The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, April 12, 2007

Ameritrade does it again — more email addresses leaked

Last July, I wrote an article about how Ameritrade had either sold or leaked (probably leaked) customer email addresses to spammers.

Well, it looks like they did it again. Multiple correspondants have informed me that tagged addresses given to Ameritrade have received pump-n-dump spam within the last few days.

It should be interesting to hear what, if anything, Ameritrade has to say about this latest incident.


Anonymous Anonymous said...


Thank you for confirming this. Last november, I had been receiving spam on my ameritrade email address. When it was compromised, I changed it to once containing a long string of random letters and numbers, thereby ruling out the possibility of a brute force search.

Yesterday, I received my first spam email on this account. There is no other viable explanation than that Ameritrade, knowingly or unknowingly, divulged the information.

4:51 AM  
Anonymous Anonymous said...

Hi : Late last year, I began getting stock spam on all of the unique, known only to me and Ameritrade email addresses, so I immediately changed the addresses given to Ameritrade with new ones. Less than one week later, it began again. I changed the addresses again to something even harder to guess and wrote "not nice" emails to Ameritrade customer service letting them know that they "do not under any circumstances have my permission to share my contact information with anyone". This seemed to get their attention, and the emails were clean for about six months, when today, it started again at both addresses they have for me, the same day, from the same spammers. They either have security like a screen door in their data center, or a significant lack of business ethics. I'm done. My accounts will go elsewhere, never to return.

6:49 AM  
Blogger pfstock said...

Yes, it has happened yet again! A couple days ago, I started receiving spam at both my Ameritrade and Waterhouse Email addresses. The Waterhouse address has never before been compromised. This is now the fourth time that it has happened with Ameritrade!

I've heard from other bloggers who are experiencing the same issue. Another one seems frustrated enough that he will also move his money out of Ameritrade as a result.

7:46 AM  
Anonymous Anonymous said...

Same thing happened to me. I was receiving spam on a unique non-guessable address I had given the predecessor Datek. After the spam started, I changed it, giving a new unique email address to Ameritrade. Spam to that new address started within about a week of changing it. Patiently, I changed it again, and the spam stopped. That was July 2006. All was well until April 12 2007, when I got a fresh new pump-n-dump spam at this new unique non-guessable address I had given to TD Ameritrade only. Then I got two more on April 13. On April 15 I got 6, and so far today I git 2 more. All pushing the same stock (NWVM). (As an aside, check out the trading volume on NWVM immediately before and after April 12 for a clue on how mny s*ckers are out there. Scary.) I called them for an explanation. I was told that an internal memo was already circulated about this situation, that they are aware of it and are investigating, and I was promised that they would call me back with the result of their investigation. We'll see. I'll giuve them another week. If they don't call back with the solution, the SEC will find out about this.

7:54 AM  
Anonymous Anonymous said...

TD Ameritrade email security problem

It happened to me too - AGAIN. This is the third time the email address I use only with TD Ameritrade just ended up on a penny stock spam list. Either they are selling them, or they have a serious security problem (most likely an inside job).

This can not be explained by a random email address spammer (as Ameritrade told me) because I have a catch-all account that would receive ALL variations sent to my domain name. But I do not get random variations. This stock spam specifically targets the address I gave to TD Ameritrade, and only TD Ameritrade.

Also, the last time I changed my email address, I created three variations (*_TD1*, *_TD2*, and *_TD3*). I gave one to TD, and the other two were control (i.e. I did not give them to anybody). And guess what? The one I gave to TD is getting stock spam, and the other two are not.

I don't know how else you can explain this other than private email addresses are leaking out of TD Ameritrade. And I am furious.

11:53 AM  
Anonymous Anonymous said...

In September 2006 I created a new email address with TD Ameritrade, because my old address had been compromised.

The new address is[my domain name].net

Yesterday I got the first spam sent to this address.

9:21 AM  
Anonymous Anonymous said...

Hey everyone,

I'm the author of the first post. That was from this past April, 2007, shortly after the original blog entry was posted.

Today, I again received spam on the new email account I associated with my Ameritrade account. This is the third time. I've again contacted Ameritrade, and suggested that I might have to switch to another brokerage.

10:39 AM  
Anonymous Anonymous said...

I received the following message from Ameritrade on May 25th, 2007 in response to my complaint a few days earlier:

I apologize for any inconvenience this issue has caused you. We do not give out
your e-mail address. We take our client's privacy and security very seriously,
and do all we can to protect both. We are continuing to investigate the issue of
spam e-mail. In fact, we've expanded the directions in which we're investigating
and have doubled our efforts. This means continually making significant
investments in the security systems, software and procedures that we have in
place to protect those assets.

We are conducting both internal and external investigations, examining both our
systems and working closely with our vendors to examine theirs. Although we
continue to make progress, and continue to work very hard at investigating this
issue, unfortunately we still don't have an update we can share with you at this

We hope you understand that sharing details of exactly what we have learned so
far can compromise the ongoing investigation.

If you haven't lately, you might want to review the Security Center online,
which has details about spam and other topics. You'll find information about the
Asset Protection Guarantee. It protects you if you lose cash or securities from
your account due to unauthorized activity. If that happens, we can guarantee
we'll reimburse you if you work with us in three ways:
1) Keep your account information secure and confidential.
2) Frequently check your account and report any suspicious activity to us
3) Take steps we request if your account is ever compromised.

We understand this is a nuisance and that it's troubling. We thank you for your
cooperation and patience as we get to the bottom of it.

This spam issue has been going on since the Datek days. Ameritrade keeps quiet so as not to scare customers away. Only a tiny fraction of customers are savvy enough and have the time to use unique e-mail addresses to prove Ameritrade is to blame.

4:57 PM  
Blogger Nancy Poh said...

Just for your information, TD Ameritrade not only spam with the email address you provided them, somehow they are able to hacked into my email account to send spams.

I have no dealings with TD Ameritrade, so, I thought that my email service provider security is lax so I have changed my password and yet it happened again. As I have not received a response from the email a/c service provider, it is likely that they are working hand in hand with them, harvesting my contacts to send out spam.

I can see that the spam came from but when I point to that address with my cursor, my email address appears! How did they do that?

7:49 AM  
Anonymous Anonymous said...

My disposable email address was compromised as well and being unique, was most certainly lost by Ameritrade and I've been receiving the spam for months.

The proper thing to do is to cease giving such irresponsible parties your business. What they allowed to happen was easy to prevent and consumers should consider unnacceptable.

9:38 PM  
Anonymous Anonymous said...

Count me as anotehr victim of getting spam from TD Ameritrade at two unique email addresses. When queried this back in May I was told " I just wanted to let you know that I spoke to our tech support group regarding the spam email issues you are having and have also gave them the examples you provided. I was told that this is an issue that a lot of our clients are having but certainly not because we are allowing it to happen. I was told we are definitely not harvesting email addresses and passing them on to spammers. We are actively researching the cause and I can assure you we will do everything we can to eliminate this issue moving forward." Yeah, right!

2:00 AM  
Anonymous Anonymous said...

Leave your details at:

for participation in a lawsuit.

9:20 AM  
Anonymous Anonymous said...

You people are idiots. 99% of the time spammers get it from your machines. Via a virus etc.

9:30 AM  
Anonymous Anonymous said...

> You people are idiots. 99% of the
> time spammers get it from your
> machines. Via a virus etc.

No you're the idiot or you would have gleaned that many of the comments are from people running their own mail servers, so likely aware of the existence of viruses. You might have noticed this post detailing a test specifically constructed to test your "theory":

> Also, the last time I changed my
> email address, I created three
> variations (*_TD1*, *_TD2*, and
> *_TD3*). I gave one to TD, and
> the other two were control (i.e.
> I did not give them to anybody).
> And guess what? The one I gave to
> TD is getting stock spam, and the
> other two are not.


3:54 PM  
Blogger Poor Yorick said...

I can also confirm that three times, I have received spam at three different
email addresses that I divulged only to Ameritrade. The latest incident
occurred in March, 2009. I have issued hundreds, if not thousands of unique
email addresses to various entities I have done business with, and I can count
on one hand the number who have leaked my email address. Ameritrade is one of
those companies.

5:45 AM  

Post a Comment

<< Home