Let's Encrypt, a free and open certificate authority for issuing digital certificates, has inadvertently distributed a number of subscriber email addresses in a message sent to all subscribers.
Let's Encrypt is operated by the non-profit Internet Security Research Group (ISRG), and was unveiled in 2014 as a free service for the public's benefit, enabling anyone who owns a domain name to obtain a trusted certificate at no cost.
The organisation has now issued an alert notifying its users that an email recently sent to all active subscribers informing them of an update to the subscriber agreement inadvertently disclosed the email addresses of some of those subscribers.
"On June 11 2016 we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email. The result was that recipients could see the email addresses of other recipients," the alert said.
The problem was spotted quickly, according to Let's Encrypt, and the system was halted after 7,618 emails had been sent out of approximately 383,000 scheduled.
Each email mistakenly contained a cumulative list of all email addresses used from the emails sent prior to it, so earlier emails contained fewer addresses than later ones.
The organisation has issued an apology, and asked people who received one of the faulty emails not to publicly disclose any of the other subscriber email addresses.
"We take our relationship with our users very seriously and apologise for the error. We will be doing a thorough post mortem to determine exactly how this happened and how we can prevent something like this happening again. We will update this incident report with our conclusions," said Josh Aas, ISRG executive director, in a post on the Let's Encrypt site.
Let's Encrypt is backed by a number of organisations, including Cisco, Mozilla, Akamai and the Electronic Frontier Foundation.
Equinox's Dave Millett explores how phone, mobile and broadband could be affected by a no-deal Brexit
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"