How We’ve Addressed The Recent Data Compromise

December 21, 2009

AWeber was recently the victim of an intentional attack to mine email addresses.

We’d like to take this opportunity to share what happened, what was (and was not) affected and what we’re doing as a result of this attack.

What Happened?

We use a variety of pieces of software to run different parts of our service and provide support to customers. Some of these are tools we have developed ourselves; others are third-party ones that we license from other companies.

By exploiting and combining vulnerabilities in two separate third-party software systems, the perpetrators managed to gain access to a part of our system where subscriber email addresses are stored.

We have received reports of some of those email addresses receiving spam messages. While the volume of these reports is low, we are treating this incident with the utmost seriousness and addressing it fully.

Who Did This?

We have reason to believe that the party responsible for this was either directly or indirectly a part of an overseas organized group.

What Data Was Compromised?

As noted above, the information that was exported was strictly subscribers’ email addresses.

What Data Was NOT Compromised?

All other customer information was and still remains secure and unaffected:

  • AWeber customers’ personal information was not compromised.
  • No credit card data was compromised.
  • No customers’ names, “from” or contact email addresses, postal addresses, website URLs or any other profile information were compromised.
  • No affiliates’ names, contact email addresses, tax ID numbers, website URLs or postal addresses were compromised.

Additionally, while the perpetrators did acquire some email addresses, the AWeber system was NOT used to send out any spam email on behalf of these perpetrators. Any spam sent to these subscribers was sent via the perpetrators’ own systems. This is important to note because this means it will not affect deliverability rates.

What Are We Doing About This?

We have identified and fixed the vulnerabilities that were used in the attack.

Additionally, we are evaluating other options for these and other third-party softwares that we use to determine if there any other solutions that offer further protections.

As you know, AWeber is staunchly opposed to spam. We take great pains to make sure that our customers engage solely in permission-based email marketing and utilize best practices. We participate in and learn from communities such as the Messaging Anti-Abuse Working Group to help fight the global messaging abuse problem.

We’re Sorry & Special Thanks

We’re very sorry this occurred and may have affected you. We have taken extra steps beyond fixing the problem to ensure that such a breach cannot occur again.

We appreciate the trust and support our customers have expressed throughout the process of investigating this event and reinforcing the security of our systems.

Questions? Please Contact Us.

Those wishing to reach us with specific questions regarding this attack are encouraged to call our Customer Solutions Team, who will immediately address your concerns.

US Phone: 877-AWEBER-1
International Phone: +1 215-825-2196