Did you receive an email from Queen B on Friday, 22nd April that looked a bit dodgy? We are incredibly sorry for any angst that this may have caused you.
If you want a short explanation, the email was sent automatically by our email marketing software company (DotDigital) without any instruction or authority from us, but your data has NOT BEEN COMPROMISED in any way.
If you are worried and want to know more of the ins and outs of what happened, read on.
The email was sent automatically by our email marketing software company (DotDigital) without any instruction or authority. Whilst this is a catastrophically bad look for a company that prides itself on ethics / NEVER sending spam / integrity / making life attractive, your information has not been compromised in any way.
Over the 22 years Queen B has been in business we've had many iterations of our website built on different platforms - from bespoke in the early days when ecommerce was new to off the shelf in the latter years. There is always a choice to make between 'hosted' and 'self hosted' and the major differences being the security of your website and the cost of having a website.
Five or so years ago with yet another global ecommerce hacking scandal I decided that the stress of having a website was getting too great for me. If Nike, Uber, the CIA etc etc can't stop hacking, what chance did little old Queen B have in protecting customer data. Having ethics and integrity comes with a lot of pressure that we put on ourselves - and that's difficult when you really have very little control these days.
Anyway, so five years ago I decided to build a new website on the Shopify platform. That means they host it. So to hack Queen B, you need to hack into Shopify. With annual revenue of over $4.61 billion and over 10,000 employees, I fancy their budget to manage hackers more than my own.
So, what happened on Friday?
Like most companies, we use another company to manage our email marketing precisely so that we CANNOT be accused on sending spam. In our case we use (make that used to use) a company called DotDigital. Through DotDigital, we require customers to sign up to received our newsletter. We make it exceptionally easy to unsubscribe. We literally cannot send a marketing email ourselves to someone who has said they don't want marketing from us.
When we signed up with DotDigital, the way their software worked is that our emails had to come from a no-reply email address. I hated it but went ahead anyway when they explained that it was a way of ensuring their servers never sent spam. Fast forward a few years and recently I was doing some thinking about Queen B's vision, mision and values (and how to articulate that in 10,000 words or less 😂) and I realised that DotDigital had to go.
We love our customers.
We literally LOVE hearing from you.
We hate companies that send emails from no-reply email addresses. My personal philosophy is 'do not send me your marketing gumph if you're not happy to hear back from me'.
The way we were forced to send our emails through DotDigital was the absolute opposite of everything we believed in. And so, on the basis of this one thing, I emailed DotDigital on 5th April and asked them to put our account on hold.
Then all of a sudden on Friday, we start getting inundated with calls, chats, texts and emails from friends and customers asking if our website has been hacked. The answer is a categorical 'NO'... that would have been front page global news if Shopify had been hacked.
What I am told by DotDigital is that their software (which should have been on hold or not working) received some sort of message from the Shopify platform that we were trying to resubscribe unsubscribed customers and so DotDigital sent that rubbish looking, badly worded, email on our behalf.
Sadly for us, the damage is immense. Their email was sent to double the number of people I have on our email list (ie they've sent their email to all of our unsubscribed customers as well) and from the emails I'm receiving they're angry.
Many of you think we're spamming you - I can assure you we would never knowingly send spam and DotDigital will be paying for allowing this to happen (particularly as i understand that we are not the first client that they've allowed this has happened to. Surely if you know that your software has a massive flaw that allows it to do this, you'd fix it before it could ruin another small business).
Many of you think your data has been compromised. It hasn't. This was not a phishing email.
This is a case of a really shit email marketing company that should know better than having a glitch in their software that caused untold damage to the reputation of a small business built over 22 years on being different to other businesses in the ethical standards to which we hold ourselves. That's not to mention the mental angst that is caused by having someone threaten your livelihood or the financial pain of having customers unsubscribe because they felt that their information wasn't safe with us.
Chatting to you via email will always be our preferred option. So much so that we always have a special in our newsletter that no one else know about. Why? Well, years ago, Facebook decided that unless we paid them a lot of money, they would only show our updates to a fraction (less than 10%) of the people who had specifically 'liked' our page because they wanted to know what was going on here. Instagram is the same (it's owned by Facebook). We're too old for TikTok! And so that leaves email.
We are now using a new email marketing company - Klaviyo. We apologise again for any concern caused.
Leave a comment