New findings has it that media companies like Quibi and JetBlue are leaking users’ email addresses to social media tech giants like Facebook, Twitter and even Google through third-party advertisers which in turn lets these information be used to easily track users across the internet as well as tailor ads to them.
According to a researcher, Zach Edwards who found that many popular websites utilize third-party analytics to advertise to users but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies based on his findings which was posted on an extensive Medium post published on Wednesday.
Edwards found that there are hundreds of millions of emails and reals who could have been affected by this practices and that has apparently been going on for a number of years now.
In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.
He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.
But Edwards also made it known he had reached out to all the companies affected by this but just three of them made an effort to to plug the leak and those includes Wish.com, Washington Post and MailChimp.
In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”
Another spokesperson for Quibi also said in another email to Digital Trends that the problem is already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”
Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”
Meanwhile Wish had called Edwards’ Medium Post as being “off the mark” and that the companies that received data did so just so because they w ere Wish’s advertising and sales service providers and that this was not a breach.
Dasera, a data security startup’s Co-founder and CTO, Dr. Noah Johnson also announced to Digital Trends that he’d expect to see more of data breaches in the near future.
“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”
Data breach and email being handed out to advertisers isn’t new on the internet as many companies have exploited on this for a long time. Do you think these companies breached their users’ privacy agreement, let’s know down in the comment section below.