Skip to main content

Quibi, JetBlue, and more leaked your email to advertisers, report finds

Companies like Quibi and JetBlue are leaking users’ email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Related Videos

Edwards found hundreds of millions of emails and real users could have been affected, and that this issue has apparently been ongoing for years.

In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.

He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.

Edwards said he had reached out to all the companies affected, and only three made efforts to plug the leak: Wish.com, Mailchimp, and the Washington Post.

In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”

A spokesperson for Quibi claimed in an email to Digital Trends that the problem had already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”

Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”

Wish also said Edwards’s Medium post was “off the mark,” and that the companies that received the data did so because they were Wish’s advertising and sales service providers, and that this was therefore not a breach.

Dr. Noah Johnson, co-founder and chief technology officer of data security startup Dasera, told Digital Trends he expects to see more cases like this in the future.

“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”

Editors' Recommendations

Windows 11 may launch tabbed File Explorer, smarter Clipboard
Windows 11 device sitting on a stool.

Microsoft is holding an event featuring Surface and Windows Chief Panos Panay on April 5, and even though it seems to be catered to enterprises, some high expectations are being set. Rumors indicate that Microsoft could announce some big Windows 11 features come event day.

The leading belief is that Windows 11's clipboard could get a lot smarter, according to The Verge. Microsoft might announce the addition of suggested actions to the Windows clipboard, including being able to call a copied phone number or send an email to a copied email address.

Read more
Google Smart Canvas gets deeper integration between apps
A MacBook with Google Chrome loaded.

Google is updating Smart Canvas, a collaboration experience that debuted last year in the midst of the global pandemic designed for better collaboration and remote work, with new improvements targeting hybrid work.

The Internet search giant claims that the latest enhancements to Smart Canvas help to improve collaboration and speed up your workflow when using Google Workspace apps, such as Google Docs and Sheets.

Read more
Ring’s new Pet Profile feature can help find your lost dog
A woman holding her phone showing a Pet Profile.

Over 10 million pets are reported lost every year in the U.S. alone. Ring's neighborhood app, named Neighbors, has returned over 100,000 of these beloved furry creatures to their owners. Today, Ring has updated the app to include new features that will help reunite pets with their owners: Pet Profiles and Contact Me.

Ring, the massive smart home security company, created the Neighbors app so that community members can stay safer together. The app has users connect with other users in their local neighborhood to alert each other when crimes happen, safety events need to be noted, or when pets are lost. The app also connects local public safety authorities with users.

Read more