Chris Brook writes:
Certificate authority Let’s Encrypt accidentally disclosed the email addresses of several thousand of its users this weekend. Josh Aas, Executive Director for the Internet Security Research Group (ISRG), the nonprofit group that helped launch the CA, apologized for the error on Saturday. In what Let’s Encrypt dubbed a preliminary report posted shortly after it happened, Aas blamed the faux pas on a bug in the automated email system the group uses.
Read more on ThreatPost.