- Registration time
- Last login
- Online time
- 2209 Hour
- Reading permission
Hi folks – I’m the Executive Director at Avaaz.org. Our mission is to serve our members, and we know our members like their information to be absolutely private and safe, so we take data security *extremely* seriously. I wanted to write to give you a sense of what happened in this case and what we’re doing about it.|
99.99% of our subscribers’ data is completely safe, and has never been compromised. However — thanks to messages from a few folks like you — we were able to discover a small crack in our security that had allowed a hacker using a packet sniffer to detect email addresses containing the word “avaaz.” This resulted in spam messages being sent mainly to our staff–and to members who had signed our petitions with special email addresses with “avaaz” in the usernames.
After correcting the error and conducting an internal security review, we hired a leading firm to do a comprehensive, formal penetration test of our site. They found our security very tight, and suggested a number of minor tweaks–all of which we implemented immediately.
We have plans in place to run new penetration tests regularly. One area where we clearly need to improve, however, is in writing back more quickly to folks who were affected by the security issue, to make sure they know how we’ve followed up. We do read and answer virtually every email we get at Avaaz, so we’re also trying to understand how yours fell through the cracks.
Please let me know if there are any other questions I can answer, or if you have any further advice for us on this. Needless to say, we are absolutely not an email harvesting outfit, and we’re as distressed as everyone else at how spammers are steadily dimming the promise of the internet to be a powerful tool for democratic change. I”m sorry you had this bad experience, and I hope it won’t keep you from being active members in our community in the future.
Thanks and best to you,
Co-Founder and Executive Director