Hedera Help

Answers to the most frequently asked questions about Hedera.

  • Categories

Articles in this section

I saw a Tweet claiming the Hedera User Group “leaked” Council Member email addresses. Did that happen?

Article updated

No. In April 2021, Hedera set up a public Google Group in support of the Hedera User Group (HUG) program. This was set up on a separate Google Workspace and domain (hashgraph.org) with a receiving address of hug@hashgraph.org. (Note: The Hedera User Group has since been archived, as conversations shifted to direct peer engagement last year). The Google Group was pre-populated with existing members of the Hedera User Group, including Hedera Council representatives and other invited experts. Members were notified that they had been added to the Google Group.

The Google Group mailing list email addresses, in redacted form (e.g. le…@hedera.com), were accessible by default to those who subscribed to that group. As a public forum, there was no expectation that any posts to the group were to be treated or handled as “non-public”. Posts to the Google Group showed the redacted email address of the sender. No full email addresses were provided, and no private email contents were exposed. Hedera subsequently removed access to the Google Groups HUG member list after someone pointed out how the redacted addresses might lead to User Group members sending unsolicited messages directly to Council representatives. The updated configuration denied access to the member list.

To summarize, no email addresses were leaked or breached, no confidential information was leaked or breached, and even if a HUG subscriber was able to use a partially redacted email address to guess an actual email address, there was no cybersecurity risk for the Hedera network or treasury, since Council representatives’ private keys do not exist on computers with email connectivity. It is always the case that anyone may be able to reconstruct an individual's email address with logic, without the aid of partially redacted addresses, as many companies use relatively common formats for employee email addresses (e.g.firstname.lastname@company.com). For example, many companies publish the names and emails of their media contacts online, making the email format easily accessible to the public.

Return to top
Start building fast and secure decentralized applications powered by Hedera.
Read docs
Got any technical questions? Hedera developers hang out on Discord.
Join community
Questions related to developing on the Hedera distributed ledger?
Ask question