Plaxo release email addresses
Update: John McCrea, VP of Marketing at Plaxo commented- there was a bug. They’ve responded quickly and the bug has been fixed & deployed. I can’t confirm this, but it’s good to hear. Well done to John & team.
Plaxo (recently acquired by Comcast) you might remember for their old spammy habits. Since their launch of Pulse however the reviews have been more positive- can you get worse reviews then being classed as spammers?
Today I was looking through my Google Analytics & noticed what I only hope is a mistake. I received a visitor with this referrer:
/?src=PulseWeeklyDigestV2&et=20&requiredUser=77309776589
&loginEmail=kram@kramng.co.uk&el=en_gb&forceSignin=1&
(email address edited as not to republish)
… I know exactly who that visitor was as Plaxo released his email address. Yes, released his email address. RELEASED HIS EMAIL ADDRESS.
If this isn’t a one-off and this code runs in production they are effectively releasing email addresses for anyone who clicks on links in their emails from web clients. Possibly all their emails, or maybe just their “PulseWeeklyDigestV2″, I can’t check as I don’t use Plaxo. Right now I’m glad!
Tags: Bad practices, Comcast, Plaxo, Pulse, Spam
June 18th, 2008 at 9:32 am
The old spammy Plaxo seemed like knowing disregard for users’ privacy. This is more like mere carelessness and sloppy coding shortcuts, but in a way that’s even worse! At least it seems it only reveals the email addresses of the unfortunate Plaxo account holders, and not all their contacts too this time.
June 18th, 2008 at 9:45 am
Blimey. Worse than spam is facilitating it!
June 18th, 2008 at 10:13 am
Thanks for the heads up. Didn’t use the thing anyway, but that’s enough encouragement to delete my account (at last).
June 18th, 2008 at 10:28 am
I’m the person whose email is mentioned. It is in live, as I know when I clicked the link. I’ve deleted my plaxo account (I only used it for the weekly summaries anyway, and there are better ways).
June 18th, 2008 at 10:50 am
Hmmm, think I shall be deleting my account. Never liked or used it anyways
June 18th, 2008 at 11:09 am
[...] Stephanie just DMed me on Twitter, linking to Dave’s post about how Plaxo appears to be releasing user’s email addresses. [...]
June 18th, 2008 at 11:13 am
Deleted my account and blogged it — thanks for the heads up, Dave!
June 18th, 2008 at 11:34 am
Thanks for the headsup - I’ve also deleted my account. As I never used the service anyway, I suppose I’m just doing them a favour.
June 18th, 2008 at 11:37 am
well i just deleted mine because i couldn’t work out how to change my email address to one that wasn’t so crucial. i can understand they want to be able to ensure that the email address is real and validated, but at least make it easy for me to manage. FAIL!
i also linked to this post in the free text box for suggestions on the account delete page
June 18th, 2008 at 1:09 pm
[...] I’m leaving Plaxo, thanks to Aral and others for notifying me about this screwup. I was probably going to leave anyways, because Plaxo is being [...]
June 18th, 2008 at 1:09 pm
Thanks for the heads up, I just deleted my account as well.
June 18th, 2008 at 2:34 pm
Thanks from me too. I’m heading over to delete my account right now.
June 18th, 2008 at 2:41 pm
Thank you for pointing this out, Dave - I’ve just deleted my account. Should have put the link to your post in their text box, like Josh did, I think
June 18th, 2008 at 6:13 pm
Buhbye, Plaxo.
Thanks for the heads-up.
June 18th, 2008 at 7:17 pm
Dave,
Thanks for the heads-up on this. I’ve got our team looking into it as I write this.
John McCrea
VP of Marketing
June 19th, 2008 at 12:20 am
Deleted.
June 19th, 2008 at 3:16 am
Dave,
I can confirm that you did, indeed, discover a bug in our software. It was a kind of unusual corner case, so we really appreciate your help in discovering it.
I also want to share the news that we were able to fix the software today, and the patch is now live in production.
Fortunately, only a very small number of people might have experienced the problem, and in most of those cases the recipient would already have the visitor’s email address (by virtue of being connected in Pulse).
If you ever observe any other issues, please don’t hesitate to let us know, and feel free to contact me directly at any time. (I’m john@plaxo.com.)
Thanks.
John McCrea
VP of Marketing
Plaxo
June 19th, 2008 at 6:53 am
[...] Not trusting Plaxo at all, I signed on with my hotmail account which is basically my garbage collection module. Which is a good thing, because it looks like Plaxo still has trouble respecting your privacy. [...]
June 19th, 2008 at 11:12 am
Ah, I deleted mine yesterday as I didn’t use it anyway. Even though it’s fixed I don’t think I’ll bother signing up again until I see a need to.
June 20th, 2008 at 7:34 pm
[...] is an interesting lamecomment from Plaxo’s VP of Marketing, John McCrea on Dave's website: I can confirm that you did, [...]