How Intelius Bought Your Cellphone Number From The Pizza Guy

How did Intelius compile its directory of people’s private cellphone numbers it now has for sale online? Laws on the books forbid telelphone companies from amassing cell phone directories without customer’s consent, but the laws don’t mention third parties. Instead, Intelius buys them from your friendly, local pizza delivery place. Here’s what the CEO said when asked how people end up in their system: “Geez, [there are] tons of ways — everything from going out to a Web site and buying a ring tone for your phone to putting your phone number down at anything [like] ordering a pizza…There are literally dozens and dozens of ways that a user or a consumer could opt in to a database.” See, it’s legal for businesses to contact you you have business relationship. But companies are turning around and selling these customer databases to places like Intelius, and transferring the right to use the database to these third parties as well. While you’re taking a bite out of that deep-dish, they’re taking a bite out of your privacy.

Cell phone directory rings alarm bells [MSNBC]
PREVIOUSLY: Intelius Sells Your Unlisted And Unpublished Cellphone Number Online


Edit Your Comment

  1. B says:

    My cell phone number’s on the do not call list, so am I safe?

  2. bohemian says:

    “Could we start with your phone number today??”

    THIS is why I won’t give my phone number to cashiers.

    So is there any recourse to demand Intelus remove your number from their database? They show a blind “we might have information pay us $14” screen for any number you put in. When does the class action start?

  3. LorneReams says:

    @B: Not at all. If you give it out, it’s fair game.

  4. Laffy Daffy says:

    @bohemian: Take this for what it’s worth, but the original story mentioned something about getting your number off the list if you sent the request with the number and some kind of proof of ID.

  5. darkened says:

    @bohemian: They guarantee your money back if the listing is inaccurate.

  6. parad0x360 says:

    Verizon sorta pulled this bullshit on me a few weeks ago.

    I was on the main verizon mobile webpage with my phone and there was an offer for a free ringtone. It looked like the offer was from verizon so I clicked it and then got a text message from some company.

    Now im always getting messages from them, and yesterday I started getting messages from someone else. I gotta pay close attention to my bill now and make sure there are no subscription fee’s because I didnt sign up for anything, im also going to be pretty pissed off if one of these messages pushes me over my limit at which point ill demand a refund for their blatant misleading advertisement.

  7. satoru says:

    Forgive me if I’m wrong here. But my thought process is that say if you’re on Intelus’ list and they sell it to company X. Company X still needs to cross reference your number with the Do-Not-Call list before they can do anything.

    Also telemarketers already cannot call your cellphone unless they have a prior business relationship or they get fined. So they must already have a cell phone filter mechanism in place when they compile their lists.

    So in terms of getting telemarketers calling you should be fine.

    Though there are of course the purely privacy issues involved. There I can’t really comment unless the stalkers of the world would use it?

  8. LorneReams says:

    The company can make the lists and sell the info without ever calling you.

  9. MercuryPDX says:

    @parad0x360: Reply with “STOP”, and that should end the messages, and keep an eye on your bill.

  10. backbroken says:

    I like how Mr. Sleaze referenced customer ‘opting in’ to a database. Honestly, how can you rationalize buying pizza into ‘opting in’ to have your privacy violated?

  11. MightyPen says:

    Hmm. I think I’ll check this to see what my listed number is, then “correct” it to some other number…

  12. CornwallBlank says:

    There’s an entire underground industry built around this — and it’s only every now and then that a tip of it pokes up high enough to be seen. This current incident is one of those times.

    Data brokers are buying and selling every scrap of information they can get their hands on — whether through “legitimate” means or by trickery or simply by stealing it. That information includes email addresses, email logs (thus enabling analysis of who’s mailing who), phone numbers, phone records, fax numbers, addresses, purchases, click logs, DNS requests, HTTP requests, bank account numbers, SSNs,and a whole lot more. Anyone who has data-in-hand to sell will have no problem finding a buyer — and buyers are more than willing to conveniently forget to ask where that data came from and how it came to be in the seller’s possession.

    Spammers and phishers, aided by spyware and adware as well as the lax privacy policies (and much worse privacy enforcement) are major contributors to this data flow. Marketplaces such as those operated by the Russian Business Network are the online equivalent of a bazaar where buyers and sellers meet.

    And this is why “interesting” things happen — like this:
    United Airlines gives my address to a Brazilian spammer
    , followed up by

    viagra spam sent to unique addy given to United Airlines
    This has happened with E-trade and others as well;
    it’s so commonplace now that some forums don’t even
    bother discussing it.

  13. bohemian says:

    What I want to know is who sold these databases??

    If I knew for sure that a certain company sold my phone number to these sleezeballs it wouldn’t be pretty.

  14. snoop-blog says:

    @satoru: yes your are correct, but mr ceo in the article claims that if i did business with domino’s, they have the right to solicit you, so by associaction they can sell your number with their “right to solicit you”.

    i call bullshit.

  15. CornwallBlank says:

    Sorry, first URL botched in last message; should be
    United Airlines gives my email address to a spammer…unless I’ve botched it again.

  16. snoop-blog says:

    *sorry the first ‘i’ in my previous post should be ‘you’

  17. IrisMR says:

    Delivery man…How could you?!

  18. Szin says:

    I knew that the Noid was behind this!

  19. satoru says:

    @snoop-blog: Well Intelus has the right to solicit you as per most privacy agreements between business partners. However I would think that because I have no direct business relationship with Intelus itself, they cannot then give that list to someone else and transfer that link. So when Company X buys the list, they still must adhere to existing do not call lists and cellphone number bans.

  20. LorneReams says:

    Exactly. When they sell the info for $14 or whatever they charge, the person who buys the info is responsible for adhering to the laws, the same way if you got a number off of you must still check the do-not-call lists before making a call for business purposes.

  21. banmojo says:

    The sooner this is made illegal, the better for most concerned. If politicians, who COULD pass laws to make this kind of business illegal, started hearing from millions of their constituents, perhaps they would start to take this more seriously. I will be sending both emails AND letters to my respective reps today and tomorrow. I am incensed by this bullshit, and I think we should all take this more seriously. How is this any different from spam? Laws have been passed regarding spam (although I still receive an abnormally large amount of spam daily) and certain gross offenders have even been fined and sent to jail. Poli’s, are you listening out there in Powerville? Why dontcha do something nice for the little people for once? hmmm??

  22. bostonguy says:

    @CornwallBlank: Here’s something I think is a bit worse than an airline selling your email address.

    I have a paypal account, and the email address I used as my login for the account is a unique email address (easy since I have my own domain). It’s used ONLY for logging in to paypal, and nothing else.

    Somehow, I see occasional spams coming to me using this address. Gee, I wonder where they got that address from?

  23. bukz68 says:

    I wonder if Intelius lists the cell phone numbers of their owners. I don’t believe they’d like their business idea too much if they and their family members started getting 500 phone calls and countless voicemails a day from angry citizens.

  24. jesuismoi says:

    I *want* those calls to go to my cell phone. It’s the one I give out to everyone. Why?

    A)My cell phone has caller-id, and unlike our landline, I don’t have to pay $30+ a month for that privledge.
    B)My cell also has the ability to set up rings (or turn them off) for no-caller-id.
    C)Some of those call centers dump out all the cell phone number blocks.
    D)The ONLY people who call our unlisted never given out landline are family, close friends, and bosses…. and random dialers (which we are planning on fixing w/ the dropped line tone on the answering machine)

  25. scoosdad says:

    @bostonguy: Could be from a brute force or dictionary kind of mailing, where the spammer knows your domain, and just sends every combination possible to that domain, and that one matched and got through? Without knowing what the makeup of your username was, just a guess.

  26. chrisdag says:

    @bostonguy: Not to defend paypall but there are other scenarios that match the “unique address at a domain that I own …” problem

    I also own domain names that I use for personal use. The dot org domain anchoring my personal email address has been mine since 1997.

    I started getting spam at a “unique” address that had not been given out in any public forum. I also thought that someone had divulged information to a third party and I was pretty mad.

    The root cause turned out to be totally different. It was actually a dictionary attack against my domain by spammers. After trying and failing thousands and thousands of times with “no such user” failures they actually managed to spam an address that really did exist. So it turns out that spammers guessed my “unique” address by endlessly trying random combinations of words and nobody had actually sold or divulged the info.

    So — unless your “unique” email address was totally randomized and is not a simple combination of words found in a dictionary there is a chance that your address was simply guessed.

    My $.02 of course!

  27. brosnan6 says:

    Anybody know how to sell information to these data brokers? :) I have a few lists that could make me some money….

  28. econobiker says:

    @CornwallBlank: I hear you and raise you one. The term demographics and cluster research should let you know how finely these folks want to split your marketing information into a finely tuned and very valuable commodity.

  29. CornwallBlank says:

    @BostonGuy: agreed. That’s a sensitive one.

    Like some of the people discussing this issue in the two links I gave, I also run my own email servers, and so I’ve been running the same kind of experiments as they have. (And I’ve been using addresses similar to blah987-pwmb-112-foo-exritr-12 AND monitoring the logs — there’s no way they’ll find that via a dictionary attack because my servers will react to the constant probing, inform the firewall, and they’ll be locked out. And also like the others: no Windows, multiple firewalls, etc. I’m quite sure any address that leaks isn’t leaking on my end.)

    The results over the past decade have been interesting.
    FTD, CNN, Sports Illustrated, Today’s Sports, The Vermont Teddy Bear Company, Spa Wish and others have all leaked addresses to spammers. Among the many that haven’t: Eastern Mountain Sports, Travelocity, Motel 6, Small Dog Electronics, Book Closeouts.

    Of course this is just one data point: far more coordinated and dispersed data collection efforts would be needed to established a pattern. (For example: there’s no way to know that an address list wasn’t purloined the day before one of mine was added to it.)
    So what I’ve got is anecdotal evidence, no more. But…there are enough people making similar observations to paint a decent picture of what’s going on.

  30. snoop-blog says:

    anyone ever get a call on their cell from a telemarketer and the caller id didn’t have all 10 numbers? i got called from matrix media and it was from a 6 digit number. tried calling the number back, and it doesn’t recieve calls, tried to look them up on the internet, too many matrix media’s out there to know who’s who. i’ll get the number when i get home and post it on here tonight.

  31. Moklomi says:

    What A sleezball this company is If I receive calls on my cellphone from telemarketers I’m going to sue them for each minute on my bill they waste ….. I can do that right?

  32. bohemian says:

    @bukz68: I would pay $14.95 to obtain those and distribute all over the net so people can invade their privacy at will.

  33. doctor_cos wants you to remain calm says:

    @bohemian: My number would be (666) 382-5968. My cell? 8 6 7 5 3 0 9e-ine (8675309)

  34. doctor_cos wants you to remain calm says:

    They got my number off the wall.

  35. Landru says:

    I have a whistle on my key chain and I blow it into my phone when there is a telemarketing call.

  36. ihateauditions says:

    This page has directions on opting out of a wide variety of online information brokers.

    Of course it’s absurd to call it ‘opt-in’ in the first place, but that’s a different issue.

  37. fergthecat says:

    @darkened: It actually says, “NO RESULTS – NO CHARGE!” So I think you still have to pay if it’s wrong.

  38. TangDrinker says:

    In my experience working in research, Intelius and the other online vendors of information you can purchase for only “$19.95” or whatever, do not provide very reliable results.

    I’m certain there will be a class action law suit on this soon, but for the meantime, if someone does buy your information from this list and calls your cell phone number, I’m betting that they won’t ask for your name when they call you – but rather someone completely different. The data I’ve seen from those sites are practically useless, especially when it comes to cell phone info.

  39. MeOhMy says:

    My cell number does not appear to be there.
    I always give the delivery driver a beefy tip.

  40. Cogito Ergo Bibo says:

    If you’d like to be removed from their database, I found out the process. I went to their website and hit the “Contact” link at the bottom of the page. One of those email forms with drop down menus to characterize your message pops up. I chose the one asking to be removed. When I sent the email, I received the following:

    Subject: How do I remove my information from your site?

    Email Response from our customer service team:

    In order for Intelius to ‘opt out’ your public information from being viewable on the Intelius website, we require faxed proof of identity. Proof of identity can be a state issued ID card or driver’s license. If you are faxing a copy of your driver’s license, cross out the photo and the driver’s license number. We only need to see the name, address and date of birth.

    Please fax information to our customer service department at 425-974-6194.

    If you are not comfortable doing this, you can send us a notarized form proving your identity and we will be glad to remove this public information.

    ** Please note removing the data here does not prevent public records from sending us new information in the future. To permanently have your records sealed, you will need to contact your county’s records department.

    Intelius Customer Service

  41. sixseeds says:

    I know telemarketing to cell phone numbers is illegal, but what about political marketing? I keep getting automated campaign phone calls on my cell and I want it to stop (or, alternatively, to have legal recourse).

  42. ZugTheMegasaurus says:

    I guess nobody else here has ever worked telemarketing; lots of places that sell numbers get them that way (and telemarketers are supposed to know that in order to respond to irate people who ask).