Why the fuck would you keep an entire list of addresses and SR usernames of every single person who ordered from you? That is horribly insecure and fucking idiotic to say the least. Not only this but you share them with arbitrary other people who clearly don't even know what encryption is, and passed around the internet? Clearly nobody should ever do business with you ever again. After a vendor sends me something I expect my address to vanish instantly, never should it be stored unencrypted! At the very least you should have used a fucking salted hash list to store the addresses for confirmation and told people reships need to be to the same address. Then only a salted hash list would have leaked out.