Helping people with computers... one answer at a time.

The Ask Leo! newsletter subscriber list was stolen by criminals. I discuss the situation and what, if anything, can or should be done.

I hope you know that I do not, and will not, sell your subscribed email address to anyone. Period. I use it only for the newsletter. (The only exception might be if the day comes that I sell Ask Leo! in its entirety - but that's not happening any time soon.)

I do not sell or rent your email addresses to anyone. It's part of the trust I know you place in me when you sign up for my newsletters.

Unfortunately, spammers and organized crime don't care about trust, and don't play by the same rules. They will do anything illegal, immoral or unethical they can in order to fill your email inbox with spam.

Over the weekend of October 16 & 17, 2010 they did just that.

We got hacked.

That's you and I, my friends.

I'm very sorry to report that the email service provider I use for my newsletters, Aweber - in my opinion the best in the industry - was hacked into by exactly those criminal elements, and the subscriber list for my newsletter and many others were stolen.

I know I've been getting a lot more spam on my subscription email address, and I expect you are too.

I apologize for that.


Many people's knee-jerk reaction is to say "change list providers!", particularly when they learn this was the second such breach in the last 12 months.

After thinking about it deeply, and even asking a few friends "are there better alternatives?", I'm electing to remain with Aweber.

I happen know Aweber's CEO personally - and while many of you may believe that may bias my judgment, my position is that it also gives me a unique perspective on the ethics and culture behind the company, the industry and a certain insight into how seriously they take this issue.

They, and I, take this very seriously.

The fact is that we're waging a war with spammers. All email service providers - all of them - are under constant attack from people attempting to steal the subscriber lists that they manage. I would be shocked if there was a single provider that had not suffered some kind of compromise in this battle.

Aweber, being the industry leader, is of course the biggest target.

There was no answer to "are there better alternatives?". Aweber has been, and remains, the best in my opinion and in the opinion of several people that I trust.

One of those people is my good friend Randy Cassingham of This is True. He was also impacted by this, and he wrote up an excellent overview of his position on it. His thoughts so closely match my own that rather than repeating everything he said I'll simply point you to his write up: This is True List Break-in.

You can also read Aweber's own statement on the break-in: Email Subscriber Data Accessed; What We're Doing About It.

The Practical Impact on You

Since all they got was an email address, the only thing that'll happen is that you'll see spam on it where you may not have before.

If you're using a disposable email address for your subscriptions, you might consider changing your subscription to a new address. You can do that yourself with the link at the bottom of every issue or by following the instructions here: How do I change the email address on which I get your newsletter?

And again, I'm sorry that this happened at all.

As Randy so clearly put it on his page: you and I are "collateral damage" in this battle in the war with spammers.

Leo A. Notenboom

Article C4504 - October 24, 2010 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Patricia Barlow
October 26, 2010 12:48 PM

Thank you for the honest info....Yes, I do appreciate and use the word HONEST, when I truly believe that one is doing the best they can.
I'll continue to subscribe and read your great Newsletters. Thanks for all the very helpful and information continually helpful info.

John Richardson
October 26, 2010 3:37 PM

All I can tell you is that I use a bought program called MailWasher Pro. You crank it up FIRST! It ONLY gives you a list of the subject lines and who it is from along with a few other benign pieces of info. It's also a learning program of sorts. Check out their free version first, so that you can get a feel for how it works. I've been a very satisfied customer for a number of years. And no, I have no affiliation or stock in their company or connection in any way. It's just one of those rare moments where I've landed on something that actually works. What a concept!

October 26, 2010 3:51 PM

Was the article Maintaining XP: Progress and Partitions from you? Or from the scammers?

That was from me. :-)

Vikas Ajit Medhekar
October 26, 2010 10:18 PM

Thank you for informing us. We appreciate your honest.

I don't care if spams enter in my inbox, because you might not knowing that it is already full of spams!!

Carlos Coquet
November 1, 2010 5:54 AM

If Microsoft put its resources to "solve the spam" problem INSTEAD of wasting human hours tinkering with Windows to give the illusion of progress, then we would not have this problem. YEARS ago Bill Gates predicted the spam problem would be solved in 2 years time !

Carlos Coquet
November 2, 2010 11:59 AM

Incidentally, having my own Web site, I am in total control of its eMail addresses and it is for this very same reason that I use unique eMail address for almost everything. Your newsletter comes to an eMail address I used specifically for it. This is why I detected this problem months ago and, at the time, you responded that Aweber had been hacked. Apparently, their security is way South of secure. This seems to be the third time (that we know of) they get broken into.
I will let you know what spam I get with your newsletter's eMail address. From that, it should be possible to work backwards and find the perpetrators. The spam should indicate who uses them and authorities should be able to get some information from the beneficiaries of the spam.

Actually their security is extraordinary. I appreciate that they admit being hacked when other services more than likely do not (even though it's known to happened). They do know who is responsible. It's overseas and makes punative action extremely difficult.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.