Skip to main content

Quibi, JetBlue, and more leaked your email to advertisers, report finds

Companies like Quibi and JetBlue are leaking users’ email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Recommended Videos

Edwards found hundreds of millions of emails and real users could have been affected, and that this issue has apparently been ongoing for years.

Please enable Javascript to view this content

In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.

He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.

Edwards said he had reached out to all the companies affected, and only three made efforts to plug the leak: Wish.com, Mailchimp, and the Washington Post.

In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”

A spokesperson for Quibi claimed in an email to Digital Trends that the problem had already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”

Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”

Wish also said Edwards’s Medium post was “off the mark,” and that the companies that received the data did so because they were Wish’s advertising and sales service providers, and that this was therefore not a breach.

Dr. Noah Johnson, co-founder and chief technology officer of data security startup Dasera, told Digital Trends he expects to see more cases like this in the future.

“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Google has some ‘good ideas’ for putting ads in Gemini
Gemini Advanced on the Google Pixel 9 Pro Fold.

Google is exploring adding ads to Gemini AI. CEO Sundar Pichai floated the idea in an earnings call but did not mention a specific date, according to The Verge. He also noted that the company has "very good ideas" about how it could appear in the future.

This year's focus remains on enhancing user experience features and broadening subscription offerings. Pichai noted that advertising has been essential in scaling other Google services, such as YouTube, possibly hinting that ads will eventually come to Gemini. However, Pichai did not mention how Google plans to integrate ads into Gemini when they appear in the AI. He also said they are committed to making the products work and delivering them to a vast audience.

Read more
iPhone 7 owners are getting $200 in class action lawsuit, and here’s how you can track yours
iPhone 7 and iPhone 7 Plus.

Settlement payout from the iPhone 7 class action lawsuit against Apple are starting to roll out. Those who participated in the class action lawsuit have started to receive payments, with amounts varying based on whether you spent any money on repairing the iPhone 7 or the iPhone 7 Plus.

Some of the co-applicants in the lawsuit have started to receive around $200 as part payment from the $35 million settlement, 9to5Mac reported. While the payout is less than the maximum of $350 initially approved by the court, it should still feel satisfactory to the appellants.

Read more
The EU is cracking down on labels in Windows 11’s Start menu
The Surface Pro 11 on a white table in front of a window.

To align with the EU's Digital Markets Act (DMA), Microsoft is updating Windows 11's Start Menu Search, but only for users in the European Economic Area, as Tech Radar reports. The software giant is introducing more transparent labels to distinguish between web search results and local ones. This move is part of broader changes that let users uninstall Edge and turn off Bing integration, reinforcing transparency and user choice.

The changes are in a new Windows 11 Insider Preview Build, build 27764. Notably, X user @alex290292 shared a screenshot that shows the new Start menu user interface with the "Windows" and "Web search from Bing" sections. These changes are great news since they give users more control over Windows 11. Specifically, the modifications include adding custom web search providers to Windows Search, letting users remove the Edge browser, and turning off Bing web search.

Read more