By George Bilbrey
Gmail has a bug that exposes your Gmail account address book if: (1) you have Gmail open; (2) you (like me) run Firefox and (3) you visit a malicious website site that runs a script calling for the address book. I haven’t been able to confirm whether this has been fixed. You can read a better description of the problem here.
I’d be willing to bet that the “blackhats” found this hole a while ago and have harvested quite a few addresses. There is a ready market for “hacked” email lists – and here comes more supply.
Because it is so easy for the really bad guys to get good quality lists (not just through harvesting addresses from websites and directory harvest attacks), ISPs are relying even more on complaints as a major driver of reputation. List quality metrics, like unknown user rates and spam traps, don’t mean as much for hacked lists … but when a subscriber complains, it is a sure sign of trouble.
If you use Gmail, be careful until the bug is confimed as fixed.