De Beers security hole reveals customer information

Adiamondisforever.com, an informational site about diamonds sponsored by De Beers, reveals about 35,000 customer email and home addresses.

On the Web, diamonds can be a spammer's best friend.

About 35,000 customer email and home addresses were exposed on Adiamondisforever.com, an informational site about diamonds sponsored by De Beers, CNET News.com has learned.

Chad Yoshikawa, a Bay area consultant, stumbled across the security hole today while searching for his home address through a search engine. The results turned up more than he bargained for.

A Web page he found, pulled from the De Beers-sponsored site, lists the names, phone numbers and home and email addresses of people registered with the site, along with his own. Yoshikawa, who said his wife entered a diamond contest through the site, contacted a site administrator immediately because "it didn't look like they were too on top of things because it was hard to find the privacy policy."

Jim Greene, system administrator for hosting company Luminant, replied in the email to Yoshikawa: "We have investigated and fixed the problem with the site. This area is not active on the site any longer."

The security breach resembles "data spills" from several Web sites. Last year, Butterball published the names and addresses of people who signed up to receive recipes via an online newsletter. Nissan Motor also exposed a list of more than 24,000 email addresses belonging to potential buyers last year.

"This kind of occurrence is all too frequent. (But) the De Beers (breach) seems especially troublesome because it suggests access to high-net individuals," said Jason Catlett, president of Junkbusters, an online advocacy group.

"Who knows how many people have noticed or downloaded the list before it came to the attention of the media." he added.

Luminant's Greene said Yoshikawa and CNET News.com were the only ones to spot the file.

"We have looked into the server logs and see no indications that anyone besides yourself and someone coming from CNET accessed the files," he wrote.

Adiamondisforever.com, which launched in November 1996, is part of The Diamond Information Center, a marketing service for De Beers, one of the largest diamond producers and marketers in the world.

The site's privacy policy stipulates that the company does not "make available the email addresses of those who access our site to other organizations or companies."

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis