Way back in late November/December last year, I took part in reddit’s /r/secretsanta. I found it was pretty cool, to (hopefully) get a random gift based on my barren, lurking reddit account, though a small search would reveal a lot more about me.
Anyway, after Ashwin’s feedback(“my santa didn’t send anything. I was reassigned. second santa also nothing. #foreveralone”) I didn’t expect anything. A month or so later, however, my secret santa confirmed shipment of the gift. And I received it couple of days later.
This is what my /r/secretsanta sent me (at Borg Cube) [pic] — path.com/p/2oFaso
— Sathya (@SathyaBhat) December 26, 2011
Sweet! What I didn’t realize, till couple of weeks ago, was that the folks at /r/secretsanta were trying set a Guinness World Record for “the largest online secret santa game” and were successful at that! So that made me a Guinness World Record holder too! Woohoo!
Soon enough, I put forward an order for my Guinness World Record certificate and things were all set. Or so I thought. Couple of days ago, I received an email from Guinness stating that due to high volume of orders, the shipment would be delayed by another couple of weeks. That was fine, but then the person who sent the email did the biggest goof up ever. The person put the email address of about 1,072 people in the “To” field. Not even the cc, the frigging “To” field.
Here’s how it looked like
Naturally, I wasn’t too pleased
The morons at Guinness World Records just sent an email to all reddit secret santa participants with email address in To field. WTF?
— Sathya (@SathyaBhat) September 4, 2012
and neither were the reddit folks. Kicker was the contents of the email, with a disclaimer stating:
The contents of this e-mail from Guinness World Records Limited are confidential and intended for the addressee only.
If you are not the intended recipient you must not copy or further distribute this e-mail, and delete this message from your computer system.
Marco Frugatti, SVP Records, however did send an email apologizing the data breach
I am writing to you from the Guinness World Records Management Team regarding our company’s recent breach in relation to email data for a group of our record-holders for Largest online secret Santa game.
I can confirm that this breach was a human error by one of our own staff. Naturally, we take this matter extremely seriously and are conducting a formal investigation to ensure an event like this never happens again. I would like to offer you our unreserved apologies for this situation and any inconvenience it has caused.
However, I fear that this breach will have even more serious repercussions, given how lax people are with passwords. Good thing is that Guinness owned up to the mistake and have confirmed that they have initiated refunds for the payment of certificates. Time will tell who’ll be hit more – Guinness or the individuals in the email. My bet is on the latter.