Security Experts:

HootSuite Privacy Snafu Exposed User Email Addresses

HootSuite, a social media management company, is apologizing to users and assuring them that they value their privacy more than they may realize. The apology comes after the company sent out emails over the weekend that included the names and email addresses of thousands of other users.

“HootSuite experienced a technical issue related to our integration of Seesmic accounts with our existing HootSuite user accounts. The failing system resulted in email notifications intended for our new Seesmic users being sent out repeatedly and in some cases user email addresses were exposed in the message headers,” a notice from the company explains.

The issue was quickly contained, but the company expects that those who didn’t notice the issue over the weekend will notice it today as they head into the office. According to the apology, the incident impacted 4,000 users.

“At this time, we are requesting that recipients destroy the messages in order to help us contain the issue. Privacy is a paramount concern for HootSuite and this is in no way a reflection of the respect we have for our users and their privacy,” the notice adds.

While destruction of the faulty emails may give the appearance of containment, the fact is, the cat isn’t just out of the bag here – he stole it and kicked everyone out of the house. There’s no taking it back once the emails were delivered. However, in an additional effort to show their remorse, HootSuite will offer a credit to customers on their monthly bills.

The emails were sent in order to tell users that their 60-day free trial of HootSuite was about to expire. The trial accounts were offered after HootSuite bought out Seesmic in September. HootSuite Pro costs $9.99 per month, and there is no word if the company will offer a free month to those impacted or if they will pro-rate November’s fee.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.