Friday, April 3, 2015 at 06:00 hrs PST US time, we became aware that the email addresses of a small subset of our users (less than 0.001%) could be seen publicly through the search function on our platform.
When issues like this surface, they become our number one priority as a company. I want to take a moment to explain what happened, what we’re doing to fix it, and apologize for the concern it may have caused.
Our investigation showed that the users whose email addresses were exposed had previously pasted emails they had received from Change.org into public web pages. Google then indexed the unsubscribe link at the end of those emails. Those links contain a hashed version of the user’s email address to make it easy as possible to unsubscribe, and that’s how those email addresses appeared on the site.
It is best practice to obscure or hash the email address in unsubscribe links, which we already do. Our mistake was that search engines then follow those links, and we allowed them to show the resulting page which contained the email addresses.
As soon as we were alerted to this issue, our engineering team began work to address it and to prevent it from occurring again. Here’s what we’ve done:
- We have temporarily disabled search on Change.org. This will affect some functionality across the site.
- We have asked all major search engines to clear the email addresses that have been indexed already, which can take about 24 hours.
- We’ve put into effect a fix that prevents search engines from indexing unsubscribe pages from here on out.
We apologize for any concern this may have caused our users – rest assured, this is just as concerning to us because we constantly strive to make your experience of Change.org as safe and secure as possible.