Hundreds of email addresses exposed, customers predictably less-than-thrilled
The tweets below are typical reactions to the situation.
Well, crap, @Coil! You just managed to expose every single user's email address in one email where you used the TO: field, amounting to a comprehensive data breach.— Jason C. McDonald (@codemouse92) November 17, 2020
This is a cataclysmic privacy and security mistake. I can't trust you with my info, and have deleted my account.
Hey @Coil, thanks for sending me a marketing email with 999 other people's emails in the "to" field. It's super cool that all of us now have each other's email address and know that we all have a Coil account.— Jordan Kicklighter (@jwkicklighter) November 17, 2020
@Coil You sent out an email about terms/privacy updates, and exposed the email addresses of thousands of users (super ironic). Now, my email address is visible in the inboxes of thousands of people I don't know!— brianli.com (@bwhli) November 17, 2020
Are you serious?! pic.twitter.com/GxVIygjRop
At the time of writing the mails appear not to have spawned a Reply-All storm. The Coil user who tipped us off to the situation told us he was “tempted to start one” and reported “everyone's been well behaved. They sent it from a no-reply email address anyway :)”.
Coil has become aware of the incident and sent an apology email with a subject line "Please forgive us".
Founder and CEO Stefan Thomas offered the following sentiments:
This mistake is especially painful as we take privacy extremely seriously -- it is the cornerstone of our values. We’re deeply sorry and hope you can forgive us for this mistake. We’re here to help you with any concerns or issues you may have as a result of this error.
The company has not addressed other questions we asked regarding how the incident occurred and its plans to prevent similar events in future.
Coil offers a service that charges users $5 a month, then shares that sum with publishers and content creators. The company offers the latter a chance to monetise their work without having to operate a subscription service. Users get the chance to send some cash to sites they appreciate. ®