Quibi Improperly Shared User Email Addresses With Third-Party Ad Firms, Researcher Says
Click here to read the full article.
Quibi shared the email addresses of users who signed up for the service with third-party advertising and tracking companies — without explicitly informing them it was doing so, a new study claims.
Less than a month after its April 6 launch, Quibi was discovered to making available email addresses of users who clicked on confirmation links on signup to third-party partners, according to report published Wednesday by Zach Edwards, founder of analytics consulting firm Victory Medium.
More from Variety
Quibi was sharing the email addresses with companies including Google, Twitter, Snapchat and Facebook, which would facilitate the tracking of users’ online activity and make them easier to target with ads.
In a statement, Quibi said it addressed the issue “immediately” once the company was notified. “Data protection is essential to Quibi and the security of user information is of the highest priority,” it said. “The moment the issue on our web page was revealed to our security and engineering team, we fixed it immediately.”
Other companies also found to be improperly sharing users’ email addresses with third-party marketing firms included the Washington Post, JetBlue, Mailchimp and ecommerce platform Wish.com, according to the report. In some cases, the data sharing has been in place for several years, Edwards claimed.
The practice is a “sloppy and dangerous growth hack,” according to Edwards, which is used by companies to improve attribution tracking for analytics tools as well as to optimize retargeting ad campaigns.
Edwards singled out Quibi’s “user data breach” as “one of the most egregious in this research, because they are a new and extremely well-funded organization.” In addition, he pointed out, Quibi launched well after two major privacy regulations — Europe’s GDPR and the California Consumer Privacy Act (CCPA) — went into effect; both of those laws require companies to notify users if their email or other private info is being shared.
“In 2020, no new technology organizations should be launching that leaks all new user-confirmed emails to advertising and analytics companies — yet that’s what Quibi apparently decided to do,” Edwards wrote. He also claimed that “there’s almost no way that numerous people at Quibi were not only aware of this plan, but helped to architect this user data breach.”
Quibi’s privacy policy, dated April 6, does disclose that, “We may share personal information with third-party service providers for them to facilitate services they provide to us,” including “personalized advertising, ad measurement and verification.” But it does not specifically say that a user’s email address could be harvested for online tracking.
Last week, Quibi announced that it had surpassed 2.7 million app downloads in the first two weeks of launch for the short-form video service, which includes dozens of original scripted and unscripted shows. According to research firm Sensor Tower, the figure is plausible if the tally included re-downloads and installs by individual users on multiple devices. Quibi, whose name is a portmanteau of “quick bites,” launched with a free 90-day trial of the service (with ads) to anyone who downloads the app.
Led by founder Jeffrey Katzenberg and CEO Meg Whitman, Quibi has raised $1.75 billion from investors including Disney, NBCUniversal, Sony Pictures Entertainment, ViacomCBS, WarnerMedia, Goldman Sachs and JPMorgan.
Best of Variety
Sign up for Variety’s Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.