Ghostery AdBlock exposes hundreds of emails in an attempted GDPR notice

[ItsMitch]

S: https://www.ghostery.com/blog/ghostery-news/ghostery-email-incident-update/

On the same day GDPR was officially enforced, Ghosty, an ad blocking addon for Chrome made a huge blunder by exposing hundreds of emails of it's clients in an apparent notice for GDPR. Awk for them

Quote

Dear Ghostery Users,

We are very sorry! Ghostery sent out an email yesterday that resulted in the exposure of account holders’ email addresses to other Ghostery account holders and Ghostery users. We would like to provide some clarification and transparency regarding our GDPR email that unintentionally revealed the email addresses of some of our user accounts.

Summary

Ghostery sent out an email on May 25, 2018 that unintentionally resulted in the exposure of some account holders’ email addresses.

Only email addresses were exposed.

You are not affected if you use Ghostery but did not provide an email address to us.

You are not affected if you did not receive the GDPR email from Ghostery.

As soon as we found out, we stopped using the email distribution tool.

Ghostery is currently working to rectify the incident and we will keep our users updated.

This is a fairly huge blunder, especially because it's the GDPR email, you know, the one to better your privacy. Ghosty has since informed the EU about the incident and will stop using the email service. 

Quote

What will Ghostery do now?

We take our privacy and security practices very seriously; after all, they are both part of the value statement for our own products. This incident was a clear mistake, and we deeply apologize to our users and anyone else affected.

We will be reporting the incident as mandated by the GDPR.

We have already terminated the email distribution and already determined what went wrong. It was a simple human mistake.

Furthermore, while this was an error with update emails that all account holders will continue to receive (e.g., when we’re legally required), we are providing clear instructions on how to opt out of future Ghostery product and marketing emails or delete an account for those who wish to do so, as well as permanently expunge any user data upon request. If you prefer to not receive these updates you may delete your account.

 

[Beef Boss]

*slowly claps*

If you were worried about privacy, using Chrome was your first mistake. 

[ItsMitch]

Just now, aki adaki said:

*slowly claps*

If you were worried about privacy, using Chrome was your first mistake. 

Imagine blundering this badly thinking

[ARikozuM]

Classes to skip in college:

Business Management I

How to Computer I

Short Story I

 

Ghostery decided to skip the first two and ace the third in their exciting new poem Tackle, Bait, and Phishing. 

 

I was hooked once @yahoo.com was revealed. 

[PCGuy_5960]

12 minutes ago, SC2Mitch said:

-snip-

This email in a nutshell:

 

[Kamina]

Damn, and I use ghostery... on Chrome.

[Christophe Corazza]

3 hours ago, SC2Mitch said:

Imagine blundering this badly thinking

 

What kind of person would use Yahoo mail?!?!?!

:-O

[D13H4RD]

Meanwhile, ABP on FireFox

[ItsMitch]

1 minute ago, D13H4RD2L1V3 said:

Meanwhile, ABP on FireFox

Wasn't abp the one that sold a shit load of user data and showed people ads

[D13H4RD]

6 minutes ago, SC2Mitch said:

Wasn't abp the one that sold a shit load of user data and showed people ads

At one point, yeah.

 

That sorta was the point. I currently just use AdBlock

[PineyCreek]

Happens everyday...people using To or CC instead of BCC...

[leadeater]

8 minutes ago, PineyCreek said:

Happens everyday...people using To or CC instead of BCC...

For this not even BCC should be used. Should be all individually processed direct emails with logging of when it was processed, created, sent and status so you can prove they were sent down to the person.

[JoostinOnline]

5 minutes ago, huilun02 said:

Yes I agree Chrome is not good on privacy, but so is every mainstream browser.

Chrome is the worst of them though. I use Firefox personally.

 

I don't get why anyone would have given their email address to an adblock company though.

[leadeater]

2 hours ago, JoostinOnline said:

I don't get why anyone would have given their email address to an adblock company though.

To subscribe to their ads newsletters.

[CTR640]

In meanwhile I use Noscript and uBlock Origin on FireFox Quantum.

Chrome is such a cancerbrowser, can't believe that shit. It may be fast but oh boy, it can eat RAM like nothing.

[asus killer]

What exactly happened?

Recently, we decided to stop using a third-party email automation platform. In an effort to be more secure, we wanted to manage user account emails in our own system, so we could fully monitor and control data practices surrounding them. 

 

[Master Disaster]

You gotta admit, the irony and comedy is strong with this one, exposing client email addresses in an email containing updated privacy policies is pretty fucking dumb.

[asus killer]

11 minutes ago, Master Disaster said:

You gotta admit, the irony and comedy is strong with this one, exposing client email addresses in an email containing updated privacy policies is pretty fucking dumb.

still you got to give them credit, they did it so they could control the data themselves and not by a 3rd party app like they did before 

 

we trust a lot of stupid and untrustworthy people with our data, it's my take on all this.

[leadeater]

5 minutes ago, asus killer said:

still you got to give them credit, they did it so they could control the data themselves and not by a 3rd party app like they did before 

 

we trust a lot of stupid and untrustworthy people with our data, it's my take on all this.

Sounds like we should have trusted that 3rd party instead lol

[TechyBen]

I assume only registered versions? I tried Ghostery... but IIRC I never gave my email.

[Crosseyed Sniper]

I was actually considering trying out Ghostery with Opera browser. If they're this incredibly incompetent, screw 'em!  I'll just stick to ad blocking and such. 

[asus killer]

6 minutes ago, Crosseyed Sniper said:

I was actually considering trying out Ghostery with Opera browser. If they're this incredibly incompetent, screw 'em!  I'll just stick to ad blocking and such. 

if you have opera you don't need it anyway.

[Crosseyed Sniper]

2 minutes ago, asus killer said:

if you have opera you don't need it anyway.

Yeah, Opera has native ad blocking and built-in VPN. I've never tried out the VPN, though. 

[asus killer]

15 minutes ago, Crosseyed Sniper said:

Yeah, Opera has native ad blocking and built-in VPN. I've never tried out the VPN, though. 

me neither, but the ad block part is the best out there in my opinion, not just because it works but because there are no bugs or issues ever.

 

[Doobeedoo]

Using Opera so yey.