Someone at BrowserStack Is Leaking Users' Email Address
A developer's unique email address, used only with BrowserStack, appeared in Apollo's sales database days later.
A developer using unique email addresses for each service discovered a direct data leak from BrowserStack to the sales platform Apollo.io. After signing up for BrowserStack's Open Source program, an email address created solely for that service began receiving unsolicited messages. Tracing the source led to Apollo, which first claimed its 'proprietary algorithm' derived the address before admitting the truth: BrowserStack, as a participating customer, had shared the developer's business contact information through its 'customer contributor network.' The date of collection was logged as February 25, 2026.
Despite BrowserStack's public 'No spam, we promise!' assurance, the company has not responded to multiple requests for comment. The incident suggests BrowserStack either sells, gives away, or has a third-party service that siphons user data to partners like Apollo. This points to a systemic, normalized trade in personal information by entities with little regard for user privacy. The developer indicates a follow-up investigation will reveal how Apollo also obtained his phone number from a major company, suggesting this breach is part of a wider pattern.
- A unique email address created only for BrowserStack appeared in Apollo.io's sales database days after sign-up, proving a direct data leak.
- Apollo initially falsely claimed its 'proprietary algorithm' derived the address, then admitted BrowserStack shared it as part of a 'customer contributor network.'
- BrowserStack has not responded to inquiries, breaking its 'No spam' promise and exposing routine data-sharing practices with sales intelligence platforms.
Why It Matters
This breach reveals how SaaS companies may routinely share user data with third-party sales platforms without explicit consent, undermining privacy.