Aweber's Security Compromise: What Do I Tell My List?

For those who don’t know, Aweber’s servers were hacked into. While no credit card or Tax ID info was stolen, it appears that the emails were. Now spam is going out all over to Aweber lists.

Aweber is giving the appearance that they are doing something about it.
http://www.aweber.com/blog/uncategorized/data-compromise.htm

However, just yesterday I had an advanced user sign up with a brand new email specifically created for just my site. He received SPAM within 30 minutes. It’s obvious that Aweber has not solved the problem.

Here are other blogs about the situation:

http://www.problogger.net/archives/2009/12/20/has-aweber-been-compromised-reports-of-spam-going-to-aweber-lists/

Aweber Is NOT Cheap
I can’t say I know the ins and outs of Aweber’s business model. However, I know I paid them $500 last year for a list of about 50,000 people. The database size is a non issue. I’m sure there costs in keeping deliverability up. However, it seems that this could be done for a fraction of the price. (Maybe I’m wrong).

So with paying such a fee, it’s expected that Aweber utilize military-grade security. (I’m making the assumption that 100% security is possible with the right investment). I want to know why a greater investment was not placed in security.

What Do I Tell My List and Members?
Because they signed up for my list, they are now getting spam. The damage has already been done and it’s entirely Aweber’s fault. However, that’s not how my users are going to see it. I have no idea what to tell them.

All I know is Aweber needs to be held accountable by us web dudes.

Brandon

If you believe they are still compromised then the sensible thing to do is take your business elsewhere, otherwise you are knowingly continuing to sign people up to spam. Choose another provider, export/import your list over, and tell them that you’re no longer using Aweber.

They are charging you a premium and not delivering on security. If it were me, I’d move to a more reliable service.

For starters you might want to be upfront w/your list and explain and apologize for what happened. Sadly aweber didn’t seem too proactive in all this and despite being a customer myself this is the first I’m hearing of this - so thanks for your posting.

Unfortunately just about every service or piece of software you use is at your own risk since no company will ever write a TOS where they accept responsibility for anything that goes wrong. I haven’t read Awebers TOS lately, but would imagine that all the risk is placed on their users who use their services.

It’s funny, but whenever I’ve signed up for someone’s mailing list I used to feel secure knowing that Aweber was handling things, but unfortunately that’s not the case any longer.

Have you asked Aweber what’s up if you think their systems are still being compromised?

Steve