Sony admits email privacy breach

Inherited InfoBeat bug was buried in banner ad

Entertainment corporation Sony admitted Monday that its Internet newsletter service InfoBeat has been forwarding email addresses of readers who have asked for their details to be kept secret.

The newsletter, which has over 2.5 million subscribers, automatically sent email information to advertisers of those users who clicked on their banner ads. The flaw was discovered by US-based computer security expert Richard Smith, who examined the data sent from his computer when he received the InfoBeat newsletter in September.

Sony said the bug was inherited from the creators of InfoBeat, which it acquired in January and promised to cease the practice last Friday. An InfoBeat spokeswoman reportedly admitted that the emails were being sent out. "After about a week of back and forth I was told that there is indeed a problem, which was blamed on the outdated server software used to mail the InfoBeat newsletter," the spokeswoman said in a report published by the Wall Street Journal.

For Yaman Akdeniz of Internet privacy group CyberRights & CyberLiberties, however, this is no excuse. "An apology is not good enough," he said. "A software flaw is no excuse for this sort of thing. It shows the difference in attitudes towards data protection between the US and Europe. In fact, the European Union is not very happy about the flow of data towards the US."

According to Akdeniz, however, boycotting American companies is not the answer. "There is no redress mechanism, but it wouldn't be a good idea not to use US sites at all. The only way forward is to pass legislation to stop this happening."

This revelation comes just a week after it was discovered that the RealJukebox player was sending a range of personal information back to RealNetworks, which makes the software.

Take me to Hackers

They can see you... Read about how and why in Surveillance , a ZDNet News Special