Post Syndicated from ris original http://lwn.net/Articles/691111/rss
Let’s Encrypt has a preliminary
report about an email address disclosure. “On June 11 2016
(UTC), we started sending an email to all active subscribers who provided
an email address, informing them of an update to our subscriber
agreement. This was done via an automated system which contained a bug that
mistakenly prepended between 0 and 7,618 other email addresses to the body
of the email. The result was that recipients could see the email addresses
of other recipients. The problem was noticed and the system was stopped
after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each
email mistakenly contained the email addresses from the emails sent prior
to it, so earlier emails contained fewer addresses than later ones.”
A postmortem is underway. (Thanks to Paul Wise)