Glassdoor goof exposes thousands of user email addresses

Glassdoor, a site founded on the idea of anonymity, mistakenly exposed the email addresses of hundreds of thousands of users.

On Friday, the company sent out an email announcing that it had changed its terms of service. Instead of blindly copying email recipients on the message, the company pasted their addresses in the clear.

Each message recipient was able to see the email addresses of 999 other Glassdoor users, but the company sent out the message to multiple sets of users, 1,000 at a time, company spokeswoman Samantha Zupan said. Ultimately, the messages exposed the addresses of more than 2 percent of the company’s users, she said. Last month, the company said it had some 30 million monthly active users, meaning that more than 600,000 were affected by the exposure.

“We are extremely sorry for this error,” Glassdoor said in an emailed statement. “We take the privacy of our users very seriously and we know this is not what is expected of us. It certainly isn’t how we intend to operate.”

The error was inadvertent and due to a technical glitch, Zupan said. She declined to elaborate further.

The company sent out a follow-up email to affected users apologizing for exposing their addresses.

Glassdoor offers employees a forum to anonymously rate and comment on their workplaces. The site is intended to offer them a place to honestly discuss their experiences without fear of retribution.

Although the company didn’t directly disclose the names of its users, many of their names could be intuited from their email addresses. Some appeared to be in the format of “first name.last name” or “first initial plus last name.”

Among those affected by Glassdoor’s mistake was Larry Karson, an assistant professor of criminal justice at the University of Houston-Downtown. Karson, who’s used Glassdoor for about 18 months, was outraged that his and other email addresses were exposed. But he was even more upset that when he tried to contact the company about the problem, no one picked up the phone or quickly responded to his message.

The email “was atrocious,” said Karson. “It’s gross negligence on the part of their staff.”

It’s not uncommon for people and companies to mistakenly send out email that exposes the addresses of multiple recipients, said Beth Givens, executive director of Privacy Rights Clearinghouse, a consumer advocacy group. But that doesn’t make it excusable, particularly for an established company like Glassdoor. Indeed, in sending out the email, Glassdoor may have violated its own privacy policy, Givens said.

“A company the size of Glassdoor ought to have procedures in place to prevent that from happening,” she said.

Glassdoor logo, courtesy of the company.


Tags: , ,


Share this Post

  • Just remember folks, NOTHING you post ever goes away and nothing is secure.

    Especially from the ineptitude of web sites.

  • socialismisevil✓ᵛᵉʳᶦᶠᶦᵉᵈ

    So its a DNC run outfit

  • papakurt

    So much for internet data integrity. I’d sue if I used their ‘service’.

  • Jono

    I hate lawyers… While what happened is somewhat bad (oh no! someone can look up your name in an email address, wow!) lawyers like Larry Karson really get on my nerves – he uses the term ‘gross negligence’ because you need to have negligence beyond what a normal person would do in order to sue. I can tell you now, this happens all the time – it’s a pretty normal mistake. I wish people like him were not so sensationalist. I definitely know which University I am glad I didn’t attend…