Just about 2 hours ago, we started to send out our best wishes for the holiday season to our customers. Unfortunately a really embarrassing mistake was made, which affected a limited number of our customers.
Because of a loop in an email-script (not a part of the software that is the base of Pingdom services) gone bad, we managed to send out more than one email to 5,511 of our customers. By mistake, we also included a limited number of our other customer’s email addresses in the To: field of those emails. The exact number of emails that was sent before we stopped the script was 5,511. The person that received the most duplicate emails received 11 of them, and the number of email addresses that was included in the To: field was 5,511. That’s not all our 280,000 customers, but certainly more than enough.
The email-script in question sent out the emails in alphabetical order on the first part of the email address (before the “@”). When it reached 5,511 emails, everyone that had an email address that starts with “0…@” to “adem…@” had received an email. We want to be transparent about this so that you can easily tell if you were among those affected.
Since all of you that are affected are customers of ours, we hope you act as a good netizen and friendly neighbourly customer and delete these email(s) if you have received it. We know that you respect the importance of privacy and will do the right thing.
Lastly, we would like to say that we are sorry to all affected. We screwed up here, it’s as simple as that.
Our last hours before the holiday didn’t end up as we wished. But like we said in the email that gave birth to this post, we really hope that you will have a great holiday, and that you will understand and forgive us.
Those of you that are developers knows that even the greatest programmer make mistakes. This is why we have testing procedures in place. In this case the mistake was that our regular testing procedures were not followed as they should have been.
The script used in this case was not part of our regular Pingdom software development, testing, and deployment procedures since the script was just a temporary solution to send these emails out.
To summarize and to clarify:
- This did not affect any of Pingdom’s monitoring services, alerts or other systems.
- 5,511 of our customers have received email addresses of 5,511 other customers, all with an email address starting with “0…@” to “adem…@” (the part before the “@”).
- No passwords, credit cards, or other personal information of our customers has been compromised.