82

I received a strange mail from a well-known SE user with the following body two days ago:

HALLO EVERYONE. I am writing to you from Kenya. I have recently come into contact with a great bunches of Viagras -- roughly 15,395.5 bottles worths! That's FIFTEEN THREE NINE FIVE and a half bottles. They're stuck in the customs. These Viagras have a NET VALUE of 15,395,500. I need to wire you the money, so you can wire the money to Customs. Then Customs will the money back to me and release the bottles. My agent PRINCE DAGAFOGU will then pick up the bottles and sell them. For your help you will be granted $752,495.41. Can you help me? We have only until 6 hours!

Sincerely thank you.

(a blank image)

King Tutencut Dagafogu

The key point is that the email had 110+ CC recipients. Among them, I can recognize quite a few high-profile users, including ♦ moderators and many more.

I received this mail from an address that was not intended to be public, so I am wondering how this mail came to my inbox, and why there are so many CC recipients. Also, is it spam or something legitimate (it looks quite spammy)?

Improve this question
6
  • 10
    Also we all know real scammers put '$' at the end of numbers. *These Viagras have a NET VALUE of 15,395,500$*
    – user7886229
    Commented Jan 11, 2019 at 20:39
  • 3
    Related: meta.stackoverflow.com/q/379804/560648 (another recent data breach)
    – Lightness Races in Orbit
    Commented Feb 7, 2019 at 17:42
  • 6
    User who did it admitted it publicly.
    – Sonic the Anonymous Hedgehog
    Commented Jun 22, 2023 at 1:09
  • @SonictheAnonymousHedgehog Your link doesn't seem to point to the right place, or I'm missing some crucial context.
    – tripleee
    Commented Aug 26, 2023 at 18:28
  • @tripleee It most definitely is the right link. The same user also posted a deleted answer here. Also, pair the text A few minutes later, he apologized for this mistake, promising to send everyone a dollar if this would lead to spam. in Glorfindel's answer here with the text in the comment There was an explicit settlement offer made to send out money if anyone was spammed at that I [sic] address. [...] I was glad to do the dirty work and oblige.
    – Sonic the Anonymous Hedgehog
    Commented Aug 26, 2023 at 18:50
  • Ah, I see now. Thanks for the clarification.
    – tripleee
    Commented Aug 26, 2023 at 19:41

2 Answers 2

Reset to default
101

That's on me, and I'm really sorry about this! As Glorfindel explained, I accidentally CC'd everyone entitled to a watch from this contest, instead of BCC'ing... :\ One of the recipients then sent the message you quoted to everybody.

Right before that email you mention, you should have one from me, apologizing for this mistake and making everyone aware of it — I properly BCC'd everyone on that one!

We're looking at what systems we can use for similar situations in the future, so as to avoid emails like these having to be sent manually from our personal inboxes, which is much more prone to errors like these happening.

Also, the most ironic bit is that I was about to send everyone the email directly from Google Forms' builtin function to do so, but decided against it last minute because I wasn't sure the addresses would be BCC'd, and from GMail I could make sure that was the case... :|

Improve this answer
5
  • Comments are not for extended discussion; this conversation has been moved to chat.
    – JNat StaffMod
    Commented Feb 18, 2019 at 18:56
  • 1
    If any of those users are EU citizens (which you should know from their postal address), GDPR requires you to have notified the relevant authorities of this breach within 72 hours. Did you?
    – OrangeDog
    Commented Sep 11, 2019 at 9:45
  • 9
    Sorry for the delay in getting back to you, @OrangeDog: our legal team reviewed what occurred and determined that the circumstances do not require reporting because no sensitive information was disclosed. Only a very small group of user email addresses were seen by other users and we notified those users. We have processes to ensure this does not occur again, such as using a delay on email sends to ensure BCC is used in the future.
    – JNat StaffMod
    Commented Sep 24, 2019 at 8:02
  • 14
    The transparency and acceptance of accountability here is in welcome and marked contrast to most of the recent interactions SE (the company) has had with the community. I appreciate it greatly.
    – Zev Spitz
    Commented Oct 3, 2019 at 10:54
  • 1
    This is so funny, xD I love the juxtaposition of serious annoyance and King Tutencut Dagafogu's "HALLO EVERYONE"! (It's the accent, I think) xD
    – n00dles
    Commented Sep 23, 2023 at 16:58
59

It turns out a Stack Exchange employee accidentally sent an e-mail, related to this contest, without putting the 110+ recipients in the BCC as required by data protection regulations. Therefore, all recipients could see each other's email addresses. A few minutes later, he apologized for this mistake, promising to send everyone a dollar if this would lead to spam.

One of the recipients thought it was funny to write up a spam message and send it to all other recipients (including me, that's how I know of it). This isn't really my type of humour, but I get where it's coming from. Please just ignore and move on.

Improve this answer
3
  • 1
    I also replied (singularly, not in bulk) to the people replying in jokes on the thread for them to stop contacting me. Which they respected.
    – user310756
    Commented Feb 18, 2019 at 19:01
  • 18
    Did everyone get a dollar?
    – user474678
    Commented Oct 22, 2019 at 21:20
  • 1
    @user474678 A year and a half later and no dollar received for me. :(
    – reirab
    Commented Jul 6, 2020 at 3:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .