As a quick update to my post over the weekend about Aweber’s system being compromised and spam emails being sent out to those that subscribe to Aweber lists – Aweber have today released a statement acknowledging the problem and talking about what they have done as a result of it.
A quick summary:
- They’re putting it down to vulnerabilities in two third party software systems that they use.
- They’re saying that the hack was limited to areas where subscriber email addresses were stored.
- They believe that the attack was done but an ‘overseas organised group’.
- They state that no other information was taken including information about customers accounts or affiliates accounts.
- They say that Aweber’s system was not used in the spamming and as a result deliverability rates have not been impacted
- They’ve closed the vulnerabilities.
Of course the reality is that while Aweber customers own details and information have not been compromised (this is a relief) – our lists have. While there’s nothing that Aweber can do about this now – the reality is that we as their customers do have to live with the knowledge that our readers, those who trust us with their details, are now getting spammed and that this spam could continue indefinitely.
While I understand Aweber’s statement, feel sorry that they went through this, am happy that it’s not as bad as it could have been and know this stuff happens – I do have some mixed feelings on this:
- Firstly I’ve got over 333,000 subscribers who have potentially been receiving spam in the last few days. This makes me feel ill and embarrassed. I’ve fielded many many emails in the last few days from angry and confused readers. While not all will realize why they’re being spammed now some who have set up specific addresses for my newsletters have – and they’re now angry and have a damaged view of my brand (and some have unsubscribed*). If you’re one of these subscribers – I’m truly sorry – I wish there were something that I could do except suggest you mark the spam as spam and/or resubscribe with a new email address.
- Secondly I’ve been actively recommending Aweber for a year or two here on ProBlogger. I personally want to apologise to my readers who have acted on that recommendation who have been impacted by this. While by no means is it my fault that there was this flaw in Aweber’s system I acknowledge that my genuine recommendation has led to these implications.
I think Aweber has an amazing service. They’ve become an integral part of my own business, have always given me amazing service and I will continue to use them. However I guess I wanted to also acknowledge to others hurt by this that I’m sorry for my part in it (indirect or not).
While Aweber does not apologise in their statement (I guess the lawyers might have had a part in that) I certainly want to express my sorrow for this event to those of you impacted by it.
Update: Aweber have since updated their statement to express that they’re sorry.
There is no perfect system. Over the years my own sites have been hacked (as have many many successful businesses). It is just a pity that this particular instance has impacted so many people.
* as I’m about to hit publish on this I thought I’d check out how many of my subscribers have in fact unsubscribed over the last few days. What I found in the reports section was very odd – for the last 3 days Aweber is reporting that not a single person has unsubscribed from my lists. The blue part of the chart is the unsubscribers – you’ll see in the last three days it is not there at all).
This is bizarre – in the last month of the stats there has not been a single day that I’ve not had someone unsubscribe – in fact I can’t remember a day that there wasn’t at least 10 for much longer than that (it’s just a natural part of having a list of the size that I do) – to have 3 days in a row with no unsubscribers is very very odd. Hopefully it’s just a glitch!