Wednesday, August 12, 2009

McAfee Leaks 1,400 Security Pro Details

Via (July 29th, 2009) -

Security software maker McAfee has accidentally e-mailed the full contact details of 1,400 IT security professionals to an unknown number of recipients.

The marketing spreadsheet contained the full names, titles, organisation names, phone numbers and e-mail addresses of all who had registered for or attended the company's recent Strategic Security Summit on July 17 in Sydney.

"We did have a human error where the seminar contact list was attached to a promotional e-mail that was sent to... we don't know how many of the delegates," McAfee's Asia Pacific President, Steve Redman, told Risky.Biz by phone. "The important thing to note is this was not financial information, not mission critical information, it was a contact list."

The list was mostly comprised of the details of in-house IT security professionals for Australian organisations. It included the details of those who had attended, those who registered but never showed up, and those who walked in without registering.

The company tried recalling the message after it accidentally leaked, and subsequently sent an e-mail asking those who may have received it to delete the contact list.

As such, Redman says the company will not be contacting everyone on the marketing list to inform them of the leak. "We don't know whether all those people deleted it," he says. "If 50 people got our list... and then we asked them all to delete it and they did, then the information's not out there."

Risky.Biz has sighted the list -- which contains comprehensive contact details for security professionals from banking institutions, government departments and other large enterprises -- throwing doubt on Redman's hopes the list has been deleted.

Chris Gatford, director of HackLabs attended the event and was alarmed when he learned of the leak. "It contained my registration information," he says. "I am not happy about it sitting in unknown hands."

He says he's surprised McAfee would be so careless with what he describes as sensitive information. He also disputes Redman's assertion the leak is trivial because it is a mere contact list.

"I am sure [McAfee's] competitors would be very excited to have this fall into their inbox," he says. "[And] that list would be great to attack as it is a who's who of the security gatekeepers of Australia's largest organisations."

No comments:

Post a Comment