FlingWednesday, Apr 13, 2016 · 700 words · approx 4 mins to read
I’m having an affair. Err. Yay?*
Today I got a notification through from the excellent PwnedList that one of my email addresses had been found in a data dump that PwnedList believes is from the adult dating site Fling. I had no idea I was having an affair (or maybe even a bunch of them!). It’s nice to find out, people should know these things about themselves.
If you’ve read the linked missive on the dubious joys of owning a legitimate first name email account on the most popular free email system on the planet, you’ll know that this happens to me all the time.
On top of my affair this week, I found out that I was going to Malaga next week — 6.05am Lufthansa flight out of Wroclaw to Frankfurt, then on to Malaga after a 6 hour wait…why would you book such shit flights for me, Mr. Ryszard K.? Why.
I also found out that I ordered dog food to a residence I didn’t know I had in Addison, Illinois, and that I needed parts to fix my 2009 Lexus, parked at the same house the dog food was going to. I hope my dog is nice. I look forward to meeting him when I go visit my new summer home in Addison, after my couple of weeks in Malaga. Maybe the person or persons I’m having an affair with are going to Malaga, too!
And that’s just this week.
I also periodically get someone’s O2 cellphone bill, and someone’s AFMobile cellphone bill, and details of someone’s car insurance at 1st Central, and service interval reminders for a BMW that’s serviced at Karl Knauz Motors in Illinois, and emails about someone’s Lenovo ID for a new laptop they bought near Christmas last year, and someone’s Sky TV and broadband bills, and someone’s Virgin Media bill. That one is especially annoying because I have service from VM myself. The list goes on. And on. And on.
Actually, good job you paid that AFMobile bill, Mr. Ryszard W., because your service was about to expire. I wouldn’t pay $25 for a shit 3G plan, though, there are better deals out there. Maybe I’ll login as you and get you onto a better one.
All of this happens because companies won’t validate email addresses before sending email to them. It’s not difficult to do, either. For the dog food one earlier in the week, I got the customer’s full name and house address, plus phone number, sent in cleartext in the email, along with tracking details for the shipping, letting me verify the home address was legit by someone delivering something to it. Leaking your customer’s personal information like that to an unverified party should be borderline, if not outright, illegal, right? It wouldn’t take much for me to be able to pose as Mr. Ryszard B.; after all, I know his name, where he lives, and his phone number. Oh, and that he has a dog and drives a nice Lexus (albeit with dodgy brakes).
I do my best to contact the companies involved. The dog food place, to their credit, said they’d fix the issue as soon as possible. Some companies just don’t give a shit, though. Microsoft let someone add my email address to someone’s Live account as a recovery address, and don’t verify the recovery address is legit. The person locked themselves out, naturally, and then sent repeated daily recovery attempts to me for months in a row. I’ve clicked the disavow link on Google Accounts being linked to my email address more times than I can remember (hmm, maybe I can count them, hang on…yeah, an Inbox search returns dozens of results of emails from firstname.lastname@example.org to do with recovery).
There’s no real point to saying any of this, other than I’m still practicing on my keyboard. I hope one day someone decides to do something about it, though.
*if you’re my fiancée, read the rest before you stab me to death 😘