Last night, while tired, weary and working on various Notacon projects, I sent out an email to almost everyone who registered online for Notacon 6. Unfortunately, I neglected to put the recipient list in the bcc: field and instead put them in the to: field of the email. Hence, approximately 195 people now have eachothers’ email addresses. No other personal information was shared. In short, I, Paul “Froggy” Schneider, fucked up.
This is a huge embarrassment not only for Notacon as an organization, but for me personally. However, it reminds me of a fact many of us are too familiar with: The weakest link in infosec is always the human involved! Even those of us who spend our lives working in the field are not immune to making mistakes, myself included.
We wanted to openly acknowledge this mistake and assure all Notacon participants that we do take the issue of privacy seriously and that we are sincerely sorry for any inconvenience this may have caused.
While most of the people involved have already contacted me and expressed their understanding, a few have, understandably, expressed their concern and anger. A very small contingent decided to re-share the list to other sources. Obviously at this point there is little we can do since the genie is, essentially, out of the bottle.
We have changed our practices such that issues like this should not arise in the future. If you do have any questions or concerns, please feel free to contact me personally to discuss the issue. We appreciate everyone involved respecting our mistake and ask them not to re-share the list if at all possible.