Skip to main content
  1. Home
  2. News

Quibi, JetBlue, and more leaked your email to advertisers, report finds

By

Companies like Quibi and JetBlue are leaking users’ email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Edwards found hundreds of millions of emails and real users could have been affected, and that this issue has apparently been ongoing for years.

In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.

He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.

Edwards said he had reached out to all the companies affected, and only three made efforts to plug the leak: Wish.com, Mailchimp, and the Washington Post.

In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”

A spokesperson for Quibi claimed in an email to Digital Trends that the problem had already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”

Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”

Wish also said Edwards’s Medium post was “off the mark,” and that the companies that received the data did so because they were Wish’s advertising and sales service providers, and that this was therefore not a breach.

Dr. Noah Johnson, co-founder and chief technology officer of data security startup Dasera, told Digital Trends he expects to see more cases like this in the future.

“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”

Topics
Maya Shwayder
Maya Shwayder
Former Digital Trends Contributor
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
These new chips could be good news for Copilot+ PCs
The Qualcomm Snapdragon X Plus

The first Copilot+ laptops are already out, powered by Qualcomm's impressive new Snapdragon X chip. The first batch of reviews were delayed, and early impressions have observed the hits and misses of the current chips. But a new leak tells us that Qualcomm might have another ace up its sleeve, and there may be hope for these Arm-based Copilot+ PCs yet. What's new? There might be more models of the chip than what we've been privy to so far.

So far, we've seen reviews of the Asus Vivobook S 15, but that's just one of several chips that fall under the Snapdragon X Elite umbrella. According to files for the Adreno GPU driver, there may be not just six, but 10 different models of the Snapdragon X -- and three of those are Plus chips, which we've previously only seen one of.

Read more
Hacker claims to have hit Apple days after hacking AMD
The Apple logo is displayed at the Apple Store June 17, 2015 on Fifth Avenue in New York City

Data breaches happen all the time, but when the giants get hit, it's impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.

As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There's been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.

Read more
OLED laptops are about to get brighter, thinner, and more expensive
A woman holds a laptop with the LG Tandem OLED logo on it.

LG's new Tandem OLED panel is entering mass production, which is good news for upcoming AI laptops. Today, LG announced that it's the first manufacturer to produce the Tandem OLED panel in a 13-inch variant, and the displays are said to be much thinner and lighter while delivering better performance. The catch? This screen upgrade, which is already available in the latest Dell XPS 13 Copilot+ PC, is going to cost you a pretty penny.

Tandem OLED is a display panel design that has mostly been used in cars up until now, and LG is breaking new ground by producing it for laptops. However, it's not the first time we've seen this design applied to consumer electronics, as Apple's M4 iPad Pros utilize Tandem OLED displays.

Read more