Skip to main content
  1. Home
  2. News

Quibi, JetBlue, and more leaked your email to advertisers, report finds

By

Companies like Quibi and JetBlue are leaking users’ email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Recommended Videos

Edwards found hundreds of millions of emails and real users could have been affected, and that this issue has apparently been ongoing for years.

In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.

He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.

Edwards said he had reached out to all the companies affected, and only three made efforts to plug the leak: Wish.com, Mailchimp, and the Washington Post.

In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”

A spokesperson for Quibi claimed in an email to Digital Trends that the problem had already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”

Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”

Wish also said Edwards’s Medium post was “off the mark,” and that the companies that received the data did so because they were Wish’s advertising and sales service providers, and that this was therefore not a breach.

Dr. Noah Johnson, co-founder and chief technology officer of data security startup Dasera, told Digital Trends he expects to see more cases like this in the future.

“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”

Topics
Maya Shwayder
Maya Shwayder
Former Digital Trends Contributor
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Your Google Photos app may soon get a big overhaul. Here’s what it looks like
The Google Photos app running on a Google Pixel 8 Pro.

Google Photos is set to get a long-overdue overhaul that will bring new and improved sharing and notification features to the app. With its automatic backups, easy sorting and search, and album sharing, Google Photos has always been one of the better photo apps, and now it's set to get a whole slew of AI features.

According to an APK teardown done by Android Authority and the leaker AssembleDebug, Google is now set to double down on improving sharing features. Google Photos will get a new social-focused sharing page in version 6.85.0.637477501 for Android devices.

Read more
The numbers are in. Is AMD abandoning gamers for AI?
AMD's RX 7700 XT in a test bench.

The data for the first quarter of 2024 is in, and it's bad news for the giants behind some of the best graphics cards. GPU shipments have decreased, and while every GPU vendor experienced this, AMD saw the biggest drop in shipments. Combined with the fact that AMD's gaming revenue is down significantly, it's hard not to wonder about the company's future in the gaming segment.

The report comes from the analyst firm Jon Peddie Research, and the news is not all bad. The PC-based GPU market hit 70 million units in the first quarter of 2024, and from year to year, total GPU shipments (which includes all types of graphics cards) increased by 28% (desktop GPU shipments dropped by -7%, and CPU shipments grew by 33.3%). Comparing the final quarter of 2023 to the beginning of this year looks much less optimistic, though.

Read more
Hackers claim they’re selling the user data of 560 million Ticketmaster customers
A crowd enjoying a music show that you are at because of Ticketmaster.

Ticketmaster is giving people a lot to talk about. If the Justice Department is not suing it, it's reportedly suffering a data breach affecting the vital information of hundreds of millions of users. Hackread reports that a hacker group is claiming it breached Ticketmaster, putting the personal data of 560 million users at risk of suffering all types of attacks.

According to Hackread, the total amount of stolen data reaches 1.3TB and includes personal information such as names, emails, phone numbers, addresses, event details, ticket sales, order information, and partial payment card data. The list doesn't end there, though, as the compromised data also includes customer fraud details, expiration dates, and the last four digits of card numbers.

Read more