Substack users face privacy breaches as the service has released their email accounts through an email blast. Lots of freelance writers and journalists use Substack to grow their audience. Readers subscribe to Substack to receive email newsletters from the writers they like.
How Substack Slipped Up in the Email Blast
Gizmodo reports that Substack released the emails by accident. In sending out new terms of use and agreements, Substack support wrote the email addresses in the CC field instead of the BCC. The CC field shows all the email addresses of everyone who got the email.
Substack just accidentally revealed email addresses of tons of users https://t.co/YhuQ47zqYV
— Gizmodo (@Gizmodo) July 29, 2020
Whose Email Addresses Did Substack Release?
In the report, Gizmodo also said it received an email from Substack. Their email listed addresses from “the letter H to partway through the K’s.” In another email, Gizmodo also saw the addresses of Jeff Bezos, Mark Cuban, and Deray Mckesson, among others. Cuban owns the NBA team Dallas Mavericks, while Mckesson is a civil rights activist.
Should Substack Releasing Email Addresses Affect Me?
Substack had apologized for the error on a Twitter thread. They admitted the mistake and said they had caught it early. Only a “small percentage” of users got affected. In the future, Substack said they would try their hardest not to repeat it.
Even if you know someone else’s email address, it doesn’t mean you can do what you want with it. However, you can expose the person to scams, malware, and hacking. Attackers can use shared passwords stolen in past data breaches.
You also risk seeing hundreds of people hitting Reply-All to the email blast. If that happens, you might want to get another email address.
