By now, you’ve heard about the massive breach at Epsilon on March 30.
First, I should tell you, this is no laughing matter. There’s lotsa bad here. Anybody guessing that a few email addresses are not a big deal should know that an enterprise marketing service provider like Epsilon probably got hacked by very determined and highly motivated professional spammers. These guys know the value of an email address, both a lousy one scraped from the web and a good one stolen from a provider to Fortune 100 companies.
If a phishing attack to 100,000 addresses yields 100 successful responses, what if you could steal 1,000,000 addresses? How about 10,000,000? As ISPs get better at blocking spam and ESPs get better at avoiding lousy lists, companies like Epsilon become bigger, redder, hotter targets.
Laughing? Not me.
Let’s say you’re a competitor. Maybe you’re Silverpop. They’re sure not laughing.
With every one of these attacks, other email service providers may think about how to respond. Thoughts may range from “How do we exploit this?” to “Let’s just shut up and be glad it’s not us.” This time.
ESP customers will also be thinking about security as they vet their next ESP. So every ESP needs to decide what they’ll say. The best solution is to treat this carefully, in private and in public, making sure to keep the system and software up to security standards, strengthen relations with service vendors, and to communicate a unified response to everyone.
“It can’t happen here,” is probably a phrase to avoid. By now, it seems obvious that somebody is next.
So nobody is laughing.