Editor’s note: This story was amended to provide clarifying details about an indictment.
The National Association of Realtors is no longer making the e-mail addresses of members available to other members, after receiving complaints that spammers might be obtaining Realtors’ e-mail addresses from NAR’s website, and uncovering evidence that one member’s account had been "used improperly."
One Realtor who complained to NAR about a potential security breach of member data is Falls Church, Va.-based broker Frank LLosa of Frankly Real Estate Inc., who told Inman News he has been investigating the source of spam e-mails he’s been receiving for several years.
Inman News verified that an e-mail address LLosa created with the sole intention of tracing the source of the suspected breach briefly appeared at real-estate-agents-lists.com, a website operated by Zichron Internet Marketing LLC.
Zichron sells the contact information of real estate agents to firms that want to market them. The company’s clients have included Inman News.
LLosa, who has been an Inman News contributor, said he only provided the unique e-mail address to the Northern Virginia Association of Realtors, which in turn provided the e-mail address to NAR. LLosa asked both associations to investigate.
Zichron Internet Marketing’s president, William Bailey, said he was contacted by NAR’s legal department on more than one occasion since launching the site in March 2006, over issues concerning the site’s use of the Realtor trademark.
Bailey said that at NAR’s request he removed the word "Realtor" from the site’s original URL. More recently, he said, he responded to a letter from Mary Newill, the trademark administrator in NAR’s legal affairs division, by removing references to "Realtor" from copy on the site.
"Mary Newill and the NAR is certainly aware of my website and business, and not once have they expressed concern about the data I’m selling — only the use of the word ‘Realtor,’ " Bailey said.
Bailey was indicted in 2006 for allegedly using member accounts to download, without authorization, information on more than 80,000 members of the American College of Physicians.
According to the 11-count indictment, Bailey operated a website, www.dr-411.com, and sold databases containing contact information of physicians, dentists, chiropractors and lawyers.
Bailey pleaded guilty of one count of intentionally accessing a protected computer without authorization and obtaining information for purpose of commercial advantage and private gain. In exchange for foregoing a trial, counts two through 11 of the indictment were dismissed. Bailey was fined $10,000 and sentenced to six months in prison in February 2007, with the final three months served in home confinement.
Bailey said the real estate agent databases that he sells today are culled from public sources, and that he does not "hack any databases or use passwords" to obtain agent contact information.
In a statement, NAR said it responded to LLosa’s complaints and those "of a very few other members" by re-examining how it makes member data available to other members.
NAR said it identified two places it believed it could improve the manner in which data was maintained and made accessible to members. NAR also examined whether there had been any compromise of that data through either of those two locations.
At one location where access to member information was made available to members only, NAR said, "We identified some evidence that earlier this year such access had been used improperly, and immediately terminated the account that had done so."
Outside of that example, NAR stated, "we have no evidence of and no reason to believe that our databases have been accessed improperly."
NAR did not identify the Realtor whose account was terminated, and said it "is not technically possible" to rule out the possibility that Realtor.org was a potential source of Realtor contact information offered for sale by Zichron Internet Marketing through real-estate-agent-lists.com.
"Zichron claims to obtain its information from ‘200 primary sources’ and to have been doing so since 2004," NAR said in a statement to Inman News.
NAR said its members find it "desirable and useful" to be able to identify, locate, and contact other members for referrals and other business-related information.
"We recognize there is a delicate balance between serving this member need and protecting member information," NAR said of the decision to remove e-mail addresses from information that’s available to members.
Consumers can’t get Realtors’ e-mail addresses through the "Find a Realtor" tool on Realtor.org, either. The tool provides Realtors’ phone numbers, website address and physical address. To prevent scraping, Find a Realtor limits search results to 100 results, and requires users to enter a "CAPTCHA" challenge-response code to see each individual entry.
"We use various well-accepted best practices and industry-standard procedures and protocols to protect our databases of member information," NAR said. "We believe those techniques provide our information a very high degree of security."