Accusing them of being “scumbag business practices”, Anonymous claims to have leaked the customer database of Relead.com, a service that helps websites convert anonymous visitors into actual sales leads by examining their IP information.
According to the company, Relead.com can “track exactly who is visiting your website, and how valuable or interested they are in your business.”
From the way the program is explained on the company’s domain, the entire process starts by locating the owner of a given IP address. Usually, this resolves down to the company level and not to a personal level.
However, someone associating with Anonymous has decided that it was unfair for Relead.com to unmask anonymous Internet users, and considered them hypocritical for doing so while refusing to release the names of their customers.
“While Relead is happy to help their customers harass visitors who have not created an account on whatever site they are helping monitor, have not voluntarily provided any information to the site in question for marketing purposes or in fact given any permission to have their privacy invaded so crassly, they are oddly reticent about who their customers are,” a statement with the leaked customer records says in part.
“Who is paying Relead to help them snoop on their unsuspecting website visitors? Who is willing to provide cash to a company that is essentially taking the NSA surveillance program as a business model? We wondered the same thing, so we decided to find out.”
When asked how the list of customers was obtained, one Anon told SecurityWeek that the process was trivial, noting that Relead.com kept their database easily accessible and without authentication. “Shady site, even shadier security practices,” they added.
The customer list is composed of names and email addresses, including one website known for stealing security-based news and claiming it as their own. Another standout address was F-Secure’s Mikko Hypponen, who said he used the service to see how much they could tell about a typical website’s anonymous user – in his words Relead.com “saw almost nothing.”
Other clients from the list include Willmott Dixon (one of the UK’s largest privately-owned capital works, regeneration and support service companies); DeskTime.com (a productivity tracking software firm); Elliott Young (a brand management firm in the U.K.); in addition to a few software firms. Most of the list is comprised of Gmail or Hotmail addresses, and there are no real notable clients listed – at least nothing that stands out after a quick glance.
In interviews with Forbes, some clients who were listed in the leak say there is some value in what Rlead.com does, and don’t see the B2B relationship as a bad thing when attempting to transition anonymous visits into legit sales leads.
Still, one customer confirmed Mikko’s assessment–there isn’t anything Relead.com is offering that IP logs don’t show.
“I personally think people should be reassured – even with vast sums of money on the table, the absolute best we can do for business contacts is identify the company. For individuals, almost no data is available,” stated William Gogan, one of the customers on the leaked list in an interview with Forbes.
SecurityWeek has reached out to Relead.com for comment. We’ll update this story if they respond.