m_km3d ago

Someone at BrowserStack Is Leaking Users' Email Address

https://shkspr.mobi/blog/2026/04/someone-at-browserstack-is-leaking-users-email-address/

Someone at BrowserStack is Leaking Users' Email Address

Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address. A few weeks ago I signed up for BrowserStack as I wanted to join their Open Source programme. I had a few…

Terence Eden’s Blog
Show threadpetcat3d ago

> Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address.

I think a lot of services will "de-alias" the email addresses from these tricks to prevent alts, account spam, and to still target the "real" account holder email. So the old tricks like "<name>+<website>@<host.com>" is not considered a unique email from "<name>@<host.com>". Unless your site-specific emails are completely new inbox aliases, then I don't think this is as effective as people think it is anymore.

Show threadJaxan3d ago
I just do <website>@<myhost.tld>. It is sometimes confusing by when interacting with customer support ;-)
Show threadOptionOfT

Yes ma'am, my email address really is bofa.com@<optionoft's-lastname>.com

No I'm not trying to hack you.

Which in hindsight is also what a hacker would say. I can't win...

Apr 5 at 2:23pmWeb
Show threadnoAnswer3d ago

There are some big brain companies who will block you if their name appears in the email address. Like Discord. You can create an account, with [email protected]. But a seconde later you will get an email that your account got band.

They know their way around IT security! /s

Show threadanonymousiam3d ago
What you say is often true, but in the case of Discord, at least in my case, you are wrong. My Discord email address is [email protected], and I am still receiving emails from them.
Show threadnoAnswer3d ago
It happend to me when i created my account in 2025. Within seconds of verifying the address I got a email that my account was band for TOS violation. I than created a seconds account (within minutes from the same IP) only writing "dc" instead of "discord" and that worked. ¯\_(ツ)_/¯
Show threadzephen3d ago
Where, of course, 'bofa' is merely short for 'bofetada.'
Show threadjnettome3d ago
On top of it my email address is .me so is very common to when I finish spelling my e-mail, people waiting for .com