Mike Sheward (@[email protected])
infosec.exchange
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with [email protected] or similar. The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email. And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D #infosec