSN's you have over there, &t, for any old body to pick up, ???, and profit from. To that, I preemptively say: Bull cookies!

    Still, you apparently saw fit to at least acknowledge the, heh, mistake quite promptly, thereby if not minimizing the potential damage and outcry, at least foisting responsibility for what follows on to the owners of these misplaced readers. Trebles all around!

    In other words, welcome to humanity: the race was lost before it ever started.

  45. David Precious

    Shit happens

    Accidents happen - kudos for immediately owning up to it and holding your hands up, rather than trying to downplay it or pretend it didn't happen.

    If the data leaked is just email addresses, I don't see it as too big a deal particularly.

  46. Anonymous Coward
    Anonymous Coward

    I never make these lists


  47. Dabooka

    This is seriously unfunny.....

    It's one thing being outed as a member of the BNP or finding out I sign up for Strictly Come Dancing updates, but if people were to discover I'm a reader of El Reg?

    The shame. I'd never live it down....

  48. Anonymous Coward
    Anonymous Coward

    Can I have ..

    .. the rest of the data? You're not government compliant if you don't lose other information with it such as bank details address, inside leg measurements and any biometrics gathered along the way..

    Ah - there are over 43k users waiting to rub it in.

  49. Stephen McLeod Blythe

    Hilarious irony.

    No point posting anon since everyone here has my email/name now anyway! (or do they?)

  50. newbie1664

    Not fair!

    I only got 46,493 sent to me.

    I want the other 31

  51. Jon Press

    The two-stage send process that is the norm ... was over-looked

    Was "overlooked" or was "actively bypassed"?

    In the former case you need some technical control over sending data to thousands of recipients not just a note pinned to the wall. In the latter case you need a member of staff pinned to the wall.

    Still, congratulations to Team Register for managing to foreswear Liam Fox's enthusiasm for the passive voice - at least until the third sentence.

  52. Stuart 22

    I'll drink to that!

    This is really terrible. I shall be writing to the IPO immediately making clear the only acceptable way El Reg can compensate for this catastrophic error is to stand a pint for each transgression at its local hostelry.

    All attendees will, of course, have the right to a proxy drink for the few unable to find the pub, or London, or ...

  53. Tim Bates

    I got my copy...

    Now I just need to start a competing website and spam everyone about it....

    Was it a complete list of subscribers? I searched for a few old friends who I know used to be subscribers and didn't find them - but they may have long since unsubscribed.

  54. I ain't Spartacus Gold badge

    Your pennace - should you choose to accept it.

    Is to compose a tune, possibly along the lines of Sirius Cybernetics' delightful 'Share and Enjoy'. Then get a choir of a million robots to sing the email addresses and names of all your users, to this new melody.

    Share and Enjoy!

    1. Ugotta B. Kiddingme
      Thumb Up

      Curiously, an edition of the Encyclopedia Galactica...

      ...which conveniently fell through a rift in the time-space continuum from 1000 years in the future describes the Marketing Department of The Register as:

      "A bunch of mindless jerks who were the first against the wall when the revolution came."

  55. Anonymous Coward
    Anonymous Coward

    Well mistakes happen. I know my details are for my fake 'alto-ego'.

    Credit to you for coughing and reporting it ASAP, it's a pitty government and private businesses aren't as forthcoming as you guys when they stuff up.

    Still, based on the PSN story, when do we get or freebies as a sorry?

  56. Vladimir Plouzhnikov


    So my email's on the internets now? Oh, noes!

  57. dcd

    Bring it on!

    I don't care if my email address is in your list. Running a small piss-ant email service for the past ten years with lots and lots of mods of my own.

    It's hard. Fucking rock hard - so bring it on.

    On a slightly serious note: peeps should do a deep search for their email address on a number of engines - you may be surprised to find it!

  58. Rajiv Dhir

    I think you mean 46K ex readers!

    subject says it all

  59. Anonymous Coward
    Anonymous Coward


    You mean my willy wont get any bigger?

  60. Matthew Wombell


    Thanks for the free e-mail addresses earlier. As we're signed up for the DPA too then I'm one person that isn't going to be spamming or selling those e-mail addresses.

    No point in posting anonymously... I'm no longer anonymous anyway!

    But good on you for putting your hands up and telling everyone that it had happened. I'm sure those of us who have this list will be responsible IT professionals... but we know what the chances of that are.

    Let us know what the ICO has to say back...

  61. Anonymous Coward
    Anonymous Coward


    where's my email?

  62. Anonymous Coward
    Thumb Up

    You're forgiven

    Not because it was an easy mistake (there's no excuse, really) but because you owned up immediately and accepted the embarrassment.

    As some others have suggested, it would be useful if El Reg were to post a follow-up article explaining exactly how it occurred and what is being done to make sure it doesn't happen again - as a useful Case Study.

  63. peter 45

    What list?

    Sorry but the list does not appear to have been sent to me.

    If I send you a Memory stick, can you lose that as well please?. Don't send it to me in the post, just drop it outside your offices on the way home tonight and I will pick it up.


    P.S. If the list is encrypted, can you attach the password as well. Cheers.

    P.P.S. Any Local Government Authorities been in touch with a job offer yet?

  64. vagabondo

    Why no outbound mail filter?

    This seems like dereliction of duty.

    Our Postfix servers have a header_checks rule:

    # catch multiple recipients

    /^(to|cc):.*\@.*\@.*\@/ REJECT Multiple "To:" addresses promote spam and identity theft. Try "Bcc:" or use a mailing list.

    I am sure that something similar is available for El Reg's Exim server.

    1. An0n C0w4rd

      @vagabondo you can do that in Exim also, but like everything else you have to WANT to do it first.

      You can also add a dummy user to the address list and any time their name and address appear in the body reject the e-mail, or if it appears in the header with any other address reject the mail.

      P.S. I thought El Rego could time travel when I saw "Posted in Site News, 24th October 2011 10:07 GMT" and "Between 8:58 and 10:20 this morning" until I realised we were still on BST.

      P.P.S. anyone who implements the suggestion in the 2nd paragraph please contact me to pay me my usual consulting rates :-)

    2. Anonymous Coward
      Anonymous Coward

      Wouldn't have helped in this case - the delivery was made via MLM (or bcc'd) the addresses were in the body of the email.

    3. Chris Miller

      It wasn't a cc/bcc error, the list of names and addresses was the (only) message content. No doubt something similar could be set up to block that as well (if a message contains more than 20 '@' signs for example).

      1. vagabondo

        @Pete B, @Chris Miller

        Thanks for explaining what happened. It would be interesting to learn how it happened.

  65. Adam Foxton

    I assume

    that 'Lessons will be learned'. That the person in question wasn't named implies that they won't be 'reconsidering their position' too soon- probably okay for a simple list of email addresses and names.

    Thanks to El Reg for being honest and informing us about the existence of- and the scale of- the problem.

    I hope the affected will be notified?

  66. Stuart Elliott

    I didn't get an email

    Damn it, I demand a refund, I didn't get one.

  67. Anonymous Coward
    Anonymous Coward

    Least it doesn't leak....

    Or link all the details of your friends, possible connections, browsing habits, address book, pictures you may be interested in our suggest that you may like something or someone. Seems pretty tame compared to face book and linked in.

    Was steve ballmer, bill gates, zuckerberg, assange and steve jobs on the list?

  68. Dodgy Pilot

    Oh quit worrying and whining... it's not like El Reg could possibly have spelt them correctly anyway.

  69. ratfox

    Quick, lemme check my never-used-crap-web-based-mail...

    Shoot. I am not one of the 3,521... Will you notify the 46,524, so that I know I should change to a further crap account, just for safety?

    I think my new address will be: ""

  70. Anonymous Coward
    Anonymous Coward

    A couple of followup articles could be interesting. How the mistake happend in the first place and what steps you are taking to ensure it doesn't happen again would possibly be helpful for those who are also responsible for maintaining large mailing lists.

    Also an article on the process of informing the ICO and what they say / do could also be interesting.

  71. Allan 1


    Shit happens. I accept that mistakes happen, congratulations on being honest and coming clean about it.

    You will be contacting those who's emails are compromised, won't you?

  72. NoneSuch Silver badge

    Someone screwing up is unfortunate, but it happens to everyone eventually.

    That you are responsible enough to tell your readership publicly and immediately own up to your error in full is admirable. It is a rare thing nowadays for someone to take such action without lawyers and spin doctors getting involved. Thanks for that.

  73. Snark


    That's it, I demand a full refund of my remaining subscription. What? I don't pay? Oh well I guess I can't be too hard on you then ;-)

  74. Andrew Moore

    Better late than never...

    My copy has just arrived... (14:10pm)

    1. Andrew Moore

      and another copy at 15:52. El Reg must really want me to have these email addresses.

      1. Andrew Moore

        Okay, now on my sixth copy- 2 more since the apology.

  75. Mr Young


    or it didn't happen!

  76. Ben Holmes

    Shame. I even checked my spam folder, but alas there was nothing there, aside for the usual opportunities to work from home, 'health supplements', and a badly spelled email from the Inland Revenue which, all things considered, I don't think came from the Inland Revenue.

  77. TeeCee Gold badge

    The joke's on you.

    As a result of this, *I* now get to collect $65m from the estate of the late Colonel Gaddafi! I suspect that if that nice, god-fearing lawyer hadn't had my email address, he couldn't have got in touch with me.

    You might have got the money if you hadn't been so careless.......

  78. Anonymous Coward
    Anonymous Coward

    I really am Anoymous :)

    As per suggestion I googled my email address and there wasn't a single result.

    1. TakeTheSkyRoad

      Not anymore.... since you gave your email address to google ;)

  79. Anonymous Coward
    Anonymous Coward


    ...who's been staked out for the scorpions?

  80. Anonymous Coward
    Anonymous Coward

    Bit of clarification please

    Does this mean the email addresses of *all* your registered users have been broadcast to world + dog?

    1. diodesign Silver badge

      It's a selection of users, the ones who have at some point opted-in to receive events-related marketing mail from us. Quite small compared to our overall user base but that's absolutely no excuse.


  81. Ian Ferguson
    Thumb Down

    Full disclosure please?

    I'd like to know what mass mailing software or service you use and why it allowed this.

    I know you don't HAVE to tell us that, but it'd help to know what kind of shit product allowed someone (whether an idiot in a hurry or not) to send the email.

  82. Chronos
    Thumb Up

    Well done

    See, you lot, this is how full disclosure is done. Hands up, we ballsed up. Anyone can make mistakes; it's how you own up to them that inspires confidence.

  83. ScaredyCat

    Your email address is never published

    Can you remove that bit now then?


    1. James O'Brien
      Thumb Up


      I actually commented on that same subject in another article. Nice catch though.

  84. Benchops

    Lieutenant Data he would never make such a mistake.

  85. J. Cook Silver badge

    *golf claps*


    Fortunately, the email addy I use here is just an alias. :)

  86. David Gosnell

    No Register-generated spam yet...

    ... but I did get something addressed to my Digital Photography Review throw-away this morning. I vaguely remember that breach happening, but it's all a bit of a blur.

  87. adnim


    That swelled my email spam database by 46,000+ records.

    Reg readers, expect wonderful product offers from my business delivered direct to your mailbox very soon.

    On a serious note: These things happen, I expect every database into which I enter personal information to be susceptible to compromise or human error resulting in exposure of that data. That's why I have never entered my real name or indeed any truthful, personally identifiable information in any online form, EVER.

  88. Roger Stenning

    "Ah. Waiter, there's an email list in my soup."

    "Shh, everyone'll want one, sir!"

    Well, I suppose it goes to show there are Humans at El Reg, but ye gods, lads and ladettes, don't you think you could have found a less face-slappingly way of proving that one? ;-)

  89. Badbob

    Never needed this icon before....

    Seems appropriate now.

    Given that various organs have already given away my email address I'm not going to cry about the loss of it again.

    I'm sure whoever was responsible will face the usual employer reprimands. Case closed.

    Also, check out my eBay listing for recently farmed email addresses.

  90. 46,524 know who I am

    Not enough grovel in your apology email. Whoever pressed the button should bend over naked and back themselves into a very big door knob.

  91. TakeTheSkyRoad

    I think I escaped...

    .... but if not work can deal with the spam since I signed up using my work email address :)

  92. BernieC

    Oh man.

    This one will will live in the annals of internet history for a good while. Just how many red faces and face palm gestures were happoening at vulture central I can only imagine.

    This will definitely keep me grinning for a day or two.

    Now to keep my eyes open for the practical joke from one wise assed Register reader with a Penchant for evil fun.

  93. MooseMonkey

    Did I post this, or was it someone using my details you gave away...

    TWATS, that was my favourite alias....

  94. Foose

    And send

    OOoop's ermmm guys I think I've made a mistake ermmmm how do I unsend an email?

  95. rho
    Thumb Up

    Thank goodness!

    Will this be the end to my crushing loneliness?

  96. Chris Beattie


    That would have been my pick for the subhead, heh heh.

  97. This post has been deleted by its author

  98. Geoff Thompson


    I got the email and I was on the list. If I get any spam or phishing emails I intend to sue El Reg for every penny it has, because of the immeasurable stress and upset. I have heard of these horrors of course, but would be deeply traumatised to actually see one - in my own inbox!!! I'm sure I would need weeks of therapy. Even so, the Reg recipient who passed on the list it quite obviously sub human. Why does society provide internet access for swamp dwellers? The spawn of Satan indeed.

  99. The Gopher

    Hmm a new play toy for the BOFH

    OK I think the speed merchant needs to go have a word with the BOFH...

    A light BOFH tasering followed by a halon shower should sort him out...

  100. Anon the mouse

    I got the apology email but not the list..... not that I'd notice it that much in the sea of spam.

    1. Anonymous Coward
      Anonymous Coward

      Me too

  101. Eurydice Sophie Exintaris


    Well done, lads. Wonder how you'll manage to poke fun at those who forget briefcases on the trains from now on...

  102. chizz

    who were the chosen few ?

    I understand that the 46000 subs were those, like me who have opted in to stuff, but who are the 3500 recipients tha the email was sent to, and how were they 'chosen'

    1. Bernd Felsche

      Just guessing...

      The a's and the b's most likely. After that, somebody may have noticed the outbound mail queue with 40,000 messages, each almost 2MB in size. Or maybe a snarky comment on "Privacy blunders by UK biz soar, websites least trusted", or my email to a body @theregister.

  103. Anonymous Coward
    Anonymous Coward

    Ha ha!!!

    That is all

    And Global Warming is true. If you can be wrong about sending emails you can be wrong about Climate Change!

  104. Scrufter

    How very British

    Had laugh at the phraseology of the email

    "We are of course terribly sorry for this error "

    If this is the worst thing that happens to me I will class this as a good week

  105. Mikel
    Black Helicopters

    No biggie for me

    Knew better than to give out my right name for a comment forum anyway. Regrets to all those who lost out on this one.

  106. James O'Brien

    well then

    It so appears I was one of those who was included in the email but didn't get a copy.

    Dear El Reg,

    The next time you want to send out an email to me with my email address viewable to world+dog please include me in the mailing. I have this feeling that I missed out on a very lucrative $75 million deal from some relative in some country that I have never heard of. Ttfa

  107. al 3
    Thumb Up

    A mistake !!!!

    I nearly made one of them once.....................

  108. Anonymous Coward
    Anonymous Coward

    'Your email address is never published'

    i did have the honour of being featured on the list. thanks chaps... like i don't get enough shite in that inbox already.

  109. rpjs

    To err is to be human

    But so is to have a touch of schadenfreude, seeing as El Reg hauled the company I used to work for[1] over the coals when we did exactly the same thing a few years back.

    [1] The fact I don't work for them any more has absolutely nothing to do with said incident.

  110. Ignazio

    There is still a checkbox that allows to post anonimously...

    ... Irony?

    You know you're never going to hear the end of this, right?

  111. Cypherous


    Well worse things have happened, accidents happen because we are human i'll forgive you :)

  112. Anonymous Coward

    My new handle


  113. Anonymous Coward
    Anonymous Coward


    Thanks for 'fessing up (I'm on the list and got the apology) and thanks for acting promptly.

  114. Anakin
    Thumb Up

    Tnx el Reg

    It was nice to see that you regret your misstake.

    It was so good you alerted me about the problem.

    I'm from Sweden and no news site has ever regret or even notised me about errors like this.


  115. proops
    Paris Hilton

    Will we be seeing a Playmobil reconstruction?

    This is exactly the reason why I use hotmail to register for websites...

  116. WW

    Spoofed email

    I just received a spoofed email, obviously from someone who has obtained my email address from somewhere.

    And the email content ... it said that El Reg had coughed to releasing a part list of its readers' email addresses.

    ... do I hear the distinctive sound of glass tinkling in the distance ???

    1. Anonymous Coward
      Anonymous Coward


      Wow! Spam exists. Shock horror. Get off the internet if you are so easily offended

      1. Mips

        Has anyone got the patent on the Anonmous Coward mask?

        The first time a saw the mask was in a film, I forget the name but I am sure you will help, anyway it is a Guy Fawkes mask. The point is that they are appearing everywhere. Who own the IP right is the question and of course are we going to see a "Storm trooper mask" fight?

  117. garhol
    IT Angle

    Ho hum

    Where's the IT ang...nevermind.

    So, will be BOF be dealing with this? ...or was he responsible?

  118. Carlos TuTu III

    for fuck sake

    I'm really fucking angry about this.

    I had two addresses on that list and still didn't get picked, it's like the Olympic farce all over again.

  119. Sly


    so that's where all this new spam is coming from today.

    Mine's the one with the can opener in the pocket.

  120. Trainee grumpy old ****

    I propose a new unit of measurement

    A "Reg": a unit to measure the amount of personal data exposed through human error.

    Not sure why, but of all the sites I thought El reg would be the least likely to fall victim to something like this. I didn't get the original mail but got the apology. Not particularly fussed as I get a fair bit of spam anyway and my mail provider seems to do a reasonably good job of filtering it out.

    Kudos to you for putting your hands up fairly quick

  121. ashR

    Easily fixed ...

    If we all just send the email back, it'll be like it was never sent.

  122. Mehh
    Thumb Up

    Nicely handled

    Ignoring just for a moment the error itself, I think that the response from El Reg really couldn't have been better. Posting the story within an hour, reporting to ICO and an e-mail apology received this evening.

    If you could share the response from ICO and what steps you're taking to prevent it from happening again (in the same way, at least) I think you'd get a perfect 10 :)

  123. VulcanV5

    Price of fame. . .

    Well, stuff going on The Apprentice. Or X Factor. You've made me famous. Fan-tast-ic!!

    OK, I know, not everyone takes that view. Actually, I was talking to a chap called Andrew Crossley earlier today. Used to run something called ACS:Law. He says El Reg's behaviour is unforgivable and appalling.

    However, I now find out, there's something called 'The Crossley Defence'. It involves telling the ICO, in the event of a data breach, that you're actually quite poor, your health is bad, and the pressure of work has led to events beyond anyone's control. It worked brilliantly for Andrew, he headed back to his country mansion with Ferrari in the drive and didn't have to stump up a penny.

    I doubt El Reg has even heard of my friend Andrew, but. . . is The Crossley Defence not worth a try?

    Good luck, gang. Shit happens.

  124. lifeexperiencee

    CC and BCC

    My local NHS needs some training too about CCs and BCCs - they recently shared my email address with about 100 others. It was interesting casting through the ope email address details seeing who'd survived being made redundant lol.

  125. Anonymous Coward
    Anonymous Coward


    You muppets.

    No longer anonymous

  126. K12

    Could be worse

    I work for a company that has been in trouble with the ICO on several occasions. We receive our monthly pay statements to our individual email accounts but this month rather than receiving our own we all received one managers statement. Having his salary broadcast to the whole company has caused more than a few raised eyebrows.

    By comparison this is quite funny and I felt quite privilaged that my disposable email address has been caught up in this fopar. Thanks to El Reg for the quick heads up and appology.

    1. Anonymous Coward


      What an excellently comical way of spelling it!

  127. Matt 29

    One misake is better than 2!

    On the one hand, don't do it again, on the other, here's why i'm not annoyed. Keep up the otherwise great work!


  128. Richard Bijster
    Black Helicopters

    Nobody gets fired hopefully

    I just hope nobody lost their job. I got the mail and thought, oh well, even those at Vulture Central are human. Don't go sacking anyone over this one.

  129. Combo

    Newest BOFH?

    So I suspect, nay I demand, that a visit from Simon and the PFY will be forthcoming to the individual that was 'in a hurry'.

  130. multipharious

    thanks for the prompt disclosure

    I have been dealing with SPAM for eons unfortunately. One of my associates happened to have my primary private email address in their address book back 10 years ago and they got pwned. Over the years I got to watch my email address get sold to every penis pill peddler and smut shitbag.

    This email address was created for The Register. Glad I had the inherent paranoia back then.

  131. Anonymous Coward
    Anonymous Coward

    why are you all so freaked out?

    You lot are acting as if you've had your personal fettishes outed.

    It's just a bloody email address -- hardly secret -- not exactly your credit card or pin details.

    If you are really freaked out that another reg reader gets your email address, then you shouldn't be on the internet.

    My email address is splattered all over google, my own websites, and email list servers etc. MY spam filters deal with it.

    get over it (anonymous for other personal reasons at the moment)

  132. Dragon


    Always look on the bright side of life....

    If I did get the email, I would have deleted it without looking at it.... Damm wish I read it now!!!

  133. Anonymous Coward
    Black Helicopters


    ... furthermore, I think revealing the actual number of disclosed addresses was a mistake, because it somehow upgrades the potential interest for the site DB, acknowledging it's 46 000+ addresses you'd get there... and not just 5 or 50. Of course the actual number was going to be known, but now it's indexed and all.

  134. David 14

    No big deal...

    Despite all the Chicken Little "oh my god, the sky is falling" crap that many will complain about, this is no big deal. Anyone out there that has some belief that their email address is some sort of private or secret thing is just delusional.

    More so if those same individuals used their so-called private email address to sign up for a free email distribution from an IT news outfit. No offense El Reg, but being an avid reader does not make me believe that giving you my personal bits of info is a good idea.. :)

    Someone at the Reg should be lambasted for the error, and maybe a bit of technical change is in order to prevent this from happening again in the future... but otherwise... no worries! You can find my email on pastebin.... and a million other online places where I use my (anonymous) gmail account!

    1. Master Rod

      Yo! Brain....

      I just don't like people getting into my email. That is why we have passwords...Ahhh! shit! That's it..Change my passwords.....Muchas gracias, bola de pendejos....:-)

  135. Jamchal

    Excellent, it's rare I use my personal email account to sign up to anything, however mistakenly I took theregister, technical journal / blog / news site, of whom I frequently see flaming other tech peddlers for their security mishaps, as one of the safer places to use it.

    1. Idiots, I would suggest a route of leg slapping to those responsible but I'm guessing this has already been undertaken.

    2. Thank you for bringing to light the reality of my own mistakes in trusting any sort of Internet based resource, especially those I initially believe to have the credentials and saavy to respect the privacy of its loyal users.

  136. marc bolan


    Could this explain the 722 emails currently residing in my inbox?

    What contact details does a Barrister require?

    How long's a piece of string?

    Who am I?

  137. Anonymous Coward
    Anonymous Coward

    On the bright side (for you if not for us)

    Since you've thrown yourselves at the (overly) tender mercies of the ICO, you'll get to experience exactly what it feels like to be savaged by an arthritic and entirely denture free canine.

  138. Special Agent

    Sold out!

    WTF?! I don’t think you can send out such a mass emailing by accident, even by "overlooking the two-stage send process because someone was in a hurry". I have my suspicions that it was perhaps sent erroneously to the *wrong* people, for which they are apologising! So, to whom has my online identity really been sold to this time?! *sigh*

  139. Quidam

    Thank you

    just saw an article in the last couple of days: a certified email addy was worth between $1-$20

    thanks a bunch for making easier for some bastard go to the dark side!!!

  140. nekomata

    hmmm, delicious database

  141. Bernd Felsche

    Should not be able to happen

    As one of the lucky recipients, I hope that there was a good reason to hurry!

    Why does the person sending marketing emails have access to the full list of subscribers? That's not necessary, is it?

    If there is a two-step procedure where one mis-step can result in such a bludner, then take the two-step and shred it. Redesign the process so that subscribers are listed as one address; visible only internally to TheRegister and have the MTA use that to retrieve the list of recipients and to send to all

    Limit the size of marketing emails to 5 kilobytes per message. The mailing list message is nearly 2 megabytes.

    I'm not too worried about subscribers seeing my name and email address. But if some malware finds the list stored on their computer/network, then that does create a problem.

    1. Anonymous Coward
      Anonymous Coward

      Yes, glad to see several people are getting the real issues. So everyone makes mistakes, wrong button syndrome ect. and the usernames and emails are no big deal in themslves, except that:

      1) many probably form part of access control for other systems (think eBay, Paypal etc.), so making it easier for the small number of sad gits who will now chuck the list into a smart process that attempts auto login to crack user accounts at commonly used ecommerce systems.

      2) it looks like the bods at Reg are sending bulk lists of user names and email addresses around, plain text , via email, which, if a matter of routine, is really very very stupid. If done by an inexperienced youngster, well we've all done things we shouldn't when young, a roasting is in order, but their manager should be hauled over the coals. If someone experienced, this is a serious professional mistake.

      I suspect it was an Excel spreadsheet or Access DB - can anyone confirm how the list was sent?

  142. poobumwilly


    This is the sort of thing my mum would do... and she's rubbish at the internet!

  143. Brett the Brat

    Reported you to the BBB.

    Thats okay you sent my email to 6500 how many........ damn. I am reporting you to the Big Boodie Businesswomen of America and they are coming to sit on you in numerous uncomortable positions during your work and perhaps fracturing said pencils used to write down my address, this way it will not happen again.

  144. Brett the Brat

    well what the hell

    Apparently this forum has standards and I can only make fun of you in my mind. Whatever I am still reporting you to the BBB Big Boodie Business women of America to go over to the UK and break your pencils so you cant write down my Email Address anymore.

  145. Richard Conto

    You may be a winner ...

    Sadly, I never received a copy of the e-mail.

    I did find your company privacy policy at:

    I think you need to change:

    "If permission is granted, this information may be used to send occasional emails containing offers from our partners. This will only ever be provided to readers who have specifically given us permission to use their information in this way.

    The Register will never use your data for anything beyond the reason stated and the permissions you grant us. "


    "If permission is granted, this information may be used to send occasional emails containing offers from our partners. This will most likely but not exclusively be provided to readers who have specifically given us permission to use their information in this way.

    The Register will probably not use your data for anything beyond the reason stated and the permissions you grant us - again. "

    On the other hand, snarkiness aside, most of my e-mail address(es) have been as public as they get forever. Don't fire anyone on my account - although I wouldn't mind knowing that they were on tea duty (or coffee-pot scrubbing duty) for month.

    I *definitely* would like to know the business case for allowing mass-mailings like this - and I would even more like to know that those executives were going to be buying staff nice lunches and dinners every few weeks for a year.

  146. Anonymous Coward
    Anonymous Coward


    Finally, Mr Bond, my mailing list is complete.

    I don't expect you to talk, Mr Bond, you already have a rolex, so I expect you to buy Viagra!

    1. Anonymous Coward
      Anonymous Coward

      Doesn't Bond

      wear Omegas? </nerd>

  147. Gordon 8
    Big Brother


    Thanks for the email this morning...... Thank you for owning up.

    Just reading though the comments... noticed in the posting section.

    'Your email address is never published'

    I hope the BOFH has a charged cattle prod to make sure it does not happen again.

    Beware any delivery of carpet and quicklime

  148. SteveTM
    Black Helicopters

    The Register aka Angus Deayton

    1 - The Register hasnt yet posted the name of this "someone". At least 3,521 people would like to know it. So come on DATA LOSERS...COUGH UP!

    2 - Wasnt it The Register that accused the ICO of weakness? Oh yes indeed it was back in February of this year. ( )

    I'm sure 3,521 of us hope that the ICO has taken on board The Registers comments back then and upped its competence levels.

    In the words of Alex Hanff from same article "Christopher Graham has, in essence, now created a Data Protection regime where companies will not be held responsible for the actions of their staff."

    Lets hope thats changed since then because I for one am sick of changing email addresses because of blunders by companies who then go through some kind of expensive assessment process designed by the ICO to placate those concerned, with the end result always being something along the lines of "lessons will be learned" or we have asked the company to "make procedural changes". cough-bull-cough-shit.

    In the words of Jim Royle..... "my arse".

  149. skevmeister



    Can you complete the good work you started by explaining exactly what you did to create this cock-up. What stapes are you taking to make sure that this never happens again?

    You've cocked up, you've admitted that you've cocked up. Get top marks for a complete and frank disclosure.

  150. Mips

    Exactly 3,521?

    There's me thinking it was a phishing attempt.

    Please tell us that the passwords are not compromised as well.

    Who was the someone? If my details are out there let's name names.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Exactly 3,521?

      No passwords.

      1. Otto von Humpenstumpf


        "No passwords" -- so I guess we should be grateful for that? Does that mean you're storing passwords, rather than hashes?!

        And stop making yourselves sound like you're bloody heroes for reporting this to the ICO -- it's not like you've had a choice.

        To quote from the email "You can delete your account here" -- fat lot of good that does now... how about making sure your marketing drones learn how to deal with your customers' data instead?

        Finally, thank you for exposing my email address that has been spam-free for the last 10 years or so to god-knows-who.

        So you won't miss out on all the fun, I shall forward a copy of all the spam emails I receive following this desaster to, in order to keep you abreast of all the latest development in todger enhancements.

        1. Anonymous Coward
          Anonymous Coward

          It's a list of the name you gave

          and the email address you gave. As stated in the article. Nothing has been sent deliberately to spammers, nothing has been hacked. From the sounds of it, they just cc-ed a lot of people on the same email. So they've made public information that was already basically public (although obscure) anyway; your name will be included in emails you send, as (obviously) will your email address. Whether they store passwords or hashes is irrelevant- while I'm sure they're not stupid to store them as plaintext, none of them were released! So however they're stored it makes no odds to this story.

          That's not exactly the data leak of the century. Given that "Otto Von Humpenstumpf" on Google turns up nothing but El Reg comments, I guess that you've not even used the same name on other websites.

          Turning themselves into the ICO for a minor breach like this is a good move on the part of The Register- while no leak would be nice, it's good to see that they take these things as seriously as they say others should.

  151. John Sims


    As way of apology I think The Register should donate 1GBP per reg user whose details were leaked to a charity voted for by the readers.

  152. Fading

    So what exactly got leaked?

    Should I expect naked pics appearing in the tabloids? I think we should be warned.....

    Well us and the rest of humanity - what is seen cannot be unseen...

  153. Select * From Handle

    Cheers for the free mailing list :D

    Would anyone like to buy some Viagra?

  154. E.

    Wouldn't have happened with the Moderatrix still there to keep you all in check

  155. metaspective
    Paris Hilton

    Where was the data sent?

    And what exactly happened?

  156. Melanie Winiger


    Were our Pseduo-names included in the E-mail e.g. Tuffers or Tony69???

    That's the only thing I'd lke to know

    1. Anonymous Coward
      Anonymous Coward


      (Anon 'cos I didn't get the email, and I'm not on the list)

    2. Anonymous Coward
      Anonymous Coward


      No, they weren't on the list.

    3. Anonymous Coward
      Anonymous Coward


      Alias and email address. Not good..

  157. It's a me.

    You 'orrible little turd.

    Re "Posting the list to pastebin as we speak.. → #

    How does a bit of your own medicine taste?"

    What an absolute piece of flotsam you are. I hope your next poo is a hedgehog.

    1. Anonymous Coward

      "I hope your next poo is a hedgehog"

      got me :)

  158. ShockedAndStunned


    You stupid, stupid arses.

  159. Sam Therapy


    Oh well, you're only human. I think.

  160. FSS

    I want compensation

    I Want an iPhone 4S as compensation.

    And don't come to me with GarbageDroids or WindowsPhonie.

  161. FuzzyTheBear

    Accidents in the workplace anyone ?

    I wonder if there was a bizarre workplace accident at El Reg the past few hours :)

    you know tape safes and stairways , not to mention elevators are dangerous places ...

  162. ExRLCBod

    your email address is <b>never published</b> - not entirely accurate methinks

    I got the apology but not the list :(

    pastebin post was a windup so no dramas there.

    Kudos to ElReg for holding their collective hands up to ballsup, however, pictures of the offending cretin strung up outside the highest window of Vulture Central are a must i feel. along with a personally written grovelling apology and a suitable amount of time of them prostrate for all aggreived to take a running boot at their backside would go a good way to alleviate the frustration

    fail because ... well it was!

  163. qt101

    Wot a eMail-Cock-Up!

    Sure we can all make mistakes "but this is a wh00per"!

    I find this announcement rather flimsy to say the least! - with no other excuse given other than "Someone was in a hurry and something was overlooked" I was one of those unfortunate people on the list and was notified by the email below and sent to this linked article. Not Happy Reg!

    EMail notice Paste here --> Hello,

    This morning the name and email address you used to register for The

    Register was mistakenly sent to 3,521 individuals, also readers of

    The Register.

    We've contacted them asking them to delete the email and respect your


    We are of course terribly sorry for this error and have reported

    ourselves to the ICO. Our initial statement is here:

    You are free to edit or delete your account details here:

    If you have any questions or would just like to rant at us please

    send emails to

    Best Regards

    The Register

  164. Mr_Souter

    Your email address is NEVER PUBLISHED

    as one who got the email, and who's email address was listed on it, the only thing i find funny is that the original email was classified as junk by my email system. I didn't know i'd received it until the followup email fro El Reg telling me about it. :D

  165. steward

    Will you at least...

    send an email to each and every one of the 46,524 readers whose emails were compromised telling them that the email was compromised?

  166. Haku

    El Reg venture into Social Networking

    Give them a chance, even Facebook had to start somewhere.

  167. McVirtual

    I still love you

    These things happen.... Hopefully only once to all of us.....

  168. KegRaider
    Thumb Up

    Meh, shit happens.

    One stuff up in god knows how many year's I've been a subscriber. I'll be sure to let you off with a cold beer this afternoon. I'll start mine now, feel free to drop over to Australia to collect yours...

  169. Shannon Jacobs

    Yahoo actually good for something?

    Well, not actually, but at least in this case it appears that Yahoo's email system truncated the incoming list of names and addresses. All I received was about 20 long lines of personal information... The way it mixes the names and email addresses, it seems to only be about 50 names in total.

  170. Stephen B Streater

    Internet Privacy is revealed as a myth

    Yet again.

    PS Has anyone considered the following idea for a spam filter? Put up a fake email address eg; then ignore all email which is copied to that address.

  171. Weedkillers

    Mistakes happen unfortunatly but its not offten nowerdays people admit them if they can avoid it

    Nice to see hand help up for the mistake though and process followed to try and rectify it

    Not try and hide it for as long as possible like Sony :P

  172. Weedkillers

    Mistakes happen unfortunatly

    But its nice to see the hand held up for the mistake and process followed to resolve the situation rather then say Sonys aproche of lets see if we can hide it :)

  173. Framitz
    Thumb Up

    Got the list

    Deleted it, I wasn't on it, cool.

  174. ted b

    There are some problems with your post.

    The post is required, and must contain letters.

    Submit post: El Reg in SHOCK email address BLUNDER

    FUCK UP is now another synonym for Blunder.

    One can only marvel at the ever developing English language.

    I'm not vindictive. I just wnat the perp/ twerp PFY or DOC ( Doddery Old Chunt) concerned to get fuck all from Father Christmas.

    I'm not one of the 300 Spartans I'm one of the 3,521 wanting to put my boot up the harse of od someone at El Reg.

    El reg finally gets it very own TARDis.. where is Sarah Bee when we need her.. someone needs a slapping and she nows where you all sit.

  175. heyrick Silver badge

    No worries... is a sacrificial address.

    But you? Hmm, where's that egg-on-face-forever icon?

  176. Jeff 11

    If you're going to own up, do it all the way.

    It's good that you're not trying to keep this under wraps, but if you haven't done this already, you should inform every reader whose email address was disclosed individually; many readers will be wondering whether their addresses have been made public or not.

    It might hurt your brand even more, but it's The Right Thing to Do.

    On a lighter note, I predict a more humble tone from reporters on easily preventable data breaches in future... and depriving your email team of direct access to sensitive data ;-)

  177. Microphage

    The curse of BCC strikes again

    The email isn't suitable for such mass propagation of information, better use some kind of simplified project management software. eg Login to a 'GROUP' add/delete/update msgs then logout.You cannot write to other groups so no danger of above.

  178. Anonymous Coward
    Anonymous Coward

    3,521 potential leakers

    I wonder which one of the 3,521 posted the list to pastebin?

  179. John Sims


    As way of apology I think The Register should donate 1GBP per reg user whose details were leaked to a charity voted for by the readers.

  180. AlexS

    So was this...

    One of those genious marketeers that did it?

    You know, the type that has a skinfull the night before and cannot operate dangerous machinery?

  181. Anonymous Coward
    Anonymous Coward

    name that dumb f*cker and fire them

    show you mean business.

    - a recipient of the email

  182. Anonymous Coward
    Anonymous Coward


    2 spam emails this morning,.. 1st 2 ever in my email account of 7+ years. Well done El Reg!

This topic is closed for new posts.