m_km3d ago

Someone at BrowserStack Is Leaking Users' Email Address

https://shkspr.mobi/blog/2026/04/someone-at-browserstack-is-leaking-users-email-address/

Someone at BrowserStack is Leaking Users' Email Address

Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address. A few weeks ago I signed up for BrowserStack as I wanted to join their Open Source programme. I had a few…

Terence Eden’s Blog
Show threadgruez

>After a brief discussion, the emailer told me they got my details from Apollo.io

The landing page for Apollo.io says it's a "AI sales platform". In other words, a CRM. My guess is that someone on the sales team uploaded the entire customer list for sales purposes, not realizing the privacy implications.

Apr 5 at 2:15pmWeb
Show threadmichaelcampbell3d ago

> not realizing the privacy implications.

If only.

Show threadgruez3d ago
Linkedin got users to unwittingly to share their entire contact list by signing into gmail. What makes you think something similar wouldn't happen to some non-technical person on the sales team?
Show threadmichaelcampbell3d ago
My point is I don't think one bit of this is accidental.
Show threadgruez3d ago
And my point is that it's pretty easy for people to accidentally do it, and this is corroborated by the available evidence, so we should apply hanlon's razor rather than assuming someone at browserstack was laughing maniacally while uploading the email list.
Show threadmichaelcampbell3d ago
I made no such assertion. Only that businesses do things in the business's interest more frequently than databreaches.
Show threadgruez3d ago

> Only that businesses do things in the business's interest

That's not mutually exclusive with "someone on the sales team uploaded the entire customer list for sales purposes, not realizing the privacy implications".

>more frequently than databreaches.

You're fighting against both hanlon's razor and occam's razor here. The OP states the leak came from Apollo, and as other commenters have noted, Apollo specifically has a "Contributor Network" that shares email lists with other companies, and isn't well documented. It's not hard to imagine how this was done unintentionally. On the other hand there's no evidence to suggest this was done intentionally, other generic cynicism of "businesses do things in the business's interest" or whatever.