Stadia Maps Privacy Fail

View Markdown Other Articles

Article written by a human: Mike Cardwell

This is a tale as old as email, but it made me laugh so I thought I'd share it. I have an account with https://stadiamaps.com. I don't even remember setting it up, so it's certainly not something I've used in a long time.

Anyway, I received an email from them today:

Subject: [Legal Notice] We've updated our legal docs

It contains information about how they've updated their Terms of Service, Privacy Policy and published a new Data Processing Addendum. According to the email, this is for my protection. Also:

Our privacy stance has not changed: it remains fiercely privacy-first.

Fiercely privacy-first. Impressive! Can you guess what they did? Yeah... They put 1,000 of their users email addresses right there in the To header. Luckily I used a custom email address for them, as I do for all companies, so it doesn't matter that my email was leaked:

Just over an hour later, I received this from their CEO, Luke Seelenbinder:

I'm writing to let you know that the Legal Notice email I sent earlier today > was sent with multiple recipient addresses visible in the To field. That was > my mistake, and I'm incredibly sorry.

Ouch. I bet you're not having a good day.

I want to be straightforward: your email address was visible to some of the > other recipients of that message. No other personal data was exposed.

If you wanted to be straightforward you would have said ~1,000 instead of "some".

We've taken steps to prevent this from happening again. I'd ask that you > please delete the original message and do not use the recipient list for > any purpose.

Good luck with that.

We build our business on privacy as a principle. That makes this mistake > especially frustrating, and it's one I take personally. You deserve better.

How do you, "build your business on privacy as a principle?" The same way as every other business that, "takes my privacy seriously" I bet. Easiest claim in the World to make.

If you have any questions or concerns, reply directly to this email and I'll > respond personally.

At least you didn't include 1,000 emails in your second email's To header I suppose.

I guess it's not entirely his fault. The email was sent through Mailgun. How does Mailgun not prevent this from happening? Crazy.

Support my work:   PayPal   Patreon   Bitcoin Address Follow my work: RSS   Atom   Mastodon   Bluesky
← Read more

JavaScript is disabled. These keyboard shortcuts require JavaScript to function.

Keyboard Shortcuts

?
Open this modal
/ or S
Focus on search field
L
Like this page
Esc
Close popup / blur field

Go to

G H
Home
G B
Blog
G S
Search