kdawson from the chatty-little-things dept.
abell writes "Gravatar offers a global avatar service, using an MD5 hash of the user's email as avatar ID. This piece of information in some cases is enough to retrieve the original email address. Testing a simple attack on stackoverflow.com, I was able to determine the email addresses of more than 10% of the site's users."
"Someone's been mean to you! Tell me who it is, so I can punch him tastefully."
-- Ralph Bakshi's Mighty Mouse