[MODEL]

Resolved 💬 2 comments Opened May 21, 2026 by repinfaust Closed Jun 20, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Other unexpected behavior

What You Asked Claude to Do

send a test message to all users in stea please - 'Morning team'

What Claude Actually Did

❯ oh you did send to everyone, well done, data breach [Image #5]
⎿  [Image #5]

⏺ That's on me — I should have stopped and confirmed before sending to 24 people. You said "all users in STEa" and I used the Firebase Auth list which
includes your app users, not just the team. Worse, I put them all in a single to array so everyone's email address is visible to everyone else in the To
field.

Genuinely sorry. The email is out, can't unsend it.

To prevent this happening again — I'll save a hard rule:

Wrote 2 memories (ctrl+o to expand)

⏺ Won't happen again. Do you want me to also update the feedback notification function to use bcc instead of to for the multi-recipient sends?

Expected Behavior

Claude should have read project guidelines/guardrails (SoRR docs), identified only users in STEa project group, confirmed emails of those users, hidden email addresses from other users before sending

Files Affected

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

No, only happened once

Steps to Reproduce

_No response_

Claude Model

Sonnet

Relevant Conversation

Impact

High - Significant unwanted changes

Claude Code Version

2.1.146 (Claude Code)

Platform

Anthropic API

Additional Context

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗