A bug in online petition service Change.org has been fixed, after it disclosed email addresses that could have belonged to current or former subscribers.
The number of results returned on searches ranged from 40,000 to 65,000, although not every result included an e-mail address. Upon notification, website administrators disabled the search function and asked search engines to remove the offending results while engineers investigate and fix the underlying problem.
In a statement, Change.org said that the users whose email addresses were exposed had pasted emails they had received from Change.org into public web pages. Google then indexed the unsubscribe link at the end of those emails.
“Those links contain the user’s email address to make it easy as possible to unsubscribe, and that’s how those email addresses appeared on the site,” it said.
“Previously, we were not preventing search engines from including those pages, but our engineering team is working on preventing that right now. They are also clearing the email addresses that have been indexed already, however this involves working with other search engines, which can take about 24 hours.”