Loading...
Loading...
A security-conscious user discovered a unique email address created solely for BrowserStack showed up in Apollo.io’s data, and Apollo says the address was sourced from BrowserStack on 2026-02-25. The user contacted BrowserStack repeatedly but received no response, and suspects either BrowserStack shares or sells user contact data, a third-party integration leaks it, or an insider exfiltrated it. Apollo initially claimed its address-derivation algorithm produced the email but later attributed it
A Hacker News thread alleges BrowserStack users' email addresses are being leaked, sparking debate over the source and scale. Commenters suggest possibilities including internal exfiltration by an employee/contractor, a compromised BrowserStack database, or data siphoned by a third-party service; others note similar recent leaks at hosted-browser provider BrightData. Some speculate a shared vulnerability in headless Chrome or misuse of AI services (e.g., Claude) to analyze stolen data. The discussion highlights customer concern about disclosure transparency and the broader risk profile for companies offering headless or hosted browser tooling. The report matters because exposed emails can enable phishing, credential stuffing, and wider supply-chain abuse in developer and security ecosystems.
A user who signed up to BrowserStack with a unique, per-service email discovered that the address was later obtained by Apollo.io and used to contact them. Apollo initially claimed the email was algorithmically derived, then admitted it acquired the address from BrowserStack via its customer contributor network on 2026-02-25. The user contacted BrowserStack but received no response. The post outlines likely explanations: BrowserStack selling or sharing user data, a third-party service leaking it, or an insider exfiltrating data—reflecting broader concerns about commercialized personal-data trade and weak privacy practices. The author warns of further revelations about Apollo obtaining a phone number from a major company.
A user discovered a unique email address created solely for BrowserStack ended up in Apollo.io’s database, implying BrowserStack (or a party with access to its data) shared or leaked the address. Apollo initially claimed the address was algorithmically derived, then admitted it was supplied by BrowserStack via its customer contributor network, with a collection date of 2026-02-25. The user contacted BrowserStack but received no response. Possible explanations include BrowserStack selling or sharing user data, a third-party integration leaking contacts, or internal exfiltration by an employee or contractor. The incident highlights risks around vendor data practices and third-party data brokerage. The author teases a follow-up about Apollo obtaining a phone number from a major company.
A security-conscious user discovered a unique email address created solely for BrowserStack showed up in Apollo.io’s data, and Apollo says the address was sourced from BrowserStack on 2026-02-25. The user contacted BrowserStack repeatedly but received no response, and suspects either BrowserStack shares or sells user contact data, a third-party integration leaks it, or an insider exfiltrated it. Apollo initially claimed its address-derivation algorithm produced the email but later attributed it to BrowserStack’s customer-contributor network. The incident highlights risks around vendor data-sharing, contact-enrichment services like Apollo, and opaque third-party handling of user information, raising privacy and supply-chain concerns for tech companies and their users.