Skip to main content

Slashdot: Quibi, JetBlue and Others Gave Away Email Addresses, Report Says

Quibi, JetBlue and Others Gave Away Email Addresses, Report Says
Published on May 01, 2020 at 05:50AM
An anonymous reader quotes a report from The New York Times: Millions of people gave their email addresses to Quibi, JetBlue, Wish and other companies (Warning: source may be paywalled; alternative source) -- and those email addresses got away. They ended up in the hands of advertising and analytics companies like Google, Facebook and Twitter, leaving the people with those email addresses more easily targeted by advertisers and able to be tracked by companies that study shopping behavior, according toa reportpublished on Wednesday. The customers unwittingly exposed their email addresses when signing up for apps or clicking on links in marketing emails, said the researcher Zach Edwards, who runs the digital strategy firm Victory Medium. In the report, he described the giveaway of personal data as part of a "sloppy and dangerous growth hack." Mr. Edwards, a contributor to a recent studythat examined potential privacy violations by dating services like Grindr and OkCupid, wrote in the new report that one of the "most egregious" leaks involvedQuibi, a short-form video platform based in Los Angeles that is run by the veteran executives Jeffrey Katzenberg and Meg Whitman. Quibi went live on April 6, long after new data privacy regulations went into effect in Europe and California. People who downloaded the Quibi app were asked to submit their email addresses. Then they received a confirmation link. Clicking on the link made their email addresses available to Google, Facebook, Twitter and Snapchat, according to the report. Quibi said in a statement on Wednesday that data security "is of the highest priority" and that "the moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately." "Mr. Edwards said customers were probably unaware of leaks at Wish, an e-commerce platform where hundreds of millions of email addresses were most likely exposed starting in 2018," the report adds. "When users clicked on links in marketing emails from the company, their email addresses were shared with Google, Facebook, Pinterest, PayPal and others, he wrote." Other companies that suffered limited leaks included The Washington Post, JetBlue, and Mailchimp.

Read more of this story at Slashdot.

Labels:

Comments

Post a Comment

Popular posts from this blog

Slashdot: US Army Soldier Arrested In AT&T, Verizon Extortions

US Army Soldier Arrested In AT&T, Verizon Extortions Published on January 01, 2025 at 02:35AM An anonymous reader quotes a report from KrebsOnSecurity: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother -- Minnesota native Alicia Roen -- filled in the gaps. Roen said that prio...
Post a Comment
Read more

Slashdot: US Army Soldier Pleads Guilty To AT&T and Verizon Hacks

US Army Soldier Pleads Guilty To AT&T and Verizon Hacks Published on February 20, 2025 at 01:31AM Cameron John Wagenius pleaded guilty to hacking AT&T and Verizon and stealing a massive trove of phone records from the companies, according to court records filed on Wednesday. From a report: Wagenius, who was a U.S. Army soldier, pleaded guilty to two counts of "unlawful transfer of confidential phone records information" on an online forum and via an online communications platform. According to a document filed by Wagenius' lawyer, he faces a maximum fine of $250,000 and prison time of up to 10 years for each of the two counts. Wagenius was arrested and indicted last year. In January, U.S. prosecutors confirmed that the charges brought against Wagenius were linked to the indictment of Connor Moucka and John Binns, two alleged hackers whom the U.S. government accused of several data breaches against cloud computing services company Snowflake, which were among the ...
Post a Comment
Read more

Slashdot: AT&T Now Lets Customers Lock Down Account To Prevent SIM Swapping Attacks

AT&T Now Lets Customers Lock Down Account To Prevent SIM Swapping Attacks Published on July 02, 2025 at 01:30AM AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users. SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features. Read more of this story at Slashdot.
Post a Comment
Read more