Astroglide data breach exposes customer information

April 21, 2007 9:41 am

By Michael Hampton

If you’ve ever tried Astroglide, you know it’s some of the slipperiest stuff ever made. I could tell you stories, but that sort of story isn’t appropriate on a site where children might be reading. Instead, I’ll tell you another story, a story about people who use Astroglide.

Astroglide suffered a data breach this week. People who ordered the company’s products from their Web site from 2003 to the present may have had their names and email and shipping addresses published on the Internet.

The breach exposed information for as many as tens of thousands of Astroglide customers. The data was broken down by product and date and much of it is still available in Google’s cache. It’s not known at this time how long the information, which consisted primarily of Microsoft Excel spreadsheets and CSV formatted text files, was published online.

No credit card or other financial information was exposed.

Biofilm, Inc., was notified of the breach on Wednesday, and the company pulled most of the data from their Web site and placed a robots.txt file to cause search engines to (eventually) remove their cached copies of the personal data.

The breach was discovered when a person who had ordered a free sample of Astroglide searched for his own name in Google and found the Astroglide record of his request. The person notified Astroglide, and the company then removed most of the data and modified its robots.txt file to prevent search engines from storing such data files in the future.

Company officials have not made a public statement or released an exact count of the number of customer records affected and I have been unable to reach anyone at the company who would speak on the record about the breach.

This is important because aside from the thousands of records remaining in Google’s cache, a spreadsheet containing 4,529 records of people who ordered the company’s Silken Secret vaginal moisturizer product remains on Astroglide’s web site, available for download by anyone. Out of these records, 4,055 were identified as female, 472 identified as male, and two had no gender listed.

main page ATTRITION feedback