Quibi, Wish, MailChimp’s Mandrill, JetBlue and Other Companies Leaked Email Data to Advertisers, Revealed a New Report

Quibi, Washington Post and a lot of other companies are leaking the email addresses of users through the third-party advertisers, who then target those users by finding them all over the web using the email IDs, revealed a new report by Zach Edwards.

Edwards posted his research in a Medium blog post, claiming that third-party analytics are hired by popular websites to advertise but then carelessly leak the email addresses of the users to analytics and advertising companies.

According to Edwards, this has been going on for years where millions of email IDs and users must have been affected through it.

Like when a new user signs up on Quibi and confirms the email address, their email address, in the form of plain text, is added in the URL of the webpage and then leaked to the third-party advertisers.

The researcher tried to contact all the affected companies out of which only three, wish.com, MailChimp, and the Washington Post responded on the issue.

JetBlue, while talking to an online media platform, said they take the security and safety of their users’ data seriously. The findings of Edwards would be reviewed to ensure that the personal information of customers is secure and is meeting the standards of the company’s rules.

Quibi’s spokesperson also responded saying the issue has been resolved. The email by the spokesperson said that the security of users’ information is priority and data protection will be ensured. As soon as the issue was reported, the security and engineering team of Quibi fixed it instantly.


Wish also stated in an email that the report by the security researcher was thoroughly investigated and acted upon. To further ensure safety, additional encryption was used to secure the email addresses of users.

The email by Wish declared the report posted on Medium “Off the Mark”, saying it was not the breach of information rather the data was shared only with the advertising and sales service providers of the Wish.

Dr. Noah Johnson, the co-founder, and chief technology officer at Dasera, a data security startup, said in the future he is expecting an increased number of similar cases.

According to him, companies have worked on securing their infrastructure to keep it safe from external hackers but have not worked much on how the company itself will use it. Several analysts, data scientists, and contractors use the consumer data daily and one careless incident can lead to data leakage, resulting in the lack of trust of consumers.



Read next: Terms of Services - A Section Often Ignored Because of Its Length (infographic)

No comments:

Post a Comment