Black Hat organisers red faced after 'phishing' email mixup

Volunteer accidentally sends phishy message

The organisers of the Black Hat security conference have apologised for accidentally sending password reset emails to 7,500 delegates that some took to be evidence that the event's database had been hacked to fuel a phishing campaign.

Visitors to Black Hat, which began on 21 July, count themselves some of the most justifiably paranoid people on earth, so suspicions were heightened when inboxes started filling with emails from with the subject line ' Your admin password', followed by the following message:

You have requested a new password. Here are your details:


To sign in, please go to this URL:


If such a gauche communication had been a phishing scam or prank that would have been bad enough but it turned out to be genuine message from the event's organisers.

"We love to tease people that your systems need to be ready to hold their own if joining the Black Hat network. In this frame of mind, the community very correctly expected a prank or act of malice.," said Black Hat general manager, Trey Ford, using a mix of humour and contrition to hide his obvious embarrassment.

"For those of you intimately acquainted with Black Hat, our show is powered by an army of volunteers - they handle everything from building classrooms for training, proctoring speakers and sessions, to checking you in at registration," he added, before explaining that an out-of-his/her-depth individual had sent the email by mistake.

"The email this morning was an abuse of functionality by a volunteer who has been spoken to. This feature has since been removed as a precautionary measure."

For Black Hat delegates, the panic is over even if the organisation will find itself on the end of jibes for some time to come.

As some have pointed out, it wasn't simply that the email was sent at all that raised concerns but the structure of the whole communication from top to bottom.

"The volunteer's behaviour doesn't explain away the phishiness factors. It sounds as though the BlackHat conference might indeed have sent you an email of this sort. Just not this one," said Paul Ducklin of security company Sophos, not himself attending the event.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts