Skip to main content

Quibi, JetBlue, and more leaked your email to advertisers, report finds

Companies like Quibi and JetBlue are leaking users’ email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Edwards found hundreds of millions of emails and real users could have been affected, and that this issue has apparently been ongoing for years.

In the case of Quibi, after a new user confirms their email address, the email is added to the webpage URL in plain text, Edwards wrote, and then shared with third-party advertisers.

He described the leaks as “a sloppy and dangerous growth hack,” and added that some of those breaches are still live.

Edwards said he had reached out to all the companies affected, and only three made efforts to plug the leak:, Mailchimp, and the Washington Post.

In a statement to Digital Trends, JetBlue said: “The safety and security of our customers and their personal data is a priority and we take these concerns seriously. We will review the researcher’s findings to ensure we are respectful of our customers’ personal information and are in full compliance with the standards we have set.”

A spokesperson for Quibi claimed in an email to Digital Trends that the problem had already been fixed. “Data protection is essential to Quibi and the security of user information is of the highest priority,” the spokesperson said. “The moment the issue on our webpage was revealed to our security and engineering team, we fixed it immediately.”

Wish, also in an email, said that “data protection and user trust are a top priority,” and that after receiving “a report from a security researcher,” it had “promptly investigated” and made changes, including “additional use of encryption to further protect user email addresses.”

Wish also said Edwards’s Medium post was “off the mark,” and that the companies that received the data did so because they were Wish’s advertising and sales service providers, and that this was therefore not a breach.

Dr. Noah Johnson, co-founder and chief technology officer of data security startup Dasera, told Digital Trends he expects to see more cases like this in the future.

“Businesses have secured their infrastructure well from external hackers but not from the point of view of how they themselves use consumer data,” he said. “When thousands of insiders — analysts, data scientists, contractors — are using consumer data daily, there is always the chance that one instance of carelessness or malice can cause users to lose trust with your brand.”

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Chocolate mousse in space is more important than you think
Astronaut Andreas Mogensen with his chocolate mousse aboard the space station.

Astronauts on board the International Space Station (ISS) keep a busy schedule during their six-month stints in orbit. Most of their time is taken up with carrying out scientific research in the unique microgravity conditions that the facility provides, while the occasional spacewalk takes care of upgrades and general maintenance.

The research programs include learning about the best way to grow crops off-Earth and aboard the relatively cramped conditions of the orbital facility, an especially important task if we’re ever to send astronauts on long-duration missions to a lunar base or even to Mars.

Read more
No more GPUs? Here’s what Nvidia’s DLSS 10 could look like
RTX 4070 logo on a graphics card.

The latest version of Nvidia's Deep Learning Super Sampling (DLSS) is already a major selling point for some of its best graphics cards, but Nvidia has much bigger plans. According to Bryan Catanzaro, Nvidia's vice president of Applied Deep Learning Research, Nvidia imagines that DLSS 10 would have full neural rendering, bypassing the need for graphics cards to actually render a frame.

During a roundtable discussion hosted by Digital Foundry, Catanzaro delved deeper into what DLSS could evolve into in the future, and what kinds of problems machine learning might be able to tackle in games. We already have DLSS 3, which is capable of generating entire frames -- a huge step up from DLSS 2, which could only generate pixels. Now, Catanzaro said with confidence that the future of gaming lies in neural rendering.

Read more
Spotify using AI to clone and translate podcasters’ voices
spotify app available in windows 10 store

Spotify has unveiled a remarkable new feature powered by artificial intelligence (AI) that translates a podcast into multiple languages using the same voices of those in the show.

It’s been made possible partly by OpenAI’s just-released voice generation technology that needs only a few seconds of listening to replicate a voice.

Read more