Got a disturbing couple of postcards in the mail today from Dayxxxxxsports.com, and Duxxxxns.com, two websites I have never visited, soliciting their picks, including claims of going 29-0, and 55-10. (x'd out part of their names, no need to give these guys free publicity).
It's disturbing because neither postcard was addressed to me, but instead addressed to a password I have used at only one site: Pinnacle. In other words, the postcards arrived in my mailbox with the address reading as follows:
"my password"
123 My Street,
Toronto, Ontario, Postal Code
...with "my password" being the actual password I used to sign up at Pinnacle, in place of - and instead of - my name.
I am 99.9% sure Pinnacle is the source of this because I am very careful to NEVER use a password at more than one site, I keep records of all my passwords, and this password is a fairly unique word that would not just appear at random. It is certainly not a nickname I have ever gone by, or a way you would ever address someone.
WTF is going on here? Did Pinnacle sell this, or was this info stolen from them? The fact that personal info including my account password is floating around out there is kind of unsettling...and I'm really amazed that things could be so sloppy down the line that someone would actually address a postcard this way.
This Pinnacle account of mine is not funded at the moment (last active fall of '04), but I sure as heck won't fund it now. Doesn't exactly inspire confidence that my info is in safe hands if these are the practices they employ, or that's the level of their security.
Someone should look into this, seriously. Jack, have you had reports of problems with this at Pinnacle??
=============================
I just logged into my Pinnacle account for the first time in over a year. Password rejected - and a note that it was supposedly emailed to me. I don't recall ever getting notice of this. WTF is going on here??
It's disturbing because neither postcard was addressed to me, but instead addressed to a password I have used at only one site: Pinnacle. In other words, the postcards arrived in my mailbox with the address reading as follows:
"my password"
123 My Street,
Toronto, Ontario, Postal Code
...with "my password" being the actual password I used to sign up at Pinnacle, in place of - and instead of - my name.
I am 99.9% sure Pinnacle is the source of this because I am very careful to NEVER use a password at more than one site, I keep records of all my passwords, and this password is a fairly unique word that would not just appear at random. It is certainly not a nickname I have ever gone by, or a way you would ever address someone.
WTF is going on here? Did Pinnacle sell this, or was this info stolen from them? The fact that personal info including my account password is floating around out there is kind of unsettling...and I'm really amazed that things could be so sloppy down the line that someone would actually address a postcard this way.
This Pinnacle account of mine is not funded at the moment (last active fall of '04), but I sure as heck won't fund it now. Doesn't exactly inspire confidence that my info is in safe hands if these are the practices they employ, or that's the level of their security.
Someone should look into this, seriously. Jack, have you had reports of problems with this at Pinnacle??
=============================
I just logged into my Pinnacle account for the first time in over a year. Password rejected - and a note that it was supposedly emailed to me. I don't recall ever getting notice of this. WTF is going on here??
