

3K+ Emails Of GitHub Enterprise Users Outed In Email And Then Posted On Pastebin - amerf1
http://techcrunch.com/2013/03/19/3k-emails-of-github-enterprise-users-outed-in-email-and-then-posted-on-pastebin/

======
niggler
Key takeaway: "But, if they can't protect my fucking email address why the
hell should I trust them with my clients code?"

Who else provides a product/service similar to github enterprise (internally-
hosted dead-simple git repo and access system)? I've tried gitlab but it
doesn't have quite the same polish.

~~~
hayksaakian
Bitbucket?

~~~
niggler
I assume you mean <http://www.atlassian.com/software/stash/overview>
Admittedly I didn't realize they offered an internal version. I'm going to try
this out!

------
RyanZAG
Hard to work out what's actually going on here from that article, but it
sounds like GitHub Enterprise sent out a bulk email with all 3000 recipients
in the CC field of the email?

~~~
jaryd
This morning I received a set of emails from Github Enterprise that looked
like the following:

\--------------------------------------

To: [massive list of GE user emails]

Subject: NotMyInc Inc., your GitHub Enterprise license expires in 31 days

Body: We're reaching out to remind you that your GitHub Enterprise license is
coming up for renewal in 31 days:

NotMyInc Inc.

License 123456

Created: April 18, 2012

Expires: April 18, 2013

Whenever you're ready, you can place your renewal order here:

<https://enterprise.github.com/purchase>

If you have any questions about this renewal process, or if there's anything
else we can help with, just reply to this email and we'll be glad to help.

Thank you for choosing GitHub Enterprise!

The GitHub Team

\---------------------------------------

Each email was addressed to a different customer whose license is (apparently)
soon to be expired.

~~~
joelhaasnoot
Ah, the famous "send it to everyone in the loop". Made a smiliar mistake once
myself, sent it 7 times per recipient in the list, getting bigger as it looped
:(

------
jedberg
Eh. Email addresses aren't really that valuable anymore. Spam protection is
fairly sophisticated, even in the enterprise, so it is not really that big a
deal.

Still shouldn't have happened though. :)

------
jeffh
As a recipient of that email (several times), it's apparent a script went bad
that had all users on the To: line, though still iterating through each
company account. IMO it looks like a pretty basic coding error ... something
that should have been checked before sending of course. No real account info
aside from email addrs and company name was exposed.

Github did follow up with a "sorry" email. Note that it wasn't all true
enterprise users. I did trial enterprise, but my company stayed with the
hosted version only. Also, lots of the names on there were evidently @github
test users and others I recognized as tire kickers (knowing they use only
hosted GH as well).

End result - a little egg on face for Github, one very sad day for script
kiddie email coder, and an indication (if complete) that Github has << 3000 GH
Enterprise users.

------
soulclap
I almost caused a mailout like this as well when I just kept adding recipients
in a loop without ever clearing the recipient list again. (Using SwiftMailer,
that is.)

A 'fake' SMTP server that just saved the e-mails to the file system as plain
textfiles helped me to find the error before I actually sent the mails out. I
am not entirely sure but I think it was this project:
<http://sourceforge.net/projects/fakemail/>

------
mapleoin
Move fast! Break things!

------
uribs
3K email _addresses_ , not "emails".

Also known as a non-issue (if you want to hide that you are using a service,
you need to use a dedicated randomly generated mail address).

