DISQUS

Returning?

Login

Website
http://staynalive.com/
Original page
http://staynalive.com/articles/2008/10/12/pandora-leaking-user-e-mails-to-third-parties/
Subscribe
All Comments
Community
Top Commenters
- robdiana
  5 comments · 11 points
- MariSmith
  5 comments · 7 points
- ontarioemperor
  10 comments · 31 points
- brianjesse
  6 comments · 2 points
- partywedo
  10 comments · 3 points
Popular Threads
- Screenshots Emerge of the New Twitter Retweet Feature
  1 day ago · 9 comments
- Services Need to Stop With the Twitter Kool-Aid
  4 days ago · 13 comments
- Introducing the FB Share Button Wordpress Plugin for Facebook Share
  1 week ago · 34 comments
- Google’s Walled Garden
  1 week ago · 20 comments
- Hey Utah, Where are the Tech Bloggers?
  2 weeks ago · 31 comments

Stay N' Alive: Pandora Leaking User E-mails to Third Parties?

drewolanoff · 1 year ago

Don't *want* to believe pandora. Believe pandora.
jessestay · 1 year ago

I changed the title to make it a little more fair. I just *want* to
know where this e-mail came from. Fluke?
drewolanoff · 1 year ago

Factchecking? Research?
jessestay · 1 year ago

I disclosed the research I did. I don't have many contacts, other
than "support@pandora.com" to do any fact-checking. I stated what I
know.
Duncan Riley · 1 year ago

They are hard up for cash.....
jessestay · 1 year ago

Duncan, not sure if that's why something like this would happen, or if
it's even their fault, but I am definitely tired of getting the "woe
is me - vote for government to bail us out of this mess" e-mails from
them. I was especially disturbed to get this one. I certainly hope
this doesn't come from the e-mail address I gave them.
jessestay · 1 year ago

I should also add that I got an e-mail from them, targeting me because I was a "constituent of Chris Cannon", my congressman, to encourage him to vote on the internet radio bill. It's interesting marketing, but also outright spam IMO, and a little creepy that they're looking up where I live to determine who my congressman is.
Tom Conrad · 1 year ago

Hey Jesse. Noticed that you were opted in to receive emails from us. Would you like me to remove you from the list? You (of course) can also change your mail settings from the web or unsubscribe from a link in the footer of any email we send you.

Sorry that the congressional emails were a nuisance. Truth is that they literally saved the company. Pandora operates under a government controlled license and without congress passing a bill that extended the negotiating power of SoundExchange without question Pandora wouldn't have survived. The only way to get congress to act is to get constituents to speak up. We're incredible grateful to our listeners that called capitol hill on our behalf. Believe me, we really would never have asked for the help if there was any other way.
TV · 1 year ago

I worked for a top 500 Alexa property for a couple of years who used to get the same complaint every so often. We knew we weren't selling addresses, so we tested the complaint by setting up a few dozen fake email accounts all over the place and registered them with the system. Just waiting for SPAM. None came. We finally came to the conclusion that it was probably trojan's on the users system, users ISP level, and or friends system that were harvesting the email address's.

I doubt it is Pandora.
Tom Conrad · 1 year ago

Hi there, I'm the CTO over at Pandora. Saw a link to this post on Twitter. I can tell you with absolute certainty that we never have and never will sell, give away, trade or disseminate in any way our listeners email addresses. We also do routine security audits; your email address absolutely is not available anywhere on public systems.

We do however hear of cases like this a couple of times a year and I've worked other places where similar complaints would come in. In my experience the cause is almost always spyware on a machine that at one time received an email from the address in question. For example, if you've ever used Pandora to share a station with a friend, or invite someone else to use the service, your pandora email address would be on the email we sent to your friend. If that friend has a machine infected with Spyware it's likely that your email address made it into some spammers directory. Of course we also send you a welcome email, if there's spyware on your machine that's another possibility. The final (and least likely) possibility is a simple dictionary attack -- since the email address you're using is pandora@stayinalive.com it's possible that some spammer was just iterating on dictionary words against your mail system.

It's a terrible situation that we live in an environment where it's nearly impossible to keep our personal email addressses out of the hands of spammers.

Feel free to write any time, with any concern. Predictably I'm tom-at-pandora.

Tom
CTO @ Pandora
jessestay · 1 year ago

Thanks for responding Tom - I'll get this response at the top of the
post.