Skip to content

GitHub Mistakenly Releases Enterprise Customer Email Addresses

March 19, 2013

By Paul Thomson :: 5:05 PM

GitHub compromises e-mail addresses of enterprise clients.GitHub, the online code-sharing platform website has accidentally leaked the e-mail addresses of thousands of its enterprise-level customers.

In a glitch discovered when the company sent e-mail reminders to customers about their accounts, e-mail addresses for all enterprise customers were included in the “To:” field of the message. This resulted in recipients being able to view all of the names and companies on the mailing list.

The company quickly realized the error, and stopped the batch transaction that was sending the message. The following statement was released:

This morning a routine email was accidentally sent to many of our GitHub Enterprise customers. In these errant emails, customer email addresses were included in the To: field, making them visible to anyone who received the message.

We have stopped the remaining messages in the email batch from being sent, and are investigating how this happened.

We are very sorry that your email address was accidentally shared. Your GitHub Enterprise installation is unaffected, and no license keys or any other data were exposed during this incident.

We are investigating the root cause of this email issue and will update our blog with our findings.

Again, we are very sorry this happened. Your privacy is very important to us and we will be making changes to ensure that this does not happen again.

Although the company acted quickly to mitigate the damage, at least one of the e-mail recipients has posted the entire mailing list contents to the PasteBin website, where anyone can comb through it to discover what companies and individuals depend on the enterprise level of GitHub for their code management needs. Not necessarily information that many companies would like to see as public information.