Let’s Encrypt, the non-profit Certificate Authority (CA) that helps website administrators switch from HTTP to HTTPS quickly and effortlessly, has accidentally leaked 7,618 email addresses of its users.
“Backed by the EFF, Mozilla Foundation, and several others organizations, Let’s Encrypt made some welcome security choices when it hired outside experts to conduct a security review of its software and the protocol it uses for automatic certificate issuance and management, and issued its first transparency report even before issuing its first certificate. Still, no one is immune from making mistakes. In this case, the mistake seems to have been the result of bug in the automated system used to send out email to active subscribers.”
Details may be found at https://www.helpnetsecurity.com/2016/06/13/lets-encrypt-leaks-email-addresses/.