

How I just unsubscribed every Digg employee from their own service - JeroenRansijn

When you want to unsubscribe from the Daily Digg, you can simply go to this URL: http:&#x2F;&#x2F;link.digg.com&#x2F;manage&#x2F;optout?email=my@email.com<p>And manage the subscription for this email. So why not pull a prank and unsubscribe all Digg employees this way.<p>Let&#x27;s assume that everyone on the About page of Digg (http:&#x2F;&#x2F;digg.com&#x2F;about) has an official Digg account such as kevin@digg.com. We load the page and bam, unsubscribe. Hopefully we can raise some confusion at HQ. Funny enough, not every employee is subscribed to the Daily Digg, these guys were not: Jon &amp; Jake, Shivram, Justin, David
======
staunch
It says in your profile that you're 19, so it makes sense that you might not
have figured out how not to be an idiot yet. It can take time. What you should
have done is simply contacted them privately and let them know. Not
unsubscribed them. Not posted about it publicly before they had a chance to
fix it.

------
ternaryoperator
Discovering a way to screw around with someone's website is not an invitation
to do it. Anymore than an open window is an invitation to enter someone's
home. Stay classy.

~~~
JeroenRansijn
I understand your reaction, but this is basically a backdoor for checking if
e-mail accounts exist, and could be misused by serious attacks. I'm only
exposing it.

~~~
ternaryoperator
You expose a hole by contacting the company and letting them know so they can
fix it. You don't use the hole to dick with their site.

~~~
dromidas
It could be worse. He could have gone and generated every possible email
xxxxxx@hotmail.com xxxxxx@gmail.com xxxxxx@outlook.com, etc etc. And
unsubscribed them all, stored their email addresses, and then subscribed them
all to fox news newsletter.

------
benzimmer
I'll just leave this here for you, in case the next time you find something
like this you decide to act like a grown up.

[http://en.wikipedia.org/wiki/Responsible_disclosure](http://en.wikipedia.org/wiki/Responsible_disclosure)

------
JeroenRansijn
Alright guys, thanks for the comments, I'll subscribe them again, and let them
now. Didn't consider it so serious.

------
gscott
Nowdays that is "unauthorized use of a computer" probably 20 years in jail.
You can get more names from LinkedIn maybe unsubscribe everyone in the whole
company.

------
itsnotvalid
It should always be the sane thing to report to them about this vulnerability.
White hat, man.

------
cooperx
Yes. Lets punish them for not making it overly complex and hard to opt
out.....

