Tuesday, March 5, 2019
Home / Security / Information / Let’s Encrypt leaks 7,600 customer emails

Let’s Encrypt leaks 7,600 customer emails

Certificate authority Let’s Encrypt unintentionally revealed the email addresses of several thousand of its users a few days ago.

Josh Aas, Executive Director for the Internet Security Research Group (ISRG), the not-for-profit orgainzation that assisted the launch of the certificate provider apologized for the mistake on Saturday. In what Let’s Encrypt named an initial report posted soon after it happened, Aas blamed the faux pas on a bug in the automated email system the group uses.

The email, a revision to the CA’s subscriber agreement, had a mailing list that included at most 7,618 email addresses appended to the body’s text, meaning anyone that was a subscriber received that list of emails, in plaintext.

Some users saw more emails than other users, however.

“Each email mistakenly contained the email addresses from the emails sent prior to it, so earlier emails contained fewer addresses than later ones,” Aas wrote.

Aas claims it could’ve been worse however; officials with the CA noticed the issue and stopped the system before it sent out 383,000 emails, meaning only a fraction, 1.9%, was sent.

The group plans to investigate exactly what led to the leak and is asking anyone who received the email to not post the email addresses online.

“We take our relationship with our users very seriously and apologize for the error,” Aas wrote, “We will be doing a thorough postmortem to determine exactly how this happened and how we can prevent something like this from happening again. We will update this incident report with our conclusions.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …