Shady Marketing: APITable Is Scraping Emails From GitHub Stars

So apparently APITable is scraping emails from people that starred Bitwarden and then sending out misleading emails that appear to be from Bitwarden...

Last week I woke up to an email with big, bold text: "Are you still using Bitwarden?"

The shady email I received from APITable

Yes, I am. I love Bitwarden. Especially considering the massive data breach LastPass announced a few days ago.

But then it reads: "I would like to recommend a very cool and productive product to you, which is called APITable"

Well naturally, my first thought was that this is probably some company partnering with Bitwarden. Okay, that's fair enough. But then I looked up APITable, and it's a no-code database platform. What the heck does that have to do with Bitwarden? So I kept reading.

"... it will be the best Airtable open-source alternative you have ever seen. I guess you will like it."


Did Bitwarden Have a Data Breach?

This obviously wasn't coming from Bitwarden, so I started to consider the possibility that Bitwarden may have had a security breach or something. So I did some digging, and found this Reddit thread from a couple weeks ago, apparently I wasn't the only one who had received this email...

However, one commenter noted that his email address that received the email was not even affiliated with his Bitwarden account, so how could they possibly have linked the two?

So I went ahead and pinged Bitwarden on Twitter to let them know what was going on, and they replied quickly, noting that they have no affiliation with APITable and have not had any security incidents

Shady Marketing

To my surprise, APITable actually just responded to this thread a few hours ago:

"I was browsing open source products on GitHub and saw that you starred Bitwarden, and thus saw your email. Therefore I took the liberty of guessing that you would be interested in open source products, so I sent you an email"

Huh. Wait what? Huh?

Even if the email they sent wasn't blatantly trying to mislead people into assuming affiliation with Bitwarden, it would still be very creepy and spammy. There's no way APITable is a legitimate product, right? This must be some sort of scam, right?

Nope, not only are they a legit product but they are open source and have more than 800 stars on GitHub.

Marketing Advice For APITable

Hey, I get it. Everyone's just trying to get their product out there. But this kind of marketing is plain creepy. Maybe if you started the email with "Hey, we noticed that you starred Bitwarden on GitHub, and we're working on a related open source project that we think you might be interested in." Actually no, even that would be creepy. Just... stop.

You're scaring people.