Industry News

Social Media Company Leaks Customer Emails in Notifications

Social media management company HootSuite experienced over the weekend a technical issue that resulted in the leak of over 4,000 customer e-mail addresses to other customers.

The issue took place on Nov. 10 as the company tech team was integrating Seesmic accounts with the ones already on the HootSuite platform. Because of a technical failure in the process, new Seesmic users were sent repeated notifications (read hundreds of) that contained other customers’ addresses in the email headers.

E-mail information as it appears in headers

“HootSuite experienced a technical issue related to our integration of Seesmic accounts with our existing HootSuite user accounts. The failing system resulted in email notifications intended for our new Seesmic users being sent out repeatedly and in some cases user email addresses were exposed in the message headers,” reads the notice by CEO Ryan Holmes on the company’s website.

The gloomy part here is that disclosing other users’ e-mail addresses used with the service is always a bad idea. It can facilitate phishing attacks and make them an easy target for spammers. On the bright side, these e-mail addresses were not disclosed in a visible part of the e-mail message, but in the header section of the message – a section that contains technical information about the e-mail, its sender, as well as the path the message travelled until it was delivered. It is only displayed on user’s request, so chances of somebody having noticed the HootSuite snafu were minimal should they not issue the official notification.

“At this time, we are requesting that recipients destroy the messages in order to help us contain the issue.  Privacy is a paramount concern for HootSuite and this is in no way a reflection of the respect we have for our users and their privacy […] For users who were affected, please stay tuned for a product credit as a further sign of our utmost respect and desire to make things right.”

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment