Friday, 7 December 2012

How a disposable email address shows who is sharing your details...

I bought my iPhone 3G from an O2 store on the day of its release. A couple of years later I upgraded it to an iPhone 4, again from the same O2 store.

Over the last couple of weeks, I've had a number of missed calls to my mobile. No voicemail, just a missed call from a number I didn't recognise. I entered the number into Google and it appears to be associated with the Carphone Warehouse. The search results revealed a lot of people complaining that Carphone Warehouse were cold calling their mobiles to try and sell an upgrade.

Annoying, but since I'd missed the calls, no big deal.

Then, today, I received an email from Carphone Warehouse telling me I was eligible for an upgrade. Now, I'm not a customer of the Carphone Warehouse, so how did they know I was eligible?

The answer is in the email...

I use Yahoo mail for non-important stuff because it has disposable addresses. Basically you create a new address such as "mymail-" and you can then append a word to it depending on who you are dealing with. In this instance, the email was addressed to "". This address (and I've modified the first bit as it's not really "mymail-") was used when I signed up with O2.

I don't use it for anything else.

So if Carphone Warehouse are sending me emails to this address, it means that either a) I've given Carphone Warehouse my details using my O2 address (I haven't), or b) that O2 have passed/sold my details to a third party.

To be fair, it's probably hidden in the small print, but it's not cool. Who here likes receiving cold calls and junk email?

No, didn't think so.

So I complained on Twitter:

And got a reply, which started a conversation:

I'm not sure why me being a PAYG or Pay Monthly customer matters, or why recently upgrading would make a difference. I'm going to give the O2 Twitter operator the benefit of the doubt here. It's possible he/she doesn't know that the data is passed on.

But the reality is that somehow Carphone Warehouse have an address that should only exist in O2's customer database.

The last message I received today from O2 was:

That I will. And update this post.

Of course, if the data hasn't been intentionally passed to a third party, then there is always the possibility that O2 have experienced a data breach... (I don't honestly expect this to be the case).

Perhaps someone from O2 would like to clarify how Carphone Warehouse know the private address that only O2 and I know, unless the data is passed on?

Remember, O2, actions that result in your customers getting cold called and spammed is BAD.

And Carphone Warehouse? No. Not a chance.

*** UPDATE 19th December 2012 ***

Carphone Warehouse continue to spam me:

O2: Please make this stop. I have sent a STOP message and forwarded the text to the O2 spam reporting number.