As discussed in my last blog post, the scumsuckers at Apollo.io have been giving out my personal details.
Not only did they have my email address, they also had a copy of one of my phone numbers. I asked them where they got it from and they said:
Your phone number came from Parsely, Inc (wpvip.com) one of our customers who participates in our customer contributor network by sharing their business contacts with the Apollo platform.
I've never done any business with Parsely. They have no reason to have my phone number and absolutely no permission to share it with other organisations.
Back in 2021, Parsely became part of WordPress VIP. Ah yes, our old "friends" at Automattic with their somewhat lax attitude to privacy.
I took advantage of WordPress VIP's GDPR policy and sent a terse but polite "Hey, WTAF?" to them. Their response was quick:
Thanks for reaching out. We are currently investigating our systems to locate any personal data regarding your request. We appreciate your patience.
After a bit of prodding, they eventually replied with:
It appears that we obtained your contact information as a result of a meeting you had with a representative for the WPScan service around August 5, 2022. WPScan is owned by our parent company Automattic.
We have no record of Parsely, Inc. (which is no longer in existence) or WPVIP Inc. (the owner of the Parse.ly service) having any relationship with Apollo.io.
We also have no record of Parsely, Inc. or WPVIP Inc. having sold or otherwise provided your information to any third party.
I have no memory and no record of meeting anyone from WPScan - although I concede it is possible I did as part of a previous job.
But even if it was in an email signature when I contacted them that still doesn't explain how it made its way to Apollo for them to give to spammers everywhere. Was it a hack? A data leak? A treacherous employee? A deliberate sale? A sneaky app update? Or maybe just Apollo lying to me.
I don't care any more. I'm just so tired of shitty companies treating personal data as a commodity to be traded, sold, repackaged, and abused.
One thought on “Did WordPress VIP leak my phone number?”
Perhaps we need laws not just about sharing of data without permission, but even having the data without permission. If a company has your data but cannot provide direct evidence of who collected it, when permission was granted and how you gave permission; then they should be punishable.
Eg: someone has your contact details because you emailed them and it's in your sig. Sure, fine.
Those contact details get sent to a company that starts spamming you. That's not fine. You didn't agree to that. Perhaps they try and show you a policy that you "agreed" to, but they have no evidence of you actually agreeing to it, so it's moot and the receiving party is in the wrong just as much as the leaking.
More comments on Mastodon.