Astroglide data breach exposes customer information

Homeland Stupidity Exclusive
By Michael Hampton

Posted: April 21, 2007 9:41 am

If you’ve ever tried Astroglide, you know it’s some of the slipperiest stuff ever made. I could tell you stories, but that sort of story isn’t appropriate on a site where children might be reading. Instead, I’ll tell you another story, a story about people who use Astroglide.

Astroglide suffered a data breach this week. People who ordered the company’s products from their Web site from 2003 to the present may have had their names and email and shipping addresses published on the Internet.

The breach exposed information for as many as tens of thousands of Astroglide customers. The data was broken down by product and date and much of it is still available in Google’s cache. It’s not known at this time how long the information, which consisted primarily of Microsoft Excel spreadsheets and CSV formatted text files, was published online.

No credit card or other financial information was exposed.

Biofilm, Inc., was notified of the breach on Wednesday, and the company pulled most of the data from their Web site and placed a robots.txt file to cause search engines to (eventually) remove their cached copies of the personal data.

The breach was discovered when a person who had ordered a free sample of Astroglide searched for his own name in Google and found the Astroglide record of his request. The person notified Astroglide, and the company then removed most of the data and modified its robots.txt file to prevent search engines from storing such data files in the future.

Company officials have not made a public statement or released an exact count of the number of customer records affected and I have been unable to reach anyone at the company who would speak on the record about the breach.

This is important because aside from the thousands of records remaining in Google’s cache, a spreadsheet containing 4,529 records of people who ordered the company’s Silken Secret vaginal moisturizer product remains on Astroglide’s web site, available for download by anyone. Out of these records, 4,055 were identified as female, 472 identified as male, and two had no gender listed.

(1 votes, average: 5.00 out of 5)

Loading ...

16 Trackbacks/Pingbacks

Chronicles of Dissent
April 21, 2007 10:53 am
Chronicles of Dissent
April 21, 2007 12:32 pm
Astroglide tries to plug 260,000 customer data leak - Homeland Stupidity
April 23, 2007 8:13 pm
Boing Boing
April 23, 2007 10:23 pm
Sex lube data breach exposes thousands of personal records · GOLIWOG
April 24, 2007 12:21 am
Junkiness » Blog Archive » Thank God I Use KY
April 24, 2007 6:48 am
Astroglide suffers data breach - this ought to be interesting | TechWag
April 24, 2007 8:51 am
furiousBlog - in my diatribe » the warm glow of cooking tubes
April 24, 2007 10:15 am
Consumerist
April 24, 2007 2:08 pm
PBriscoe.com » Blog Archive » Lube Records Slip into Wrong Hands
April 24, 2007 3:17 pm
Digital Identity
April 25, 2007 1:07 am
Astroglide denies responsibility for customer information slip - Homeland Stupidity
April 25, 2007 11:18 pm
Chronicles of Dissent
April 29, 2007 11:01 am
craschworks » Blog Archive » links for 2007-05-01
May 1, 2007 6:21 am
Life After Coffee » Astroglide leak
May 31, 2007 9:09 pm
Top 10 Worst Privacy Breaches of 2007
December 19, 2007 3:10 pm

8 Comments

BelchSpeak | April 23, 2007 12:23 pm

Pretty funny story. Do you have a link to the original news source? And its not a “breach” as much as a lack of built-in security. Breach implies that someone broke the security. Exposure would be a more apt description.

And as a reminder, don’t ever put your personal information into a web form unless you are certain that it is encrypted.
Michael Hampton | April 23, 2007 12:51 pm

You’re reading the original news source.
Fixer | April 23, 2007 1:52 pm

Finally, an opportunity to ferret out those godless sodomites! With this information, the Westboro Baptist Chuch can now protest outside the homes of the fornicators God hates so much. Astroglide is truly doing the Lord’s work here.
Michael Hampton | April 24, 2007 12:14 am

Boing Boing readers, welcome! And see also Monday’s update of this story.
Danielle | April 24, 2007 12:30 pm

I believe you were going by the fatwallet post here, or at least a copy of it over at Slickdeals. I was the first one to find this and link to the files publicly. In that case, though, you should know that my name is a woman’s name. So “his own name” is incorrect.

You should also know the files were removed prior to my posting, so AstroGlide did not do this in response to any public matter. I carefully searched for a record of someone else noticing this before making my post.
0x000000 | April 30, 2007 10:04 am

Well, their problems aren’t over yet. I found some other vulnerabilities in their domain. Among a few SQL injection points which allow me to authenticate as administrator. I contact them about this and give them some time to fix it before I disclose it.

They sure need to fix their security issues.
Huh? | May 4, 2007 4:01 pm

So you are saying that sodomy and fornication are cool with you as long as you don’t use a lubricant? Regardless, please stay out of the bedrooms of others…or perhaps you know this because you are a peeping tom?
banal user | June 4, 2007 7:26 pm

just for the record.. i use astroglide as umm.. hair gel. definitely not anything icky like sex with humans or otherwise.