

GitHub just leaked 3032 email addresses - robinson-wall

In the last few minutes I've been receiving emails from GitHub with "Company name, your GitHub Enterprise license expires (today|in x days)", each with 3032 email addresses in the 'To:' field.<p>I just hope that I don't end up getting all 3k emails.
======
robinson-wall
Just got an update through:

    
    
        This morning a routine email was accidentally sent to many of our GitHub Enterprise customers. In these errant emails, customer email addresses were included in the To: field, making them visible to anyone who received the message.
    
        We have stopped the remaining messages in the email batch from being sent, and are investigating how this happened.
    
        We are very sorry that your email address was accidentally shared. Your GitHub Enterprise installation is unaffected, and no license keys or any other data were exposed during this incident.
    
        We are investigating the root cause of this email issue and will update our blog with our findings.
        
        Again, we are very sorry this happened. Your privacy is very important to us and we will be making changes to ensure that this does not happen again.
    
        If you have any further questions please email us at support@github.com

------
michokest
While unprofessional and insecure, things like this can happen even in the
best development teams.

To whoever got access to this list, practice responsible disclosure and please
don't publish the emails.

------
tair
Does anyone want to hit "reply" and ask how it has happened? :P

~~~
mjbraun
I think you mean "reply all".

------
numberwhun
Even so, it would make more sense to put all the addresses in a mass email in
the BCC field. Regardless of if they are enterprise clients or not. Keeping
contacts safe and secure should be a requirement.

~~~
robinson-wall
That's the thing - each email seems to be tailored for the company receiving
it, it wasn't a one-shot to all on a list.

It feels kind of like the wrong variable was used for To when looping through
generating the day's license expiration emails.

------
amccloud
I also got this email. It's a list composed of their enterprise contacts.

------
zakx
Got this mail too, opened up a ticket with them.

------
cmatthias
I also got these emails. Nice work, Github.

