Someone at BrowserStack is Leaking Users' Email Address

April 6, 2026
aisecurityprivacyhardware
Businessman multitasks with smartphone, laptop, and monitor in office setting.
Photo by RDNE Stock project on Pexels

What happened

It has been reported that a tech blogger who uses unique email addresses for every service discovered one of those addresses being used by an unrelated third party. The blogger says they signed up to BrowserStack’s Open Source programme, used a single-purpose email, then received outreach from someone who told them they obtained the address via Apollo.io. Apollo allegedly first claimed its “proprietary algorithm” derived the address, then later told the user the address “came from BrowserStack,” with a published collection date of 2026-02-25.

Responses and silence

The blogger says they emailed BrowserStack asking what the hell was going on — “Hey guys, what the fuck?” — and, despite multiple attempts, received no reply. Apollo’s exchanges are quoted in the post; independent verification of the chain of custody for the data has not been made public. So far there’s no confirmed proof beyond the user’s account, and it has been reported that neither company has provided a public, independent reconciliation of the timeline.

Why it matters

If true, this is more than an awkward privacy snafu. It suggests either that BrowserStack is sharing or selling user contact data, that a third-party vendor is leaking it, or — and this is the worst-case scenario — an employee or contractor is exfiltrating information. Those possibilities are alleged by the blogger; each raises obvious GDPR and trust questions. Who do you trust with your inbox when companies and data brokers can trace an address back to a specific service? Not a comforting thought.

What’s next

The blogger teases a follow-up about how Apollo apparently obtained a phone number from a large company, so the story may expand. For now: independent verification is pending, and affected users should audit which addresses they reuse, monitor inboxes, and consider filing privacy complaints if they see unexpected data sharing. Allegations, for now — but privacy-minded users will be watching.

Sources: shkspr.mobi, Lobsters