The intrepid reader, known only as 'Dan', reportedly found the list with no more than a little clicking around. Bitterwallet found the list and let 3 know, and it has now been removed. Names and addresses of 79,035 people were available to anyone with enough curiosity to mildly sprain a cat -- by simply investigating the source of an image in a mailing list email from 3 -- but it's not clear how long this outrageous loophole was open to exploit.
On the face of it, a list of names and addresses isn't all that confidential, but it's all an identity thief needs to get started. And it's sweet of 3 to compile the data into handy list form. It's lucky Dan was a just nosy fella with a sense of public duty -- enough to email a consumer blog, anyway -- rather than a rapacious identity tea-leaf.
Update: In our original version of this story, we stated that the list consisted of customer details. 3 has now released an official statement, making clear to us that the information definitely isn't a list of customers: "Less than 5 per cent of names in the list are 3 customers according to our initial investigations".
Worryingly, 3 can't tell us who these people actually are. If they aren't customers, who are they, why does 3 have their details, and why are they being posted for the world to see? Are they employees? Former customers? Some kind of blacklist for when 3 takes over the world? What's gone from being another eye-rolling 'here we go, some twonk's left a disk of data on a train/in the back of a cab/tucked in a lap-dancer's cleavage'-type story is turning into something more worrying. The plot thickens...
Final update: 3 has come back to us and confirmed that this was in fact a marketing list. Oh well, that's all right then.