Stories
Slash Boxes
Comments

SoylentNews is people

Ad Blocker Ghostery Celebrates GDPR Day by Revealing Hundreds of User Email Addresses

posted by chromas on Sunday May 27 2018, @06:44PM   Printer-friendly
from the derp dept.

MrPlow writes:

Submitted via IRC for Fnord666

Ad-blocking tool Ghostery suffered from a pretty impressive, self-inflicted screwup Friday when the privacy-minded company accidentally CCed hundreds of its users in an email, revealing their addresses to all recipients.

Fittingly, the inadvertent data exposure came in the form of an email updating Ghostery users about the company's data collection policies. The ad blocker was sending out the message to affirm its commitment to user privacy as the European Union's digital privacy law, known as the General Data Protection Regulation (GDPR), goes into effect.

The email arrived in inboxes with the subject line "Happy GDPR Day — We've got you covered!" In the body of the email, the company informed users, "We at Ghostery hold ourselves to a high standard when it comes to users' privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation."

Source: https://gizmodo.com/ad-blocker-ghostery-celebrates-gdpr-day-by-revealing-hu-1826338313

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ad Blocker Ghostery Celebrates GDPR Day by Revealing Hundreds of User Email Addresses | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Funny) by Ethanol-fueled on Sunday May 27 2018, @07:00PM (9 children)

    by Ethanol-fueled (2792) on Sunday May 27 2018, @07:00PM (#684878) Homepage

    It's an easy mistake to make.

    A mildly-amusing true story. A guy at work's wife had a kid and the announcement was emailed to Bostondynamics_everyone. Then came the congratulations, and everybody who had a nice word to say (there were a lot of them) were all hitting reply-all instead of congratulating just the guy. Email slowed considerably, and finally some angry dude sent a mail like "Stop hitting 'reply-all you idiots!"

    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Total Score:   3  

  • (Score: 5, Touché) by maxwell demon on Sunday May 27 2018, @07:22PM

    by maxwell demon (1608) on Sunday May 27 2018, @07:22PM (#684884) Journal

    "Stop hitting 'reply-all you idiots!"

    Wait, they have a special button to only reply to the idiots? :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.

  • (Score: 2) by requerdanos on Sunday May 27 2018, @07:26PM

    by requerdanos (5997) Subscriber Badge on Sunday May 27 2018, @07:26PM (#684886) Journal

    the privacy-minded company accidentally CCed hundreds of its users in an email

    It's an easy mistake to make.

    That sounds reasonable.

    Unless.... Let's step back and get a little perspective.

    Ghostery Celebrates GDPR Day by Revealing Hundreds of User Email Addresses

    the privacy-minded company accidentally CCed hundreds of its users in an email

    with the subject line "Happy GDPR Day — We've got you covered!"

    the company informed users, "We at Ghostery hold ourselves to a high standard when it comes to users' privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation."

    It's an easy mistake to make.

    I respectfully disagree; that actually sounds like it's one of the less easy mistakes one might make.

    I am actually kind of curious what mitigation steps ghostery plans to take to remove the likelihood of this happening again.

    If violating your privacy is a pretty easy no-biggie mistake for your privacy software vendor, you probably have the wrong vendor looking after your privacy.

  • (Score: 2) by Gaaark on Sunday May 27 2018, @07:29PM (1 child)

    by Gaaark (41) on Sunday May 27 2018, @07:29PM (#684890) Journal

    Some angry dude with the initials E-F by chance?
    :)

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---

  • (Score: 2) by stretch611 on Sunday May 27 2018, @07:34PM (1 child)

    by stretch611 (6199) on Sunday May 27 2018, @07:34PM (#684895)

    It's an easy mistake to make.

    It is an easy mistake to make... for a human.

    However, if you have a list the size of theirs and/or are with their recognition, something like probably isn't done by human.

    This size of a list should be automated, and this is the reason why developers are supposed to test systems.

    This is one of the things that the GDPR tries to stop and they deserve whatever fines are imposed. They have no excuse except their incompetence.

    --
    Now with 5 covid vaccine shots/boosters altering my DNA :P

    • (Score: 0) by Anonymous Coward on Sunday May 27 2018, @07:44PM

      by Anonymous Coward on Sunday May 27 2018, @07:44PM (#684904)

      It's an easy mistake to make.

      It is an easy mistake to make... for a human.

      Why do you think a human was not involved? The mistake could have occurred this way:

      1. Dump email db to exsmell spreadsheet
      2. select all on column containing email addresses
      3. pick copy
      4. switch to draft email window
      5. paste into CC: field by mistake
      6. Press send

  • (Score: 3, Informative) by wonkey_monkey on Sunday May 27 2018, @08:59PM

    by wonkey_monkey (279) on Sunday May 27 2018, @08:59PM (#684913) Homepage

    Pretty easy mistake to catch on an outgoing email server, too, surely?

    if (email->num_recipients>20) { email->quarantine(); alert_richmond(); }

    --
    systemd is Roko's Basilisk

  • (Score: 3, Interesting) by Mykl on Sunday May 27 2018, @11:47PM

    by Mykl (1112) on Sunday May 27 2018, @11:47PM (#684946)

    Similar thing happened at a large government department years ago. However, the guy who wrote "Don't reply-all!" in a reply-all was also yelled at by others, writing "Don't tell us not to reply-all in a reply-all you hypocrite!".

    Things devolved from there and a few hundred messages later (including messages like "Hi Mom" and "This is fun!" to tens of thousands of recipients), IT shut the entire service down for several hours to put a lid on it.

    Your tax dollars at work.

  • (Score: 2) by FatPhil on Monday May 28 2018, @08:29PM

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Monday May 28 2018, @08:29PM (#685294) Homepage
    I'll take your boston dynamics, an itsy-bitsy company, and raise you Nokia. Including all the subbies, I think it was 130000 people. Many not speaking English very well. At the time, we outsourced our email to Microsoft (this was before the Elop (ex-MS) Burning Platform fiasco where we randomly ditched everything and jumped into bed with MS), and those MS servers all just melted at that international game of million ball ping pong.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves