Key takeaways
- WHSmith’s mailing-list leak came from a misconfigured “contact us” form that sent private submissions to the entire contact list.
- Exposed data included phone numbers, addresses and full names. However, no passwords or payment details were leaked.
- WHSmith characterized the incident as a bug in the subscription-processing system, not a hack.
- Site administrators hid the malfunctioning contact form instead of removing it from the webpage.
- Public reaction was largely mockery, though some treated it as another data-security failure alongside other recent leaks.
- Prevention advice includes using a trusted email service provider, testing and debugging your site regularly and keeping a contingency plan for email-marketing mishaps.
Introduction
Email marketing hiccups and mistakes happen from time to time – that’s just part of dealing with modern technology. Whether it’s sending out inappropriate content or failing to account for some unforeseen response to new features, these unfortunate events can wreak havoc on the image – and impact – of an inbox campaign. As the team behind WHSmith found out on Sept. 2nd, it only takes one little misstep to join the ranks of this not so illustrious fraternity.
If you’re not interested in adding your brand’s name to this discussion, take a moment to look over the events surrounding WHSmith’s list malfunction, as well what you can do to prevent such a problem from being a part of your email marketing future.
What Happened?
As Alex Hern of The Guardian explains, the story of newsagent WHSmith’s inbox faux pas all starts will a misconfigured “contact us” form. Essentially, individuals who were interested in joining the company’s email mailing list entered pertinent contact info into the form, only to have this sensitive information (phone numbers, addresses, full names, etc.) end up being sent to every current member of the contact list.
Disgruntled, distressed, and concerned customers soon took to the contact list form to lodge complaints as part of an effort to bring this malfunction to the attention of the brand, only to have these subsequent messages also end up in list inboxes across the web. To make matters worse, the programmers and web administrators who monitor the WHSmith site simply hid the bugged contact list after word broke on social media instead of removing it from the webpage entirely.
How Did It Happen?
So how does a brand end up with private user submissions and contact requests spamming reader inboxes? According to Business Insider’s Lucy England, WHSmith released a statement claiming that the incident was not the result of a malicious attack or “hacking” as initially believed, but rather caused by a bug in the system that manages and processes magazine subscriptions.
Thankfully, no user passwords or payment details ended up floating around the web as public info. The only lasting ramifications of this event come in the form of confusion and concern from within the members of WHSmith’s contact list, as well as a significant amount of egg on the face for the brand.
Gauging the Market’s Reaction
When it comes to gauging the reaction of the market to this event, the vast majority of the response has focused on poking fun at WHSmith’s bad luck. Considering the unique nature of the situation, it’s hard not to have at least a little fun with this unusual and entertaining occurrence.
However, there’s also a segment of the digital community that points to WHSmith’s leak as the latest in a long list of security breaches. In fact, the team over at Media Post’s Email Marketing Daily blog note that in the days following this malfunction, Hawaii First Federal Credit Union and the British government both experienced leaks and break downs in security protocols. Without question, the need for better handling and storage of private contact list data is at an all-time high.
Keeping Your List Info Safe
So how does your brand keep its email marketing operations rolling smoothly, all while avoiding this kind of lapse in security? It all starts by working with a service provider and platform that you can trust. While taking the time to find the right team of email marketing experts and campaign management tools can seem like a dull or boring affair, it only takes a quick look back at the coding offered up by WHSmith’s subscription processing service to prove how vital this endeavor is for your brand.
From here, it’s also a good idea to test and debug your site from time to time. No web hosting system or server is perfect, so staying on your toes and remaining vigilant in your maintenance of this portion of your digital presence is a great way to support and shield your email operations.
Finally, there’s nothing wrong with having a contingency plan for when the worst happens. Obviously, it’s impossible to prepare for every potential issue or bug, but taking account of at least some potential hiccups can ensure that your brand gets back on its feet as soon as possible. If you can work with these concepts guiding the way, there’s no reason why your brand has to join WHSmith as an unfortunate company that makes headlines for all the wrong reasons.
FAQ
A misconfigured “contact us” form caused private contact submissions to be sent to every member of the company’s contact list. WHSmith said the root cause was a bug in the subscription-processing system, not a hack.
Phone numbers, addresses and full names were sent to the list. However, no user passwords or payment details ended up public.
Programmers and web administrators hid the bugged contact list after the issue spread on social media instead of removing the contact form entirely from the webpage.
Most reactions were poking fun at WHSmith’s misfortune, while some commentators framed the incident as another security breach. Other organizations experienced leaks around the same period.
Work with a trusted email service provider and platform, perform regular testing and debugging of your site and maintain a contingency plan so your brand can recover quickly if something goes wrong.
