Quibi, JetBlue and Others Gave Away Email Addresses, Report Says (variety.com) 13
An anonymous reader quotes a report from The New York Times: Millions of people gave their email addresses to Quibi, JetBlue, Wish and other companies (Warning: source may be paywalled; alternative source) -- and those email addresses got away. They ended up in the hands of advertising and analytics companies like Google, Facebook and Twitter, leaving the people with those email addresses more easily targeted by advertisers and able to be tracked by companies that study shopping behavior, according toa reportpublished on Wednesday. The customers unwittingly exposed their email addresses when signing up for apps or clicking on links in marketing emails, said the researcher Zach Edwards, who runs the digital strategy firm Victory Medium. In the report, he described the giveaway of personal data as part of a "sloppy and dangerous growth hack."
Mr. Edwards, a contributor to a recent studythat examined potential privacy violations by dating services like Grindr and OkCupid, wrote in the new report that one of the "most egregious" leaks involvedQuibi, a short-form video platform based in Los Angeles that is run by the veteran executives Jeffrey Katzenberg and Meg Whitman. Quibi went live on April 6, long after new data privacy regulations went into effect in Europe and California. People who downloaded the Quibi app were asked to submit their email addresses. Then they received a confirmation link. Clicking on the link made their email addresses available to Google, Facebook, Twitter and Snapchat, according to the report. Quibi said in a statement on Wednesday that data security "is of the highest priority" and that "the moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately." "Mr. Edwards said customers were probably unaware of leaks at Wish, an e-commerce platform where hundreds of millions of email addresses were most likely exposed starting in 2018," the report adds. "When users clicked on links in marketing emails from the company, their email addresses were shared with Google, Facebook, Pinterest, PayPal and others, he wrote."
Other companies that suffered limited leaks included The Washington Post, JetBlue, and Mailchimp.
Mr. Edwards, a contributor to a recent studythat examined potential privacy violations by dating services like Grindr and OkCupid, wrote in the new report that one of the "most egregious" leaks involvedQuibi, a short-form video platform based in Los Angeles that is run by the veteran executives Jeffrey Katzenberg and Meg Whitman. Quibi went live on April 6, long after new data privacy regulations went into effect in Europe and California. People who downloaded the Quibi app were asked to submit their email addresses. Then they received a confirmation link. Clicking on the link made their email addresses available to Google, Facebook, Twitter and Snapchat, according to the report. Quibi said in a statement on Wednesday that data security "is of the highest priority" and that "the moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately." "Mr. Edwards said customers were probably unaware of leaks at Wish, an e-commerce platform where hundreds of millions of email addresses were most likely exposed starting in 2018," the report adds. "When users clicked on links in marketing emails from the company, their email addresses were shared with Google, Facebook, Pinterest, PayPal and others, he wrote."
Other companies that suffered limited leaks included The Washington Post, JetBlue, and Mailchimp.
Who? ... Pets.com? InternetBubble.com? (Score:2)
VA Linux? ;)
I can't tell them apart.
Re: (Score:2)
burner email (Score:2)
There needs to be a burner email service. Some way I can create email addresses on the fly and have them forwarded to my real account.
When I'm asked for an email by, say, jetblue I want to be able to enter "bugs2squash:jetblue@whatever.com" and then the service at whatever.com will split the incoming email address at the colon to find my identity and forward the content to my real email along with some indication of what address it was originally sent to.
That way when the inevitable spam comes I'll know who
Re: (Score:3)
You can just create aliases on your hotmail account... and it supports the gmail style + aliases as well.
So you make "myspamtrap@outlook.com" or whatever as an alias to your actual hotmail account, then give myspamtrap+dumpsterfire@outlook.com as your email address to dumpsterfire.com
Gives you both and you can just abandon the myspamtrap alias if you win too much spam, by filtering emails to that alias to spam (in case you want to do a password reset on one of these sites....)
Re:burner email (Score:4, Insightful)
I always use "spam_from_COMPANYX@mydomain.tld" - that way either they'll not bother sending when they detect the 'spam' word in it, or else I'll know exactly where I originally submitted it too, and potentially who else ended up with it.
And if they refuse it because of the word 'spam' in it, well then they won't get my business.
Their policy.... (Score:2)
That's why I use tracker addresses (Score:4, Insightful)
I use a separate address for each online vendor I deal with. (even Slashdot) Then I know exactly where it came from. Most companies are OK, I rarely get third party emails from legitimate companies - but every once in a while one gets out.
I use a now orphaned service called Spamarrest to create unlimited tracker addresses, but the site hasn't been updated in years and is basically kept on life support, so the service will probably be going away at some point. But I believe Gmail and some other services have the ability to create tracker / burner addresses these days. If you are doing this with another service, I'd like to know what you're using.
Re: (Score:3)
If you need an email for a site you /really/ don't give a shit about, you can use www.mailinator.com ... enter whatever the hell you want and it will open that public email box. So you just send the "click the link to prove you have internet" email to whatever@mailinator.com and go open that inbox.
Has to really be a throwaway site though, or anyone can do a password reset to the email address you used; or you can use a really long/random email address and the odds of someone finding it approach zero but I d
Re: (Score:3)
well someone does (Score:2)
One flight to Texas + one car rental = email spam and phone calls related to Texas and solar power for months on end.
How? (Score:2)
Clicking on the link made their email addresses available to Google, Facebook, Twitter and Snapchat, according to the report.
How is this even possible? Maybe it's just me, but when you create a link for someone to click for registration, the only possible way for anyone else to see your email is if that link was explicitly coded to do so.
Quibi said in a statement on Wednesday that data security "is of the highest priority"
Obviously not if your incompetent (or malicious) programmers create links which spew
Get your own domain... (Score:2)
Get your own domain — it is very cheap — and set it forward everything@example.com to you...
Each time you need to give someone your address, create a special one: someone-year@example.com.
When you start getting spam at a particular address, just block it... If you still need the original correspondent to be able to reach you, give them a new address (updating the issue year, or, as was once necessary with /., adding the quarter).
I've been doing this for over 20 years, for example, and have caugh