Cisco Says Vegas Conference Attendees' Information Was Leaked 97
Julie188 writes "Thousands of people got a nasty e-mail this morning from Cisco. The company was warning people that its attendee registration database for its Cisco Live 2010 event was hacked. Cisco Live 2010 is the company's annual user conference, held last week in Las Vegas with an estimated 18,000 in attendance. If it's not embarrassing enough for a company that sells security gear to get hacked, the e-mail also went out to people who didn't register and didn't attend the event. That raises questions about exactly what database was pried open and how bad the damage is. Cisco's e-mail said the hole was quickly closed and only business-card type information was exposed."
Is the email from Cisco legit? (Score:5, Interesting)
Re:Is the email from Cisco legit? (Score:5, Interesting)
They were going to let their "partners" spam you (Score:5, Interesting)
Cisco collected that information so they and their "partners" could spam you: "... we believe your registration information - specifically your Cisco Live badge number, name, title, company address and email address- was accessed. No other information was available or accessed. Although these details are commonly accessed by our World of Solutions partners".... Their "partner locator" [cisco.com] finds 16601 partners in the United States, 3241 in China, 998 in Russia, 427 in Romania. 330 in Nigeria, and 12 in Afghanistan. So just about anybody who wants that data could get it.
They're just irked that someone who didn't pay for their mailing list might spam you.
registration of these events done by others than (Score:3, Interesting)
Trusted Technology
World-class Delivery
Event organizers around the world rely on WingateWeb’s event management software and services to deliver the world’s top conferences, conventions and trade shows. Optimize your strategy, maximize your audience and deliver perfect events every time with WingateWeb.
So before people blame Cisco for someone getting into the database and getting attendee data dumps you might want to ask who really was to blame. And FYI, very often the on site software for registering and checking in is not only run on Windows laptops but they are very poorly done. Way to many times redundant information was requested and don't even try to use tab completion for city, state, etc, tab navigation, or the space bar for button activation. I would not doubt that many many other conference databases have been hacked but this Cisco conference hack was found out because they are very security minded and looked into it.
LoB
Re:Routing error (Score:3, Interesting)
For a long time, you could retrieve all of Cisco's customer data (from people who entered data on their web site) from just changing "submit" to "retreive" in the URL. Haven't tried it recently, but they exposed names, addresses and emails by the thousands for years without doing anything to correct it.
Never gave me a good impression of Cisco...