Of course the fact that these names are Bell's customers gives someone one more bit of information, but again not necessarily private information. My name is on the doorbell buzzer in a densely populated area, which is also served by a single phone company. Once again, the information is kind of public by default.
Perhaps what we need is a more thorough discussion about boundaries between public and private activities. For example, shopping seems to fall into the gray zone between these ideas. I do not usually have the expectation of privacy when I shop. Should I then be surprised that my local mart shares my shopping details with third parties?
On the other end of the spectrum we hold onto truly private information like security tokens or private keys (both real and virtual) with much more zeal. Those we do not share with random strangers, much less large corporate entities. And when we do, as when I give my house keys to a cleaning company, we sign a legally binding agreement which mentions things like "bonds and insurance" against potential damages or breaches of security.
I am happy to accept either one of those realities, depending on the situation. But let's at least understand where we stand before the outrage.
I may be able to find out your email address, but that's not the same thing as knowing that you have an account on some specific website. If I know the latter, that opens you to phishing and social engineering attacks. I can send you highly targeted emails from a spoofed address and get you to click a link or open a file attachment and install malware on your system.
EDIT: another thing, it's Bell - an internet service provider who should have a higher standard in security. Not some email distribution list of a mom & pop shop where you willingly provided your email address (ie. made it publicly available).
Because of this, emails are private information. If you are not posting it publicly, you will only be sharing it with friends and trusted companies. All of which should keep it secret and never have them leaked.
And I have no idea how on earth you could think it would be.
Sure it is. it's given out extensively for individuals to contact you. Same as a phone number used to be published in a phone book. Same as we publish public keys and same as your username here is public.
It is by definition, something that is shared to the public for public use... as opposed to a secret like a passphrase or private key.
This is obvious in cases like the Ashley Madison leak.
A phone number can be unlisted (the term differs between different countries) - which is not the same as being "hidden/private" it just means that it isn't a publicly available record and not listed in phone books.
How can this be a foreign concept?
There's "public" as in you're not the only person who knows it (not secret) and there's "public" as in it is freely available to anyone who wants it without any interaction with you personally.
This contains a bit more data than they were suggesting and a tar file for a .mozilla directory, possibly containing some saved passwords?
It appears to include b1* usernames and maybe passwords (Used for Bell PPPoE credentials), might be enough to steal someone's bandwidth or make it look like someone else downloaded something rather illegal.