I don’t think I ever wrote about this, but I meant to. I used to have an Ameritrade account. When I signed up I created a new email alias specifically for Ameritrade (“firstname.lastname@example.org”), and I didn’t use it for anything else. Maybe a year later I started noticing that I was receiving spam on that email address. So I created a new, insanely random email alias and changed my Ameritrade account to use that. Less than a month later I noticed spam being sent to the new address. So I filled out a feedback form on their web site and said something along the lines of:
I found that totally unacceptable. A large institution in control of a chunk of my money has no idea how my email address could have been stolen? There’s no excuse for that. So I canceled my account and switched to using optionsXpress. That was in January. Today I stumbled upon two news articles about hackers stealing account info from Ameritrade. Article 1 and article 2. Ameritrade disclosed the breach in mid September. The second article suggests that it had been happening since January 2006. WTF? It took them 20 months to discover and disclose the fact that information about 6.3 million user accounts had been stolen? Holy shit, how do you screw something up that badly?