My suspicion of why there is no response is because it wasn’t a breach. I suspect they don’t want to send you the “we sold your email address” notification.


Sent from my iPhone using Tapatalk

 

My suspicion of why there is no response is because it wasn’t a breach. I suspect they don’t want to send you the “we sold your email address” notification.

The spam email was never a legitimate advertisement. It was all the bad types of spam - "We hacked your account and will post all the porn you watched", "Buy drugs online", that type of spam.

 

While it is noble of you to try to address this with them, it is more than apparent they don't care.

You have to decide how important it is to you, there is a fine line before you become an annoyance, or "that crazy hacked guy".

If it were me I would go on with my life, there are things you can change, and there are things you can't, is this worth your effort?

 

You are correct. I am done. The public disclosure above is the end of it. I hope other people propagate a link to this thread on other woodworking sites.

In all the years, I have never encountered irresponsible corporate behavior like this. What if the breach is not limited to the customer database? Are they not concerned that attackers may have gone beyond the customer database and into their accounting, engineering, or other systems? Steal their intellectual property?

By the way, Oregon has breach disclosure laws. I looked and they may not apply here, depending on how SawStop stores customer payment information and whether that data was also stolen.

As I said, I am done. I will respond to comments or questions here, but that is all. Hopefully SawStop will take notice and do something, but I would not bet on it.

 

it is sad when companies sell our information! who would think legitimate companies (like Sawstop) would do such a thing, but they do. i recently had to "opt out" so my electric company would not sell my info. geeez

 

Sure it possible that SawStop was either hacked or sold your email. It's also possible that your email provider was hacked or sold the info.

 

I do a similar thing Woodshed, I have more than a dozen emails for various purposes.

Try this: create a brand new email address that has never been used before and then go to sawstop and change your profile to the new address. Wait to see if the ads follow to the new address. Delete the old address. If they do then SawStop is selling your info or it's been breached.

It's also possible they sold your email to a legit advertiser who then got hacked. There is no way to know if the spammers got your email directly from SawStop.

If you want to have some fun go to your sawstop profile and change your contact email to the one on the card that the salesman gave you and let him get all the spam.

Terrible customer service though.

 

It's also possible they sold your email to a legit advertiser who then got hacked.

there are no legit email advertisers
just like spam is spam, junk mail is junk mail, we'd all like junk mail to stop too. i've threatened to mount an open bottom mail box on to a trash can by the road. it would save the effort of walking out to the mailbox just to throw out the junk mail in it. other than city taxes 2x per year, i can't think of any mail i actually read. we had a 10 day mail hold, when we returned my wife threw 100% of it away.

saw stop sold your contact info, get over it

 

I'd say that it is far more likely that your email provider sold your address, especially if it is a free email provider. If something is free, you're not the customer, you're the cattle.

 

I ordered contact lenses through a website affiliated with my health insurance.

Within a couple hours I started getting adds for Bausch & Lomb contact lenses on Facebook. I wasn't logged in to FB when I ordered the lenses, and the email address I have for FB is not the email address I use for legit purposes.

They all sell information. It's the way the world works.

 

Any website that has a “Facebook” logo automatically reports your visit to Facebook where they use that information to target you.

That was what the recent Facebook/Apple fight was all about. Apple broke those links. Other operating systems still report the visits.

 

I've opened Hotmail accounts and before ever having sent a single message . . . got spammed galore.
obviously someone at Hotmail was selling all the newly registered accounts.

now I use (name)yyyy@hotmail (i.,e. Tom2022@hotmail) for a temp address - after a year I check for anyone I might need to notify and close the account.
spammers sell lists - over an over . . .

 

I get very little spam anymore, but I pay for all my email accounts. I have a bunch with the telephone company that stay pretty clean, there are a bunch registered under my companies name and some registered to a cigar forum that I administer. The point is that I pay for all of these services every year.

I did have one annoying salesperson who kept sending me emails wanting me to borrow money. When they wouldn't stop I set up a message filter in Thundebird that sent anything she sent me back to her address ten times. Then one weekend my email server got in a fight with her email server and after 5700 emails mine server suspended my account. I can only imagine her server had 5 or 10 thousand emails as well. I never heard from them again, I'm guessing someone in IT that had to clean up the mess on that end did something to prevent it from ever happening again.

I got the idea from a trick we used to have back in the old fax days. In a precurser to spam we used to come in, in the morning, and find dozens of junk faxes that had used up our valuable thermal paper. So at the end of the day we used to take a long sheet, about 6 feet in length and feed it through the fax and then tape it together into a loop. Then we'd set the fax machine to call the advertiser (travel agents were common) and it would loop a message requesting we be deleted, continuously. The result was they came in the next day and their entire roll of thermal paper would be gone. It was quite effective.

 

Something I haven't seen mentioned ... While it's not unlikely your email got sold, it's also possible you simply got randomly hit by a modern email wardialer. FYI, war-dialing was a big deal back in the days when people had modems on their computers, and "hackers" would just dial a bunch of random numbers until they found another modem. So in your case, your email address may have just been a random victim of chance. Welcome to the modern age, and the Internet.

 

Addressing comments in turn:

@Bob Bengal: "Sure it possible that SawStop was either hacked or sold your email. It's also possible that your email provider was hacked or sold the info."

If SawStop sold my email address to others, then nobody has used it for any ordinary advertising. If my email provider was hacked or sold the email address, then why did they single out the SawStop email address just a few months after it was created, and why did they ignore so many other email addresses?

@JayArr: "It's also possible they sold your email to a legit advertiser who then got hacked. There is no way to know if the spammers got your email directly from SawStop."

This may be true, but why didn't the legit advertiser use it? Why would SawStop fail to follow up about a potential breach, whether it originated at SawStop or a business partner? Both are equally damaging.

I never created a profile on SawStop's website. If it exists at all, I never knew about it until now. I never created an account or password. I provided the email address to SawStop on a handwritten order form, which was faxed to them. Someone at SawStop had to type the email address manually when they entered the saw order into their system. The only legitimate email I received at that email address was related to the original order. There were two or three messages confirming the order and payment, and then the saw was delivered. Nothing else came until the malicious spam started months later.

@Rick Christopherson: "I'd say that it is far more likely that your email provider sold your address, especially if it is a free email provider. If something is free, you're not the customer, you're the cattle."

I pay for a basic hosting service where I control the server. Large and small businesses use this provider. It is not Gmail or Hotmail or Yahoo or any free service. The hosting provider would not have lasted for so many years if they were selling customer proprietary information such as private internal email addresses. If discovered, the business customers would sue and the negative publicity would be substantial and could destroy their business. Their reputation depends on securing their systems on behalf of their customers. Can you explain why the malicious spammers selectively chose the SawStop email address and ignored the other 999+ email addresses?

@shoot summ:

"Sure seems like you have an axe to grind with SS, IMO you are making an enormous issue out of something that isn't."

Yes, I do have an axe to grind. I expect companies to respond to potential breach notifications. Prior to SawStop, companies were grateful for the information and help. If we assume that SawStop or one of their business partners were hacked, then why are they not concerned about the broader implications for their business? If your business or a partner had a potential customer data breach, wouldn't you want to figure out where it came from and how deep it goes? Could someone have gained access to human resources, accounting, or engineering?

"It really makes you look a little off on this, I'm not trying to be mean, but you are trying to create some sort of social media revolution with them, because you "think" they have been hacked somehow."

Thank you for the candor, and no insult taken. Please read my first post carefully. I never said "SawStop was hacked". I was careful to say "potential breach" and not jump to any conclusions. I am not trying to create a media frenzy, but I do want to inform SawStop customers about how SawStop responded to a potential security incident, and inform them that their personal information may have been breached. After many years, this is the first and only time I have been driven to public disclosure. That says something about SawStop security incident response compared with many other companies.

"You've been after them on this for 2 years" and "I think it would behoove you to take a few steps back from this."

Not true. I encountered the problem in early Fall 2019. There were sporadic attempts at contact through the Fall. My final attempt was the in-person meet with the Regional Sales Manager in February 2020 and follow-up. I dropped it when COVID struck and did nothing else for a year and a half until now. I created this thread yesterday when another spam arrived and I recognized that the COVID situation has evolved. I will respond to this thread, but as soon as it fades, I will stop.

@_Ogre: "saw stop sold your contact info, get over it"

Why would SawStop sell their customer contact info, or provide it to anyone other than legitimate business partners with mutual arrangements and those who provide business services to SawStop? It defies common sense. Customer databases are sensitive for many reasons, and SawStop would not want their customer database to fall into the hands of competitors. If you want to think that way, then it is more likely that a SawStop employee violated company policy and sold the data under the table, a fireable offense and also subject to criminal prosecution.

@gj13us and @Terry Q:

This thread is not about internet tracking. It is a worthy topic, but different can of worms.

@TomCT2: "I've opened Hotmail accounts and before ever having sent a single message . . . got spammed galore.
obviously someone at Hotmail was selling all the newly registered accounts. now I use (name)yyyy@hotmail (i.,e. Tom2022@hotmail) for a temp address - after a year I check for anyone I might need to notify and close the account.
spammers sell lists - over an over . . ."

There are several explanations, but I will not speculate. It is true that spammers buy, sell, and trade lists.

 

Addressing comments in turn:




Not true. I encountered the problem in early Fall 2019. There were sporadic attempts at contact through the Fall. My final attempt was the in-person meet with the Regional Sales Manager in February 2020 and follow-up. I dropped it when COVID struck and did nothing else for a year and a half until now. I created this thread yesterday when another spam arrived and I recognized that the COVID situation has evolved. I will respond to this thread, but as soon as it fades, I will stop.

Fall 2019 to Fall of 2021 is 2 years.

You have been after them for 2 years, perhaps not non-stop, but 2 years after the initial incident you are still chasing them over this.

Good luck to you on getting some sort of satisfaction out of your efforts, you've gone far beyond what I would have done. I would send the spam to junk email and report it, and get on with my life.

 

Since it started, how much spam is coming to that SawStop email address? Is it many messages a week?

 

I've had an Earthlink account since when it was known as Mindspring, about 35 maybe 40 years. I pay $20.00 a month and it has a "known spam" and "suspected spam" folders as well as an "Inbox" with only contacts in your address book, the main inbox. No spam comes into the Inbox.
It's worth $20 a month to not get all the junk mail and have to deal with it.
FWIW, I've also had "free" emails with Google and Yahoo.

 

I am guessing but I think that it is possible that instead of "Pssst little girl, do you want some candy?" it was "Pssst SS employee do you want to sell some e-mail addresses? I can make it profitable" as the perp closes the trench coat.

 

It happens. I am convinced that an unauthorized employee at our nationwide cell phone provider sold my name, my very private cellphone number, and other contact information to one of the two major political parties here in the US.

Only a handful of people knew the unlisted number, basically my closest family only. The political text messages address me by my name and also know my address. It is very creepy when one of those political text messages arrives, and it is clear that they know a lot about you. If you STOP one sender, two more take its place, like Mickey Mouse with the brooms. I dread what will happen at the next election. I wonder how much the candidates themselves know about it, or whether they hand someone a bucket of cash and say "Do it, but don't tell me what you did or how you did it."

Those national providers are so large that they have little chance of finding the unauthorized employee who did it. There are others who may have sold the information, such as someone working in law enforcement, so the leaks are untraceable.

 

@Tool Agnostic: "Since it started, how much spam is coming to that SawStop email address? Is it many messages a week?"

A few messages a month. The volume does not matter. What matters is that there was a potential data breach, and SawStop failed to respond.

@shoot summ:
"Fall 2019 to Fall of 2021 is 2 years."
"You have been after them for 2 years, perhaps not non-stop, but 2 years after the initial incident you are still chasing them over this."

This is not worth arguing about. Let us say it took 2 years. My message is the same. There was a potential security incident, and SawStop did not respond. I have now delivered that message and have nothing more to add.

I already explained why it took 2 years instead of 6 months in my posts.

@woodnthings:
"I pay $20.00 a month and it has a "known spam" and "suspected spam" folders as well as an "Inbox" with only contacts in your address book, the main inbox. No spam comes into the Inbox."
"It's worth $20 a month to not get all the junk mail and have to deal with it."

I pay for my email service and could choose from many spam filters to install if I wanted.

Today's spam filters are good at filtering out spam. Sometimes they filter out important messages that you never see. That affected my business, so I turned off the spam filter and now receive all email. The suspected spam goes into a separate place for me to inspect. Even today with better software, important messages wind up there, but I see and respond to them quickly. When there is a potential customer database breach, I need the spam to provide important information to analyze for the security team at the affected company.

@_Ogre: "sawstop is not replying cuz they know they sold your contact info, no reply from sawstop in 2 years supports that theory. since this spam only comes to the email address you setup for sawstop, just delete the account, easy peasy and your blood pressure will soon drop. then you need to stop fussin' over this non problem"

I can delete the email address any time I want, like as soon as this thread fades.

@NoThankyou: "I am guessing but I think that it is possible that instead of "Pssst little girl, do you want some candy?" it was "Pssst SS employee do you want to sell some e-mail addresses? I can make it profitable" as the perp closes the trench coat."

I suggested the same thing in one of my posts above. At most companies, it would be a fireable offense and also subject to criminal prosecution. Does SawStop do a good job vetting their employees?

@Tool Agnostic: "It happens. I am convinced that an unauthorized employee at our nationwide cell phone provider sold my name, my very private cellphone number, and other contact information to one of the two major political parties here in the US."

This is the same thought as @NoThankyou, but the size of the company makes it hard to figure out the source.

 

This is not worth arguing about.

Ding, Ding, Ding,,,,,,,,,,,,,,,,,,,, we have a winner!

 

Is your email set up to show remote content?

 

No. Inbound and outbound email are text only. It displays only the text that was delivered to my inbox, with placeholders for other content. Remote content is not automatically retrieved. To see remote content, I must click on an icon or a button to pull it down and display it.

That was a perceptive question.

 

A rant if I've ever seen one.
You are trying to move a battleship with a row boat. It won't happen. They don't care and no response is also a response. And the bottom line here is that most of us don't care either. Nothing we can do or advise will change anything, so in the interest of sanity, we, at least I, will henceforth refrain from commenting.

 

@Dave McCann, @shoot summ, and @woodnthings
You have delivered your messages to me and I understand them. I had a message to deliver and I delivered it. The message was:

SawStop experienced a possible customer database breach. SawStop was notified. SawStop did nothing.

I am not interested in extending this thread or pursuing SawStop. If there are additional posts in this thread, I will respond.

 

time to lock this one

 

this thread now serves no constructive purpose and it is closed for any further contributions.