For those of you unfamiliar with it, Quibi is a mobile only advertising driven pay to watch video platform. From the day I first heard about it my BS alarm went off. I was asked a few months ago by a friend what I thought, and I said it set off my BS alarm and there's no way this is legit or reputable.
Well, I was right.https://www.theverge.com/2020/4/30/21242470/quibi-email-verification-leaking-addresses-ad-companies-facebook-google-data-protection(though take it with a grain of salt, that is on the Verge after all. You can tie up that grain of salt with your tweezers)
Apparently advert and description revenue isn't enough, they're selling e-mails when the verification code fires to multiple advertising services -- sent as plaintext. This is a massive privacy violation and one of the skankiest things you can do online short of adding a coin mining script.
This is an increasing problem industry-wide too, and it's interesting that so many companies are doing this more as places like California and the EU have been ramping up consumer protection laws against this very practice.
See the skeez that is Wish.com who regularly transmit user's e-mails and even CC info in the open as nothing more than base64. Because what that hive of scum and villainy needed was to be even more disreputable and untrustworthy.
This is what happens when you let marketing turds dictate security.