I wrote a column last week for the Guardian tech section about the discovery that someone I do business with has had their servers cracked. I know this because I have started getting spam to the email address I use only for commercial correspondence. But I don’t know who it was, because I have bought from more than seventy different merchants using that address.
The first waves of spam were perfectly standard, but this morning I got the run of a second botnet — twenty seven messages in one gulp — and many of them were personalised with my name as well as my email address: “Dear Andrew”, etc.
Fortunately, none of this will be any use for real phishing purposes, since anywhere that I have an account has an individual and unique email name. Still, it is a chilling demonstration of the way in which our dertails are spread across the net, and we must trust people to look after them when we have no reason whatever to do so. From now on, anyone I deal with will get an individual email address.
For the moment, everything to that address will simply get forwarded to gmail, which has spam controls so much better that I noticed it as a shock when three messages got through them earlier this week. Presumably that represents a new run of a freshly tuned botnet.