The December 2022 issue of IEEE Spectrum is here!

Close bar

McDonald's Data Breach: Supersized?

Just how many companies have had their customer email addresses compromised?

3 min read
McDonald's Data Breach: Supersized?

Uh-oh.

That McDonald's data breach I was telling you about Monday and which touched me personally may have just become much, much bigger than first indicated.

According to a ChicagoBusiness.comnews report on the McDonald's data breach published yesterday, the e-mail distribution company that marketing company Arc Worldwide used and which was successfully hacked was identified as Silverpop Systems, Inc. of Atlanta, Georgia.

The ChicagoBusiness.com article states:

"Silverpop is a subcontractor of Chicago-based Arc Worldwide, one of McDonald’s longtime promotional agencies, which handles the promotional e-mail distribution. Arc hired Silverpop to manage that database....

"Silverpop, which has more than 105 customers and activity of more than 1 billion e-mails per month, notified its customers of the breach, according to the FBI spokesman. He says the attack appears to have come from an overseas location."

Silverpop clients include Air New Zealand, Edgar Online, Encyclopaedia Britannica, Mazda North American Operations, Stamps.com, and USA Financial, among others. 

Silverpop's CEO Bill Nussey said in a statement on his blog that the attack that penetrated his company's servers accessed only "a small percentage of customer accounts." He didn't elaborate, however, on exactly how many of his company's 105 clients this "small percentage" amounted to or the proportion they represent in terms of the billion emails the company sends out per month.

In addition, CEO Nussey stated that:

"It appears Silverpop was among several technology providers targeted as part of a broader cyber attack."

Hmm. Have other tech companies - especially in the email promotion and distribution business - been successfully hacked as well?

Already, at least one confirmed Silverpop client, deviantART, has sent emails out to its 13 million customers similar to that sent by McDonald's that their email addresses, usernames and birth dates may have been stolen, according to this post at the Erictric blog. A deviantART forum post here has the full email sent out by deviantART.

[Update: 15 Dec 2010

I received an email late this afternoon from Nicole Jordan of deviantART, who asked me to correct some inaccuracies in the above paragraph, which I am happy to do. She wrote that the total membership of deviantART is 16 million and that:

"Due to the ongoing investigation we're not at liberty to reveal the amount [affected] but it was not anywhere near our total membership."

Hopefully Nicole will let me know how many members were affected when that number can be made public.]

Furthermore, Walgreens has not publicly said its breach was linked to Silverpop, but this informative article appearing in The Register last night found a direct link between Walgreens and Arc Worldwide, which would strongly suggest that it may be.

[Update: 15 Dec 2010

Walgreens is saying today that its email hack was not related to Silverpop's according to this post at CNET news.]

As the Register article noted, Silverpop (nor Arc Worldwide) has not been very forthcoming about which of its clients have had their customer data stolen (maybe it doesn't know or is forbidden to tell because of corporate confidentiality clauses).

Moreover, the clients Silverpop has notified - other than perhaps Walgreens - seem to be taking their own sweet time to admit that their customer information has been taken.  And everyone involved - including Walgreens - seems to be trying to keep a tight lid on the story, especially concerning the number of customer email addresses compromised.

Maybe we can speed up the process of disclosure a bit, however.

If you have received in the past few days an email from a company that may be a Silverpop client (such as Air New Zealand, Edgar Online, Encyclopaedia Britannica, Mazda North American Operations, Stamps.com or USA Financials) saying that your email address has been compromised, obtained, stolen, etc. - and the email isn't from deviantART, McDonald's, or Walgreens (and is not part of the recent Gawker Media-related hack attack, which appears to be a separate issue) - please let me know.

Maybe Spectrum can find out whether the company sending you the email is related to the Silverpop breach or the "broader cyber attack" that Silverpop alluded to in its statement above.

Be sure, though, that this email isn't part of a spam or phishing attack. One can easily envision that those who stole the email addresses and other information from Silverpop will be exploiting it to send out realistic warnings of data theft which ask a person to click on a link which in turn leads to a malware site.

Being part of the McDonald's-related breach - and possibly several others related to it given I interact with many of the companies on Silverpop's client list -  I am expecting to receive such spam and or phishing emails very soon.

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less
{"imageShortcodeIds":[]}