[ad_1]
According to a new research report, some of the most popular online websites today have leaked hundreds of millions of email addresses to advertisers and data analytics companies.
As a result of a flaw in the registration processes attached to websites like Wish, MailChimp and the recently launched Quibi, users’ email addresses were channeled to the returns of the world’s largest advertisers, including Google, Facebook and Twitter
Written by security researcher Zach Edwards, the report explains that clicking on the links embedded in account confirmation emails, addresses and other user data is released to third parties, who can then use the information to inform personalized advertising efforts.
The report does not clarify precisely how the email addresses were used by third-party advertisers.
Email address leaks
This specific variety of non-compliance occurs when an email address is added to a URL after user activation of a link. The information is then transferred to third-party advertising and analytics companies, sometimes in plain text, as a mechanism for JavaScript code.
Users of the Google Chrome web browser are more likely to be victims, because the browser does not block JavaScript activity by default, unlike rival services Safari, Brave and Firefox.
E-commerce giant Wish was said to be responsible for one of the biggest leaks, which “likely involved hundreds of millions of user emails,” according to Edwards.
While the report criticizes the lethargy displayed by many affected companies, it notes that Wish did its best to remedy the problem, rebuilding its email architecture within 72 hours of the disclosure.
The Quibi streaming platform, launched on April 6, was also flagged as a criminal and has since taken steps to address the rape. “The moment the problem on our website was disclosed to our security and engineering team, we fixed it immediately,” the firm said.
According to Edwards, while users can take steps to prevent leaks of this type (such as using an ad blocker or a privacy-focused browser), the fact that companies do not request the deletion of emails from users of third party records is at the heart of trouble.
“Organizations need to share users’ emails in this way to send partner removal requests to third-party advertising and analytics companies that received the emails,” he said.
Most of the faulty systems were still alive as of the report’s release on April 29, suggesting that many consumers remain at risk.
Via New York Times
