Recommend
9 
 Thumb up
 Hide
23 Posts

Glory to Rome» Forums » General

Subject: Email security breach at CGF rss

Your Tags: Add tags
Popular Tags: [View All]
Randall Bart
United States
Winnetka
California
flag msg tools
designer
Baseball been bery bery good to me
badge
This is a picture of a published game designer
Avatar
mbmbmbmbmb
I received this email from CGF:
Quote:
Hey folks,

You all are marked for receiving your copies of Glory to Rome: Black Box Edition at All Ways Gaming.

I have good news and bad news: The good news is, we're shipping next week! Yay!

The bad news is, All Ways Gaming has been unresponsive. Without their permission, we can't ship your games to them. The nearest participating store to All Ways Gaming is The Last Grnadier (820 N. Hollywood Way, Burbank, CA 91505). Would you be willing to pick your games up there instead?

The sooner you let me know, the sooner we can work something out.

Thanks,
Matt Hausman
Operations Specialist
Cambridge Games Factory


I am one of three "folks" who chose All Ways Games. I know there were two others, because their email addresses were next to mine in the To line. shakeshakeshake This is why you want professionals dealing with such things. Under no circumstances should CGF reveal my email address to other customers.
19 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David Hoffman
United States
Cortlandt Manor
New York
flag msg tools
badge
Avatar
mbmbmbmbmb
I see this all the time -- allllllllllll the time -- with people who do not grasp the concept of using BCC to email multiple people without letting them see each others' email addresses.

To say nothing of using an email service and contact manager such as MailChimp (off the top of my head) to make such things, more or less, foolproof.

::sigh::
9 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Rob Rob
United States
Tampa
Florida
flag msg tools
badge
Avatar
mbmbmbmbmb
ohbalto wrote:
I see this all the time -- allllllllllll the time -- with people who do not grasp the concept of using BCC to email multiple people without letting them see each others' email addresses.

To say nothing of using an email service and contact manager such as MailChimp (off the top of my head) to make such things, more or less, foolproof.

::sigh::

I work for a federal law enforcement agency and you'd (probably not) be surprised at the number of supposedly security sensitive people who a) send out similar mass emails with open laundry lists of address or b) hit "reply all" to said mass emails.
shake
8 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David desJardins
United States
Burlingame
California
flag msg tools
badge
Avatar
mbmbmbmbmb
Barticus88 wrote:
I am one of three "folks" who chose All Ways Games. I know there were two others, because their email addresses were next to mine in the To line.


Calling this a "security breach" seems pretty absurd, I doubt there are Russian spammers preordering thousands of CGF games from different locations just so they can harvest your address. If you're really so paranoid about this, you should be using single-use revocable addresses for such purposes anyway.
37 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
M.C.Crispy
United Kingdom
Basingstoke
Hampshire
flag msg tools
Avatar
mbmbmbmbmb
DaviddesJ wrote:
Barticus88 wrote:
I am one of three "folks" who chose All Ways Games. I know there were two others, because their email addresses were next to mine in the To line.


Calling this a "security breach" seems pretty absurd, I doubt there are Russian spammers preordering thousands of CGF games from different locations just so they can harvest your address. If you're really so paranoid about this, you should be using single-use revocable addresses for such purposes anyway.
Well, IT security is about confidentiality, integrity and availability. There was certainly a lapse of confidentiality here. While that might not make it a "breach" (something that is frequently taken to imply an external activity), it certainly is a security lapse. I suspect that it's a breach of CGF's own Privacy Policy (actually, I hope it is; it's one thing to breach your Privacy Policy, another thing entirely not to have one that would cover this sort of lapse).
10 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Christopher Rao
United States
Seattle
WA
flag msg tools
designer
publisher
badge
Q:When I say "lawyer" what pops into your head? A:Someone who designs games about penguins." - Dormammu
Avatar
mbmbmbmbmb
DaviddesJ wrote:
Barticus88 wrote:
I am one of three "folks" who chose All Ways Games. I know there were two others, because their email addresses were next to mine in the To line.

Calling this a "security breach" seems pretty absurd, I doubt there are Russian spammers preordering thousands of CGF games from different locations just so they can harvest your address. If you're really so paranoid about this, you should be using single-use revocable addresses for such purposes anyway.
CC'ing your name to two other backers was a mistake. I've spoken to the Groton team and asked them to make sure to BCC all supporter email addresses when sending out external emails to more than one supporter. We're sorry.
44 
 Thumb up
0.30
 tip
 Hide
  • [+] Dice rolls
Jordan " ; " Czop
Canada
Victoria
British Columbia
flag msg tools
badge
Avatar
mbmbmbmbmb

Calling this a "Security Breach" was sensational and highly unnecessary. If you want to complain, do it to the people who need to hear it. I.E. the people who made the mistake.
34 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jon
United States
Urbana
Illinois
flag msg tools
badge
Avatar
mbmbmbmbmb
I concur that using the word breach is too strong.
I would also call this a lapse or similar; breach implies to me an outside party has hacked into the email database. For reference compare recent events from places like LinkedIn.

Of course revealing other people's emails was a mistake, but in the OPs case the exposure was to a few other people unlikely to use the info for evil. I sincerely thought when I saw the thread title that a representative from CGF was going to tell a sad tale about how their system was compromised and I would now need to do a security audit.
9 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mike Weimholt
United States
San Diego
California
flag msg tools
If I beat your score, you must *really* suck.
badge
Avatar
ravenskana wrote:
I concur that using the word breach is too strong.
I would also call this a lapse or similar; breach implies to me an outside party has hacked into the email database. For reference compare recent events from places like LinkedIn.

I agree that the OP was being a bit sensationalist by referring to this as a security breach.

However, I don't interpret the word breach quite so narrowly as you do. An information system's security is not something that can somehow only be "breached" by an external party. Quite the contrary, internal parties are quite capable of breaching their own security, and often do. Security is a wall that keeps your sensitive data in, and the bad guys out. A "breach", then, is just a hole in the wall, and can be made from either side. In fact, it's a heck of a lot easier to breach from within.

As an example, a previous employer of mine has not once, but TWICE, sent me letters explaining that my private data (SSN, etc) was compromised because some employee of the company was either careless with my data, or intentionally misused it. The first time it was some employee who left a laptop in an unlocked car, with the names and SSNs of a large number of employees on it.

Sure, you *could* say that the thief who stole the laptop is the one who committed the "breach", but if a breach is just a hole in the wall (and I maintain that it is), then that doesn't really ring true. The careless employee is the one who created the hole (i.e., "breached" the company's security). All the thief did was pass through the hole created by the employee.

Anyway, I guess I should apologize for dragging down the thread by nit-picking about semantics. But frankly, it seems the discussion was losing steam anyway since most people seem to agree that this was all a whole lot of fuss over nothing.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Bruce Murphy
Australia
Pyrmont
NSW
flag msg tools
badge
Avatar
mbmbmbmbmb
mweimholt wrote:
However, I don't interpret the word breach quite so narrowly as you do. An information system's security is not something that can somehow only be "breached" by an external party. Quite the contrary, internal parties are quite capable of breaching their own security, and often do. Security is a wall that keeps your sensitive data in, and the bad guys out. A "breach", then, is just a hole in the wall, and can be made from either side. In fact, it's a heck of a lot easier to breach from within.


One could also point out that this didn't involve a hole being punched in any walls, simply something being mistakenly put outside the wall.

B>
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jonathan Harrison
United States
Fisher
Illinois
flag msg tools
So long ...
badge
... and thanks for all the fish.
Avatar
mb
Depends whether you're talking about a breach (noun) or a breaching (gerund).

It is a breach of sorts, if not a breaching.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David Hoffman
United States
Cortlandt Manor
New York
flag msg tools
badge
Avatar
mbmbmbmbmb
Robrob wrote:
ohbalto wrote:
I see this all the time -- allllllllllll the time -- with people who do not grasp the concept of using BCC to email multiple people without letting them see each others' email addresses.

To say nothing of using an email service and contact manager such as MailChimp (off the top of my head) to make such things, more or less, foolproof.

::sigh::

I work for a federal law enforcement agency and you'd (probably not) be surprised at the number of supposedly security sensitive people who a) send out similar mass emails with open laundry lists of address or b) hit "reply all" to said mass emails.
shake


I belong to a business group with some stringent membership requirements. One thing all members must do is, once a year, undergo a review by their peers to continue membership. A few years back, the administrator sent an email out to the entire group, asking their opinion one one of the members.

"He's a son of a bitch," one member wrote, after hitting REPLY ALL in his email program. "I hope he dies, preferably from cancer. Do we know anyone who can give him cancer? Failing that, I say we boot him from the group!"

Oops.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Kasper Hansen
Denmark
Frederiksberg
flag msg tools
badge
mbmbmbmbmb
ohbalto wrote:
Robrob wrote:
ohbalto wrote:
I see this all the time -- allllllllllll the time -- with people who do not grasp the concept of using BCC to email multiple people without letting them see each others' email addresses.

To say nothing of using an email service and contact manager such as MailChimp (off the top of my head) to make such things, more or less, foolproof.

::sigh::

I work for a federal law enforcement agency and you'd (probably not) be surprised at the number of supposedly security sensitive people who a) send out similar mass emails with open laundry lists of address or b) hit "reply all" to said mass emails.
shake


I belong to a business group with some stringent membership requirements. One thing all members must do is, once a year, undergo a review by their peers to continue membership. A few years back, the administrator sent an email out to the entire group, asking their opinion one one of the members.

"He's a son of a bitch," one member wrote, after hitting REPLY ALL in his email program. "I hope he dies, preferably from cancer. Do we know anyone who can give him cancer? Failing that, I say we boot him from the group!"

Oops.


Sounds like a nice business group...
6 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Scott
New Zealand
Auckland
flag msg tools
Avatar
mbmb
A most disappointing thread. I came expecting scandal and intrigue and find nothing but some bilious outburst under an overly sensationalistic headline. shakeshakeshake
10 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Steve Duff
Canada
Ottawa
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Email security breach Minor etiquette booboo at CGF.
18 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Robert
United States
West Union
West Virginia
flag msg tools
badge
Avatar
mbmbmbmbmb
UnknownParkerBrother wrote:
Email security breach Minor etiquette booboo at CGF.

It's an etiquette booboo when a friend does it. When it's a company we're trusting with private information, it's a security breach.

Yes, it's "just a mistake" and not a large one this time, but it simply should not have been allowed to happen, and so they have earned at least some appropriate chastising.

I also have received inappropriately CC'd email from CGF (from Christopher Rao himself, in fact) about the Kickstarter project, so this is something they need to deal with more carefully.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jordan " ; " Czop
Canada
Victoria
British Columbia
flag msg tools
badge
Avatar
mbmbmbmbmb
TheFlatline wrote:


I'm glad CGF hasn't sold my kidneys on my behalf at this point.


They probably already have.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
David Hoffman
United States
Cortlandt Manor
New York
flag msg tools
badge
Avatar
mbmbmbmbmb
shikosaki wrote:
TheFlatline wrote:


I'm glad CGF hasn't sold my kidneys on my behalf at this point.


They probably already have.


Sure, they sold them, but are going to hold them in a warehouse for eight or nine months before shipping them out.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
M.C.Crispy
United Kingdom
Basingstoke
Hampshire
flag msg tools
Avatar
mbmbmbmbmb
TheFlatline wrote:
So that's why I woke up in a bathtub filled with ice and my sides hurt...
Your sides hurt from all the laughing. I have no idea about the ice though.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
United States
Appleton
Wisconsin
flag msg tools
badge
Avatar
mbmbmb
This thread feels like shooting fish in a barrel...easy, but cruel, given everything else they have brought on themselves this past year.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Justin Fitzgerald
United States
Mazomanie
Wisconsin
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
I'm offering unbunching of panties in the next stall over for only $8 and I'll throw in a free set of mat risers.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.