Glassdoor Exposes 600,000 Email Addresses

A web site where users anonymously review their employer has exposed the e-mail addresses -- and in some cases the names -- of hundreds of thousands of users. An anonymous reader quotes an article from Silicon Beat: On Friday, the company sent out an email announcing that it had changed its terms of service. Instead of blindly copying email recipients on the message, the company pasted their addresses in the clear. Each message recipient was able to see the email addresses of 999 other Glassdoor users...

Ultimately, the messages exposed the addresses of more than 2 percent of the company's users... Last month, the company said it had some 30 million monthly active users, meaning that more than 600,000 were affected by the exposure... Although the company didn't directly disclose the names of its users, many of their names could be intuited from their email addresses. Some appeared to be in the format of "first name.last name" or "first initial plus last name."
A Glassdoor spokesperson said "We are extremely sorry for this error. We take the privacy of our users very seriously and we know this is not what is expected of us. It certainly isn't how we intend to operate."

companies always say the same thing

We take the privacy of our users very seriously

Every time. Every time there's some major leak of personal info, emails or credit cards or medical records, we hear the same refrain. "We take the privacy of our users seriously".

Uhmm... no, clearly you do not. If you did, then you would not have exposed their email addresses in this manner. This is the opposite of "taking privacy seriously".

Stop saying this, companies. It does not make it better. What makes it better is to demonstrate through actions and policies that you actually do take privacy seriously. There are ways to do this. Not perfect ways, but very good ways. Follow them. Then, and only then can you say this and then look yourself in the mirror with a clear conscience.

Such a mistake was presumably not intentional, but with actual good security practices, this would not have been possible without considerable effort to circumvent the security practices in place. Put them in place. THEN come tell us you "take privacy seriously". We don't care about the words. We care about the actions.

That's what you get.

[bjwest]

You shouldn't try to talk shit about anyone behind their back. Anonymous rating/review sites are ripe for abuse and slander, and the info should be taken with a grain of salt, if not ignored altogether.

The person or persons responsible...

For this egregious error will have no lasting consequences applied to them.

Don't get me wrong. The low cost Indian PR firm or intern that was hired to deal with this issue will be fired. but the CEO who brought down the cost cutting measures that ment they had to hire the cut rate Indian firm/interns will simply get a rise.

Noting to see here please move along.

Bankrupcy

[whoever57]

Glassdoor deserves to go bankrupt and shut down over this. They have spectacularly failed in the one thing they should have done: keeping the identity of their posters secret.

something wrong with this picture

[ihtoit]

let me break it down like this: an anonymous website where you have to give a valid email address tied to you the person is NOT anonymous.