Skip to main content

Hundreds of millions of email addresses fed to advertisers by popular websites

By
Many of the defective systems are still live
Some of the most popular websites online today have leaked hundreds of millions of email addresses to advertisers and data analytics firms, according to a new research report.
As a result of a defect in sign-up processes attached to websites such as Wish, MailChimp and the newly launched Quibi, user email addresses were funneled into the laps of the world’s largest advertisers, including Google, Facebook and Twitter.
Authored by security researcher Zach Edwards, the report explains that clicking on links embedded within account confirmation emails caused addresses and other user data to be delivered to third parties, who could then use the information to inform personalised advertising efforts.
The report does not make clear precisely how the email addresses were used by third party advertisers.

Email address leaks

This specific variety of breach occurs when an email address is appended to a URL following the activation of a link by the user. The information is then transferred to third party advertising and analytics firms - sometimes in plain text - as a mechanism of a piece of JavaScript code.
Users of web browser Google Chrome are more likely to fall victim, because the browser does not block JavaScript activity by default - unlike rival services Safari, Brave and Firefox.
E-commerce giant Wish was said to be responsible for one of the largest leaks, which “likely involved hundreds of millions of user emails,” according to Edwards. 
While the report criticises the lethargy demonstrated by many affected companies, it notes that Wish went to painstaking lengths to remedy the issue, rebuilding its email architecture in the space of 72 hours following the disclosure.
Streaming platform Quibi, launched on April 6, was also marked out as an offender and has since taken action to address the breach. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately,” said the firm.
According to Edwards, while users can take steps to prevent leaks of this kind (such as using an ad blocker or privacy-centric browser), the failure of businesses to request the deletion of user emails from third party logs is at the heart of the problem.
“There needs to be significant efforts by organizations sharing user emails in this way, to submit partner deletion requests to the third party advertising and analytics companies who received the emails,” he said.
The majority of the defective systems were still live as of the report’s publication on April 29, which suggests many consumers remain at risk.
Labels:

Comments

  1. UnknownMay 11, 2020 at 1:42 AM

    This was a good read. Though there has been an ongoing debate about data privacy, followed by update of data policies, much more needs to be done.

    ReplyDelete

Post a Comment

Popular posts from this blog

iOS 14 update release date, devices and everything you need to know

By
Tracking the iOS 14 update as news trickles in It may feel like iOS 13 only debuted yesterday, but that came out in September 2019 and we're set to get iOS 14 by the end of this year. The next big update for your iPhone is currently just rumored for now - Apple has yet to specifically confirm the name for the next piece of software - but it's very likely we'll be hearing officially about it soon. And given what was left out with iOS 13 and what new technology could be coming in the  iPhone 12  we can make some educated guesses about what’s coming in the next big iOS update. Some of these are obvious, like support for 5G should Apple finally decide to release a  5G iPhone  that works with the next-gen phone networks. If there's somehow an Apple foldable, well, iOS 14 will have software to make that work, too. Other iOS 14 features take a little bit of speculative leaps to imagine which tweaks Apple might make in its continual improvements on its iPhone operating system. 
Post a Comment
Read more

Irfan Khan, Indian actor of Slumdog Millionaire fame, dies at 53

By
Khan, who fought a long battle with cancer, carved out a stellar career in Bollywood, Hollywood and other Western films. Acclaimed Indian actor Irrfan Khan, whose international movie career included hits such as Slumdog Millionaire, Life of Pi and The Amazing Spider-Man, has died aged 53, his publicist said. Khan, who was diagnosed with a neuroendocrine tumour in 2018, died on Wednesday after he was admitted in a Mumbai hospital for colon infection. He was 53. "Irrfan was a strong soul, someone who fought till the very end and always inspired everyone who came close to him," his publicist said in a statement. He spent his final hours "surrounded by his love, his family for whom he most cared about," a statement released by his family said. The actor had spent several months last year in the United Kingdom undergoing cancer treatment. His mother Saeeda Begum died four days ago on April 25. He is survived by his wife, TV producer Sutapa Sikdar, an
Post a Comment
Read more

Save the Nature

By
Save the Nature Nature is the creation of Allah, who is Almighty of all and everything. I think every living being in this world cannot live without nature. So, when need to protect it, we started damaging it with our factories, nuclear waste, plastic and especially by developing big metropolitan cities on the land of forests without planting new trees. We have destroyed our forests and green lands which were necessary for our atmosphere and are the important part of our Eco system, to protect us from dangerous heatwaves from the sun, to maintain the balance, to protect the animal Eco system, which we have tried to end with our thirst for power. We had put many of the species on the brink of extinction. As a god’s Favorite creation we were assigned the task to maintain the balance among every living being on this planet which is also very necessary for our lives. But due to our cruel thinking and nature we have destroyed it with our own hands. We are racing aga
10 comments
Read more