# Spam List

# Problem description

Your email address and possibly other personal data related to it has been stolen or accidentally exposed, and it has been collected into a list used by spammers (online unsolicited marketers). Usually this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.

A spam list is a special category of data breaches. A spam list usually contains much of the similar personal information as a data breach, but it does not include your passwords.

Along with your email address, a spam list may include personal information such as home addresses or phone numbers, depending what information you have given to the service and what has been exposed. Spam lists can be published online or sold and used to send unsolicited marketing emails or scams on behalf of unsuspecting victims, either targeting you or making the spam emails look like they originate from you.

Information about these kinds of spam lists along with exposed email addresses are collected by a widely-publicized and credible data breach and spam list reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the spam list incidents collected by them at Have I Been Pwned and spam lists of personal information (opens new window).

# Suggestions for repair

Since your email address and possibly other personal information has already been exposed, the most important thing is to stay calm. In many cases the information has leaked already a long time ago, and you cannot unfortunately change the fact that it has happened. Often, the company or organization from where your data got stolen might have already sent you a notification email about the incident, telling you which personal information was exposed. What you can do is be mindful of your personal data in the future and consider where you provide it.

# Protecting against future incidents

Treat your personal information online like money – you need to have a good reason to give it away. Support efforts to increase consumer privacy rights, be it on a political or voluntary level. Favour companies who demonstrate they care about your privacy. Having an easy-to-understand privacy policy that explains how your personal information is handled and protected is one good sign. (Here is Badrap's privacy policy.)

Many of you have heard of the EU's General Data Protection Regulation (GDPR) - it is one step towards better privacy online, with increased security against personal data breaches. You need to also consider why and where you are submitting your personal information such as home address or phone number, and what are the potential risks if such data becomes exposed and published.