Autoresponder Gets Hacked

Aweber AutoresponderA key component of building a subscriber list is an autoresponder. Autoresponders provide several services to automate the entire process by:

  • Providing code for the sign in or opt in form and many offer templates to make the opt in form look better and improve conversions.
  • Providing a double opt in process to ensure that people don’t get on your lists by accident.
  • Providing a system of follow up emails that can be scheduled for delivery in a manner of your choice.
  • Providing a way to send a broadcast email other than the scheduled follow up emails. Many offer a way to automate a broadcast email announcing new blog posts.
  • Providing a system whereby subscribers can update their own contact information or unsubscribe without intervention on your part.
  • Providing tracking information and reports to assist in improving your email marketing strategy.

One of the most popular autoresponder services and the one I use the most is Aweber. Sometime over the past week or so, Aweber’s system was hacked. Interestingly enough, I first heard about it from Darren Rowse at on December 20, not from Aweber themselves.

Darren suspected that something was fishy when he saw an increase in unsubscribers who complained that they were getting spam email to an email address that they only used for his emails. (As an aside, those unsubscribers have a right to be perturbed at the spam email, but not to blame Darren. He’s the last person who would compromise someone’s email! Their loss.)

One thing about Internet problems, the word spreads like wildfire. Rumors were going around on the social networks that Aweber had been breached. Darren was careful on his blog not to jump to any conclusions, but rather stated his intention to contact Aweber and report back. He even sat on the story for 18 hours hoping to get a response to post.

Shortly after posting the blog, Aweber finally did contact him and he updated his blog post with “They’re not ready to make a public statement on this but are happy for me to pass on that they’re aware of it and are “doing extensive investigations into any possible issues.”

I received notice of the problem today from Aweber that there was a security flaw in a third party application they were using. They also said that only emails were taken by the spammers and no other personal data was stolen. I immediately sent a notice to my subscribers about the situation.

Like ProBlogger, I had to think about how I felt about a company sitting on serious information involving its customers and not apologizing until they were called on the carpet for not doing so. I’m going to give them a pass on this one. I’m convinced that they were waiting to have complete information before making a public statement. The breach wasn’t as serious as it might have been and they have taken steps to avoid a repeat problem.

In the end, Aweber has a great service and continue to make enhancements to make it even better. I can make two recommendations — if you need an autoresponder, give Aweber a test drive and if you have been receiving an increase in pharmaceutical spam, don’t unsubscribe for that reason alone.

I would be interested in your take on this. Would you take your autoresponder business elsewhere?

Christine Cobb

Christine Cobb

is a web technology consultant, a small business online marketing consultant and provides information for new bloggers and affiliate marketers.
Christine Cobb
  • Samuel says:

    Got to read more of you 🙂

  • Rolf Ringlein says:

    I found this post to be very interesting. I have went through and read many of your posts. They are fantastic!

  • >