Leaked, sold, or hacked?

One of the things I do (inconsistently) when signing up for things online is to use an email alias specific to the customer I’m signing up to. The theory is that if that email address ever got leaked to spammers, I’d know who leaked it. If you own a domain name, it’s easy to do, assuming that the default is for all addresses go to you.

The down side of this is all the spammers who make up From addresses to send out their junk from, leaving you with the bounces.

Anyway, in the years I’ve been doing this, verifiable leaks to actual spammers and scammers have been pretty rare. In fact I can’t remember any. I can recall some who have handed the email address over to other, known, companies. Not what you want, but at least they hadn’t gone to someone who ended up bombarding me with emails for Viagra and scams for competitions.

Until now.

BigW PhotosIn June I signed up for a Big W photos account. The plan was to upload photos into it, then order prints and go collect them from my favourite Big W. Ideally you could do it through Flickr or Google Picasaweb or one of those, but their printing is limited to North America. So I thought I’d try the local guys.

The catch was when I eventually got around to trying to upload pictures to it, it didn’t work. Maybe I’ll try it again soon. Maybe.

The email alias used? bigw.

In the last couple of days I’ve received two scam emails delivered to that address, one reckoning I might win a Sony Wega TV, the other a MacBook air, and asking me to click onto a web site to enter their competition.

I’ve got no intention of clicking through, of course. I’m sure all they want to do is verify the email address exists, and that there are no magical prizes waiting for me at the end of the rainbow. Just more spam.

I obviously haven’t used my bigw email alias for anything else — that would defeat the purpose of doing it. And I’m pretty sure I haven’t signed up for any other Big W online services.

Without jumping to too many conclusions, there are few possibilities that spring to mind.

  • Big W (or their supplier, FujiColour) may have sold on the address to a dodgy operator — unlikely I reckon, given these are major corporations we’re talking about; why would they bother sullying their reputation like that?;
  • or it was leaked by someone there;
  • or their system is so insecure that someone hacked in and grabbed it.

It makes me glad my photo uploads didn’t work and that I never fed my credit card number into it.

By Daniel Bowen

Transport blogger / campaigner and spokesperson for the Public Transport Users Association / professional geek.
Bunurong land, Melbourne, Australia.
Opinions on this blog are all mine.

10 replies on “Leaked, sold, or hacked?”

If you still want to print up photos online I have been using (through Hewlett Packard) for a while and it’s pretty good, although I’m not sure the spam issue because I get so much spam and have no idea where it comes from.


I tried to use Big W online and also had trouble uploading pictures. Like Kate, I’ve used snapfish with success – made some lovely calenders for Xmas presents last year which looked very spiffy & professional.

As far as your speculation as to how spammers got hold of your email address – I think hacking is the most likely, and there is always the possibility that it may be *your* system which is insecure. Worth checking for spyware may be recording your keystrokes.

I have checked the BigW privacy policy and just noticed this:
“The Company collects the names, contact details and user information it requires for the following purposes: … – Sending you information on products and services of our select business partners that we think may be of interest to you (if by email, only where appropriate or where you have opted in).”
So quite possible that your details have been deliberately passed on by Big W.

Thanks, I’ll try out snapfish.

Possible, but I think still unlikely. These are not emails from legitimate companies, as I’ve seen in the past from other signups. They’re scam emails (a third arrived this morning), claiming I’ve entered a competition, which I haven’t, wanting me to click through and verify my email to win a prize, and with dodgy email From addresses and URLs quoted. These kind of promoters don’t buy email addresses, they just steal/harvest them from wherever they can.

Scammers send emails to random email addresses, and bigw is very small and easy to generate- small emails generally mean more spam. I’ve used lots of photo printers, I had no problem with Big W I must say.

Some seriously intelligent planning Daniel. Personally, I rarely use my credit card. I don’t want my bank to get all fidgety and I certain don’t want any Personal Information falling in the wrong hands.

ANNOUNCEMENT: Mr Nick is changing his blog name to PlatiNumEuro

I do not trust credit cards, they are all dodgy, designed to suck money out of people, and can fall into the hands of dodgy people. A recipe for spam and debt, which is why the world economy is in a credit crunch. What happened to the good old days of just paying in cash?

The free Mailinator service allows you to coin an address at will — e.g. It creates that address when mail arrives, and makes the inbox publicly available. It’s ideal for one-off registration addresses that you never plan to use again.

Yep, know about that — the other one to check is But for this kind of thing, it’s not a once-off registration address; it’s a logon account for storing and paying for prints of your photos.

Comments are closed.