Is TD Ameritrade leaking its customers' email addresses to pump and dump spammers? That's the charge leveled by Bennett Haselton, best known as the guy who's been sticking it to the Web content monitoring industry for nearly a decade via his Peacefire.org site. At Slashdot, Haselton lays out an experiment he conducted in April. He signed up for an Ameritrade account using creating a unique, randomized, 16-charac Is TD Ameritrade leaking its customers’ email addresses to pump and dump spammers? That’s the charge leveled by Bennett Haselton, best known as the guy who’s been sticking it to the Web content monitoring industry for nearly a decade via his Peacefire.org site. At Slashdot, Haselton lays out an experiment he conducted in April. He signed up for an Ameritrade account using creating a unique, randomized, 16-character email address. A month later he began receiving stock spam sent to that address. The web is rife with other Ameritrade customers who’ve been flooded with stock scam spam, including those who’ve done their own experiments with unique email addresses. (To be fair, some Ameritrade users have said they’ve never been spammed.) The company has replied to ticked-off customers by saying it’s aware of the problem and investigating it. Haselton believes his email address was stolen via a breach in Amertrade’s security. I have a simpler explanation: Ameritrade shared it with a “non-affiliated third party,” possibly a mass mailing vendor, who then proceeded to use it for sending pump and dumps. And that’s really the best case scenario. Because a true security breach at Ameritrade – something that opened up account and personal information to data thieves – would be a far more serious thing than some spam designed to part fools from their money. [Update: Ameritrade has responded, but with essentially the same boilerplate text it sent to disgruntled users. To wit: We are aware of the situation currently impacting some of our clients. We are currently investigating the matter and hope to have a resolution soon. So as not to compromise the efforts of that investigation, we cannot elaborate further. In addition, please know that we take the security of our clients and their assets very seriously at TD AMERITRADE. We’ve made significant investments in security software, systems and procedures, which we are always reviewing and upgrading as new tools become available. (Considering Ameritrade customers have been reporting spam problems for more than a year, you’d think they’d come up with a better response.)]Is your online trading company a laughing stock? Share your tales of woe below or email them to me here. Top tipplers may get a Cringe bag worth approximately $0.001 on the open market. Software DevelopmentSmall and Medium Business