MailChimp has plugged a privacy issue that leaked users’ email addresses when they responded to websites’ newsletter campaigns.

Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an “annoying privacy violation” while viewing the referral logs for his website. Those logs help document “Referer Headers” (misspelling intended), optional header fields which specify the address of the previous web page from which a link to the current web page was followed. They are essentially what a web browser sends to a newly opened site when a user clicks on a link such as those found on a Facebook business page or in a marketing email.

Here’s Eden on Referer Headers:

This says “Hello new site, I was referred here by this previous website.” This has some privacy implications – the administrator of a web site can see which website you were on. Usually this is fairly benign, but it can leak sensitive information, as I shall demonstrate.

In his logs, the mobile enthusiast discovered several links from marketing automation platform MailChimp. He clicked on them and discovered each one was unique in that it directed him to the exact newsletter sent out. It’s then he realized that each link went to a user’s specific copy of the newsletter, meaning he could update the user’s email or unsubscribe them if he wished.

What Eden discovered at the bottom of a referer link page. (Source: Thomas Eden)

His curiosity piqued, Eden clicked on the “update your email” link at the bottom of the page. Doing so revealed a version of the email that had been sensitized with asterisks. He then tried the “unsubscribe” link instead. That action revealed the respondent’s email address in full.

What’s the implication of an issue such as this?

Technically, a malicious domain owner could exploit (Read more...)