m_km3d ago

Someone at BrowserStack Is Leaking Users' Email Address

https://shkspr.mobi/blog/2026/04/someone-at-browserstack-is-leaking-users-email-address/

Someone at BrowserStack is Leaking Users' Email Address

Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address. A few weeks ago I signed up for BrowserStack as I wanted to join their Open Source programme. I had a few…

Terence Eden’s Blog
Show threadjofzar

> BrowserStack routinely sell or give away their users' data.

> A third-party service used by BrowserStack siphons off information to send to others.

> An employee or contractor at BrowserStack is exfiltrating user data and transferring it elsewhere.

Or the simpler answer, their db/email list has been compromised.

Apr 5 at 1:51pmWeb
Show threadjen203d ago
The simplest answer is they are voluntarily being scum and selling user data to make a quick buck. It’s almost universally true.
Show threadgruez3d ago

>and selling user data to make a quick buck

Are there actually companies that will pay you $$$ for a list of emails?

Show threadjen203d ago
Not exactly, but plenty will just sell everything to data brokers.
Show threadJimDabell3d ago

> It’s almost universally true.

It’s not. I give a unique email address to every service I register with, which means I can see who is leaking my email address. Very few of them leak my email address at all, and those that do tend to do so involuntarily through data breaches.

The other main factors in spam are the sleazeballs at Apollo, ZoomInfo, et al., services that use my email address internally for more than I consented (if I use my email address to register for a service, this does not permit that service to add me to their product mailing list), and the spammers who guess email addresses based on LinkedIn info (e.g. name + company domain).

The number of services who appear to take an email address I have given them and sell it appear to be extremely rare.

Show threadjen203d ago
I do the same, and seem to have a much higher hit rate (or a much lower acceptable baseline!)
Show threadmichaelcampbell3d ago

> > BrowserStack routinely sell or give away their users' data.

> Or the simpler answer, their db/email list has been compromised.

I find the first option far simpler.