Clipper Card Email Address Leak
More from Nathan:
This morning I got an email from Clipper telling me that my credit card was about to expire. There’s nothing particularly unusual about this aside from the fact that this same email was sent to 1756 other Clipper customersby simply populating the CC field of the message header, effectively broadcasting a massive list of private addresses to a whole lot of people who have no business knowing them.
Nathan forwarded us the email, which we’ve attached above. The body of the email from Clipper Card customer service simply said:
Dear Clipper Cardholder,
We first would like to thank you for your support of the Clipper (formerly TransLink) program. According to our records, the credit card information we currently have on file for the Autoload on your Clipper Card is due to expire in December. To avoid any disruption of services, simply update your credit card / banking details online at www.clippercard.com by following these steps…
Well, good thing Nathan’s credit card number wasn’t in the email or anything. This certainly doesn’t help matters, knowing that some riders are already wary of potential privacy issues with Clipper cards. The MTC spokesperson said he is drafting an apology, reports the San Francisco Chronicle.
Did you receive the same email this morning? And how do you protect your email addresses on the internet?
oh no! someone will know i have a clipper card now! hmmm i wonder if sexyboi78@hotmail.com is single?….
this is like complaining that someone published a phone book… oh wait…
NON STORY.
Uh, you’re missing the point if you’re wrapped up in the idea of the e-mail address leaking. It’s not what leaked, it’s the fact that someone at MTC was so careless that they have no idea how to send an e-mail out. If they’re this cavalier with e-mail addresses, I’m not really comfortable with the way in which my more pertinent data is stored.
I’ve already had conversations with them regarding billing that make my blood run a bit cold, this hardly improves matters.
Yeah, it’s not like there are people out there who sell valid email addresses to spam houses or use them to conduct brute force password attacks on people’s accounts. I mean, what are the odds that any of those people will have an easy-to-guess password that might get an unscrupulous person access to more personal information? I bet Clipper security is airtight otherwise.
Totally the same as a phone book, dude.
I agree with Rachael and Nathan. Besides, the phone book analogy doesn’t apply anymore. Mobile phone numbers nowadays have the exact same problem. AT&T, Verizon and others use the phone number as login for their respective websites.
Well, this goes along well with the loss of data through myBART.
*facepalm*
I got the same email, but with 2770 emails. I wonder if there were two batches of email?
If they can leak your email this easily, just think about your credit card number.
Which might explain those fraudulent charges that showed up shortly after I signed up for Autoload. Hmm…
I got the same email. The problem is being made much worse by people who keep hitting “reply all” and complaining to everyone.
oh man, exponential fail.
Yet another SFMTA and Clippercard fail. Only confirms their incompetence and why I’ve always loaded mine paying in cash at Walgreens.