I won't rehash the details of the whole "MyBlogLog spam fest of 2007" thing.  The extremely short version of the story is that someone basically found a hole in the software that allowed them to mass-invite and mass-force-approve co-authors to their communities.  Thousands of people got invitations to join communities that they had never heard of… and then started getting comment spam from those communities.

Needless to say it was a mess.

The folks at MyBlogLog have since corrected the problem.  Not only did they plug the holes that permitted the breach in the first place, but they also rolled back any changes that had been made over the weekend.  In response to the incident, they've also laid out a plan to help prevent further abuses of their system.  And they've apologized.

Those are all good steps to take in a situation like this.  No one can really blame the developers for the exploit.  As long as fallible human beings write software, there will also be holes and exploitable code.  There are steps that can be taken to minimize those holes.  But nothing can be done to completely stop them. So I'm not going to comment on that aspect of the problem.

But how in the world could a company, no matter how small, with a service being actively used by thousands of people, simply stop "looking online"?  Huge, huge dropping of the ball, MyBlogLog.

I understand that the people at MyBlogLog have lives outside work.  All of us do.  But here's the deal.  When you signed on to the MyBlogLog team, you made a commitment. Your service survives and thrives because other people use it.  Without those users,  it's just a nifty idea.  And when those users that you depend on are using your service 24 hours a day, 7 days a week someone should be monitoring your end of the system during those same times.

You'd never go to a 24/7 gas station and find the store devoid of employees… would you? 

So there's only 6 of you at MyBlogLog.  Maybe you need 7.  Or 8.  A service as popular as this one should have someone behind the helm at all times.  Get some help from new parent Yahoo.  Whatever you have to do.  But this whole situation was preventable.  And since I'd venture a guess that 2/3 of your users don't read the MBL Blog, they're not going to know what happened or how it happened.

And that's going to lead to sour feelings and folks reconsidering using the service.  Send out an email and explain what happened.  Let your ENTIRE community know that you dropped the ball and that you're sorry (and that you fixed it)… not just the handful of folks reading your blog.  Come on… that "jackass" figured out a way to send us all an email.  You can do it, too!

At the end of the day, it was just some email.  In the grand scheme of life (and business life) it wasn't a life shattering event.  But it could have been something much worse.  It could have been more than some rouge email. And with no one there to watch what was going on, it would have gone unchecked.

We all have to make sacrifices for the things we believe in and the things we're part of.  I'm not suggesting the folks at MyBlogLog give up their lives outside work.  But I am saying that it's quite possible, however unpleasant, that sacrifices will have to be made until you all get MBL fully staffed.  If you want to prevent further snafus like this one, that is.

I'm sure you've all made sacrifices already.  But it looks like you're not out of the woods yet.  Such is the life of those who go into business for themselves.  Get used to it.