Lubricant manufacturer Astroglide suffered a breach in security that caused the personal data of more than 250,000 customers to be made public. Customers who ordered Astroglide products through the Web between 2003 and 2007 may have had their names, email, and shipping addresses published in Google cache pages. According to reports, no credit card or other financial information was exposed.
Dennis Paradise, CEO of Paradise Marketing, the exclusive distributor of Astroglide, told AVN Novelty Business magazine the glitch had nothing to do with his company.
“I’m sure it’s nothing that was intentional on [Astroglide’s] part,” Paradise said. “I’m certainly as concerned as anyone else is about this, but I don’t have any information because it didn’t happen at Paradise Marketing; it happened at Biofilm.”
Biofilm Inc. , the privately held company that manufactures Astroglide, has taken action to protect the identity of consumers requesting samples from the company’s website. Lisa O’Carroll, vice president of sales and marketing for Astroglide, was made aware of the problem on April 12 and issued the following statement:
“We received a call from someone who had looked up his own name on Google and found, among other entries, his request for an Astroglide sample. We immediately investigated and discovered that this was limited to Google. Text files were not available on Yahoo! or other search engines. Although this was clearly a Google issue, Astroglide didn’t want to waste any time fixing the problem in order to protect the security of our customer files. We have never sold nor shared any of our database information, and we don’t even re-contact people. Although what transpired was beyond our control, Astroglide has always made the security of our Internet customers our top priority, and we deeply regret this unique and unfortunate occurrence.”
Matthew Eckmann, webmaster for Astroglide.com, said he fielded approximately one dozen consumer queries concerning the leak, and discovered Astroglide’s text files were appearing in Google search results. He removed all compromised files from the Astroglide website and organized the site’s directories so that people clicking on the Google would be delivered to the standard “page not found” browser-error message. In addition, all files web server files containing consumer data were moved to a new, secure location. Finally, using Google’s recommended protocols, all cached files were removed.
“The difficulty is there is no live Google support for their free services,” Eckmann told ANB. “With the absence of someone at Google to give us an estimate of how many files were affected, we had to figure it out unilaterally. We were able to do so quickly and have put the Google correction procedures into place.”
Eckmann also followed Google’s online instructions to create and install Google-specific index parameters in both text and XML in order to inform the search engine’s spiders which pages may be indexed and which are off limits.
According to Eckmann, Biofilm has updated internal long- and short-term protections in order to prevent a recurrence of the situation. Although Biofilm assured the public that all personal information has been removed and the situation has been remedied, Astroglide has removed the sample request form from its website until further notice.
