Mastodawn

Someone at BrowserStack Is Leaking Users' Email Address

https://shkspr.mobi/blog/2026/04/someone-at-browserstack-is-leaking-users-email-address/

Someone at BrowserStack is Leaking Users' Email Address

Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address. A few weeks ago I signed up for BrowserStack as I wanted to join their Open Source programme. I had a few…

Terence Eden’s Blog

Show thread

petcat 3d ago

> Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address.

I think a lot of services will "de-alias" the email addresses from these tricks to prevent alts, account spam, and to still target the "real" account holder email. So the old tricks like "<name>+<website>@<host.com>" is not considered a unique email from "<name>@<host.com>". Unless your site-specific emails are completely new inbox aliases, then I don't think this is as effective as people think it is anymore.

Show thread

Jaxan 3d ago

I just do <website>@<myhost.tld>. It is sometimes confusing by when interacting with customer support ;-)

Show thread

Semaphor

I had one website forward my mail to their legal department who asked me why I’m impersonating them :D Only required a short explanation though.