These economically challenging times — will this phrase ever get old? — call for desperate marketing efforts. Primus, a small Canadian telecom, emailed all its customers with a customized video that congratulates them for stimulating the economy by referring new customers.
Unfortunately, they couldn’t afford some basic security and the names and email addresses of perhaps all of their customers have been exposed.
The harvesting recipe
- Go to one of the landing pages. Here’s a random one: http://primusstimulus.ca/landing.aspx?xid=15459742
- Avert your eyes from the video and hit “Customize and Send to Your Friends.” Voila! Someone’s information.
- Repeat Step 1 but with a different xid number at the end of the URL. Any 5 digits after the “154” seem to work.
Update: RT says: “AFAICT, the lower bound on Primus’s site was 15373977, up to at least 15500000. So they potentially leaked 126,023+ emails/names.”
Update: Party over? The site is down.