Skip to main content

Hundreds of millions of email addresses fed to advertisers by popular websites

By
Many of the defective systems are still live
Some of the most popular websites online today have leaked hundreds of millions of email addresses to advertisers and data analytics firms, according to a new research report.
As a result of a defect in sign-up processes attached to websites such as Wish, MailChimp and the newly launched Quibi, user email addresses were funneled into the laps of the world’s largest advertisers, including Google, Facebook and Twitter.
Authored by security researcher Zach Edwards, the report explains that clicking on links embedded within account confirmation emails caused addresses and other user data to be delivered to third parties, who could then use the information to inform personalised advertising efforts.
The report does not make clear precisely how the email addresses were used by third party advertisers.

Email address leaks

This specific variety of breach occurs when an email address is appended to a URL following the activation of a link by the user. The information is then transferred to third party advertising and analytics firms - sometimes in plain text - as a mechanism of a piece of JavaScript code.
Users of web browser Google Chrome are more likely to fall victim, because the browser does not block JavaScript activity by default - unlike rival services Safari, Brave and Firefox.
E-commerce giant Wish was said to be responsible for one of the largest leaks, which “likely involved hundreds of millions of user emails,” according to Edwards. 
While the report criticises the lethargy demonstrated by many affected companies, it notes that Wish went to painstaking lengths to remedy the issue, rebuilding its email architecture in the space of 72 hours following the disclosure.
Streaming platform Quibi, launched on April 6, was also marked out as an offender and has since taken action to address the breach. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately,” said the firm.
According to Edwards, while users can take steps to prevent leaks of this kind (such as using an ad blocker or privacy-centric browser), the failure of businesses to request the deletion of user emails from third party logs is at the heart of the problem.
“There needs to be significant efforts by organizations sharing user emails in this way, to submit partner deletion requests to the third party advertising and analytics companies who received the emails,” he said.
The majority of the defective systems were still live as of the report’s publication on April 29, which suggests many consumers remain at risk.
Labels:

Comments

  1. UnknownMay 11, 2020 at 1:42 AM

    This was a good read. Though there has been an ongoing debate about data privacy, followed by update of data policies, much more needs to be done.

    ReplyDelete

Post a Comment

Popular posts from this blog

Save the Nature

By
Save the Nature Nature is the creation of Allah, who is Almighty of all and everything. I think every living being in this world cannot live without nature. So, when need to protect it, we started damaging it with our factories, nuclear waste, plastic and especially by developing big metropolitan cities on the land of forests without planting new trees. We have destroyed our forests and green lands which were necessary for our atmosphere and are the important part of our Eco system, to protect us from dangerous heatwaves from the sun, to maintain the balance, to protect the animal Eco system, which we have tried to end with our thirst for power. We had put many of the species on the brink of extinction. As a god’s Favorite creation we were assigned the task to maintain the balance among every living being on this planet which is also very necessary for our lives. But due to our cruel thinking and nature we have destroyed it with our own hands. We are racing aga...
10 comments
Read more

iOS 14 update release date, devices and everything you need to know

By
Tracking the iOS 14 update as news trickles in It may feel like iOS 13 only debuted yesterday, but that came out in September 2019 and we're set to get iOS 14 by the end of this year. The next big update for your iPhone is currently just rumored for now - Apple has yet to specifically confirm the name for the next piece of software - but it's very likely we'll be hearing officially about it soon. And given what was left out with iOS 13 and what new technology could be coming in the  iPhone 12  we can make some educated guesses about what’s coming in the next big iOS update. Some of these are obvious, like support for 5G should Apple finally decide to release a  5G iPhone  that works with the next-gen phone networks. If there's somehow an Apple foldable, well, iOS 14 will have software to make that work, too. Other iOS 14 features take a little bit of speculative leaps to imagine which tweaks Apple might make in its continual improvements on its iPhone opera...
Post a Comment
Read more

This is Not The First Time

By
This is Not The First Time The pandemic that is threatening the world nowadays Covid19, has been identified as the cause of an outbreak of viral pneumonia in Wuhan, China. The disease that has infected nearly two million people and blow off the lives of more than one hundred thousand people. It is emerged and spread like a wild fire. The world has been in a panic since as it is the disease that globe has not been prepared for. The reason sounds like a joke, a statement of an alien being. This reason reminds every human of its good old school days when they always promise themselves to study the whole session not a night before the paper. Because it is not first time when such type of pandemic catches the globe in its iron hands. After being criticized for a slow response to SARS, China is once again facing global scrutiny for its handling of the new corona virus. By the time the global SARS outbreak was contained, the virus spread to over 8,000 people worldwide and killed ...
2 comments
Read more