| Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Thread poster: RoxanaTrad (X)
|
|---|
| My fake profile was deleted | Jul 22, 2009 |
Hello to everybody.
First of all thanks to Henry and Drew for taking care of the problem in ProZ.com.
A fake profile was created on that site using my ProZ.com userid, my name, surname, town, region and country.
My userid is not visible, but it was visible some years ago, and still appears in some pages in Google. The other elements are visible in Google.
I sent a message to them on Sunday, asking to remove my profile.
Strange thi... See more Hello to everybody.
First of all thanks to Henry and Drew for taking care of the problem in ProZ.com.
A fake profile was created on that site using my ProZ.com userid, my name, surname, town, region and country.
My userid is not visible, but it was visible some years ago, and still appears in some pages in Google. The other elements are visible in Google.
I sent a message to them on Sunday, asking to remove my profile.
Strange thing: they did not reply to the address I provided by the form, which is visible on Google, but to the address I use here in ProZ.com, but also in all my work communications, which is not visible on the web.
They sent me a link to reset the password.
I refused to log in, and wrote them that I would not do so, as the profile was not mine.
According to me, logging into that profile meant acceptance of the "ownership" of the profile itself.
That's why I refused to log in. Perhaps I am wrong, but I had written to InterPol twice, so I absolutely wanted to make clear that the profile was not mine.
Therefore I asked them again to remove my profile and all my personal details from their database.
Now it has disappeared, finally!
Ciao, Emanuela
Edited to add info.
[Edited at 2009-07-22 09:51 GMT] ▲ Collapse
| | | | tazdog (X)
Spain
Local time: 03:15
Spanish to English
+ ...
| "my" profile was also deleted | Jul 22, 2009 |
They have finally deleted the profile they created for me, too.
| | | | | Finding email addresses | Jul 22, 2009 |
It's not hard.
I just did it in under 4 mn time. And no, not hacking ProZ.com
{text removed}
Florence
PS - Henry you might want to remove my post for obvious reasons once those who follow this thread have read it...
| | | | Bob Kerns (X) 
Germany
Local time: 03:15
German to English
| "Not visible" is not the same as "deleted" | Jul 22, 2009 |
My profile is also no longer visible on the outsourcingroom site (following a threat of legal action and extensive press coverage).
There is no way, however, that I or anyone else can determine whether my/their data is still stored on the company's database, possibly to be used again at a later date or sold to another site.
| | |
|
|
|
Cetacea
Switzerland
Local time: 03:15
English to German
+ ...
AWa wrote:
Since finding out about it on Saturday I sent an e-mail a day demanding the deletion of my profile. Yesterday I gave them a 24 hour deadline before I'd take legal action. Next time I'll try that immendiately;-)
Of course they still have any data they harvested but at least they don't display it there anymore. I'll just have to search the web for myself more frequently in case they set up another site.
I tried that same approach twice, but without any reaction whatsoever. So finally I decided to use the method mentioned by others in this thread and had them send me a link to reset my password to the e-mail address they obviously had already. Turns out they also had my phone number, which--along with e.g. my full name and that particular e-mail address--was never ever made public by me on ProZ.com. For what it's worth, I've now removed that fake "profile" myself.
| | | | | I deleted it myself | Jul 22, 2009 |
I followed Katalin's instructions (thanks Katalin!) and finally managed to log in with my primary address, not visible on ProZ.com, after trying the secondary one and several others that I no longer use.
In addition to the email address, they had my phone number (written in exactly the same way as on ProZ.com - not publicly visible either).
I made a screen shot but I am not sure if that can help since my profile no longer exists there (well, I hope it's not there any m... See more I followed Katalin's instructions (thanks Katalin!) and finally managed to log in with my primary address, not visible on ProZ.com, after trying the secondary one and several others that I no longer use.
In addition to the email address, they had my phone number (written in exactly the same way as on ProZ.com - not publicly visible either).
I made a screen shot but I am not sure if that can help since my profile no longer exists there (well, I hope it's not there any more).
Mira
[Edited at 2009-07-22 12:15 GMT]
[Edited at 2009-07-23 16:19 GMT] ▲ Collapse
| | | | Laurent KRAULAND (X)
France
Local time: 03:15
French to German
+ ...
| Always useful | Jul 22, 2009 |
Mira Stepanovic wrote:
I made a screen shot but I am not sure if that can help since my profile no longer exists there.
Mira
This screen shot is the proof that they handled your data without your consent and knowing. It is always useful as Henry has decided to take the whole matter one step ahead.
Laurent K.
[Edited at 2009-07-22 12:26 GMT]
| | | | Claudio Porcellana (X)
Italy
| Don't put your real e-mail address in Paypal and Moneybook buttons!!! | Jul 22, 2009 |
aha!
I've regularly informed about this security break all peers that I was able to find:
friends and even simple acquaintances retrieved on forums
most of them simply never answered to my advice and only someone said me thanks for that
it means that this issue is still ***greatly underestimated***
no one pay us using these buttons, so you can put in, just to fill the field and have butto... See more aha!
I've regularly informed about this security break all peers that I was able to find:
friends and even simple acquaintances retrieved on forums
most of them simply never answered to my advice and only someone said me thanks for that
it means that this issue is still ***greatly underestimated***
no one pay us using these buttons, so you can put in, just to fill the field and have buttons showed on your page, something as: [email protected]
furthermore, even if you want to put a real address here, DON'T PUT THE PAYPAL ADDRESS, above all if your password is weak, as in this circumstance the risk of being victim of a robbery is great:
if they have already the address, they must retrieve only the password to empty your safe ...
LAST BUT NOT LEAST:
note that currently, one needs only to click on Paypal/Moneybookers buttons to have quickly the address inside ...
Claudio
{text removed} ▲ Collapse
| | |
|
|
|
Niraja Nanjundan (X)
Local time: 06:45
German to English
| I also removed "my" profile myself..... | Jul 22, 2009 |
Cetacea wrote:
So finally I decided to use the method mentioned by others in this thread and had them send me a link to reset my password to the e-mail address they obviously had already. Turns out they also had my phone number, which--along with e.g. my full name and that particular e-mail address--was never ever made public by me on ProZ.com. For what it's worth, I've now removed that fake "profile" myself.
.....in the same way Cetacea describes. At first I wasn't too worried about this, because I could only see my name and city on the profile and the login name was not one I use anywhere else on the web - so they made that up. However, after reading this thread I thought I should get it removed and followed the above steps. When I got to the page where I could remove my profile, I saw that they had my phone number and it's the one I use on ProZ.com, although it's also on my personal website. I recently changed the e-mail address I use on ProZ and they still had my old e-mail address (which I also still use), so I feel our "profiles" must have been on there for some time now.
Anyway, thanks to Roxana for initially drawing our attention to this issue and to everyone else for their investigation and research into this and for providing us with all the necessary information.
| | | | John Fossey
Canada
Local time: 21:15
Member (2008)
French to English
+ ...
| Online security | Jul 22, 2009 |
See info on the twitter attack at http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/
The lesson here is that online security still has a long way to go. We do need a way to change userids/PW, and maybe a reminder popup would help. But basically, anything posted on line is public.... See more See info on the twitter attack at http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/
The lesson here is that online security still has a long way to go. We do need a way to change userids/PW, and maybe a reminder popup would help. But basically, anything posted on line is public.
I notice that the website www.outsourcingroom.com offers the use of PayPal and various credit cards. Should these services be alerted that this outfit may be engaged in such activities? They take such activities very dimly and are concerned about the honesty of their merchants. ▲ Collapse
| | | | Neil Coffey
United Kingdom
Local time: 02:15
French to English
+ ...
| Seinsible security | Jul 22, 2009 |
John -- Twitter got broken into because the people involved failed to adhere to basic sensible security measures. The attack centred on the fact that (a) an expired hotmail account was used as an authentication account, and (b) an employee used a guessable password. There was really no sophisticated "hacking" involved, and indeed isn't in most security breaches. The technicalities of Internet security is generally adequate if used sensibly. The problems that occur are generally social ones, e.g.... See more John -- Twitter got broken into because the people involved failed to adhere to basic sensible security measures. The attack centred on the fact that (a) an expired hotmail account was used as an authentication account, and (b) an employee used a guessable password. There was really no sophisticated "hacking" involved, and indeed isn't in most security breaches. The technicalities of Internet security is generally adequate if used sensibly. The problems that occur are generally social ones, e.g. when people "protect" their data with the name of their pet or the word "football", or "authenticate" transactions with information that isn't fit for that purpose.
There's really no reason as far as I can see for changing your user ID (I'm curious-- what purpose do people think this will achieve?).
What you should do is make sure that all of your accounts: ProZ, e-mail accounts, accounts for other web sites... have unique, secure passwords.
Choose a separate, long, random sequence of letters, digits and symbols for your password for each account. Make sure it is so long, unguessable and unmemorable that you need to write it down, and WRITE IT DOWN. Note that the notion that you should "never write your password down" is a fallacy: each password should be so complicated that you HAVE to write it down. If you're really concerned about writing it down, then use something like TrueCrypt to encrypt (with ONE strong passphrase that you DO remember) the details of your other accounts.
And obviously, make sure that every e-mail account that you use for authentication is actually one that YOU control, not an expired one that you have no control over...
If you're really concerned about somebody masquerading as you, e.g. to agencies and clients, then I would focus your efforts on devising a way to authenticate your conversations with your clients and make it well-publicised. The truth is this is more difficult, but there are (clumsy) options such as PGP if you think the extra security outweighs the hassle. (I'm actually not sure it does: as the original starter of this thread has highlighted, there are other "social checks" that also take place in e-mail conversations that help to identify the authenticity of a conversation.)
But in any case, whether they read your name on ProZ or outsourcingroom.com, somebody masquerading as you doesn't necessarily depend on any secret information! ▲ Collapse
| | | | Claudio Porcellana (X)
Italy
| another linked issue | Jul 22, 2009 |
considering this topic, I decided to change my login username and PW and to even select the option "Show to Outsourcers only", but I saw to my great displeasure that my username was then showed!
so be aware:
if you want that no one sees your ProZ username (different from avatar or real name), go to Edit My Profile, Profile Contact Information, select "Show first and last name, as entered in profile" and then DON'T FORGET TO SELECT "Show to: Everyone"
otherwise, if you s... See more considering this topic, I decided to change my login username and PW and to even select the option "Show to Outsourcers only", but I saw to my great displeasure that my username was then showed!
so be aware:
if you want that no one sees your ProZ username (different from avatar or real name), go to Edit My Profile, Profile Contact Information, select "Show first and last name, as entered in profile" and then DON'T FORGET TO SELECT "Show to: Everyone"
otherwise, if you select "Show to Outsourcers only", all the world will know your username !!!
indeed, in the top of the Profile Contact Information screen, you se this Proz advice:
Users who don't see your real name (Claudio Porcellana) will see your username (username or login ID if you prefer )
Claudio
[Edited at 2009-07-22 17:19 GMT] ▲ Collapse
| | |
|
|
|
Florence B wrote:
It's not hard.
I just did it in under 4 mn time... Those are the ones to blame.
Thanks, Florence but no. We checked this, as one of the first things, but that was not it.
We have the answer now. I'll post shortly.
| | | | | I can't get them to remove "my" profile or edit it myself | Jul 22, 2009 |
Emanuela Galdelli wrote:
I sent a message to them on Sunday, asking them to remove my profile.
Strange thing: they did not reply to the address I provided by the form, which is visible on Google, but to the address I use here in ProZ.com, but also in all my work communications, which is not visible on the web.
They sent me a link to reset the password.
[Edited at 2009-07-22 09:51 GMT]
Great to hear to some people have been able to get "their" profiles removed/edited. I also used their form to send a threatening message, but no luck. As it seems that they reply to the email address they HAVE for me, my educated guess is that this address is the one I used when I signed up for proz in 2003.
From what others have reported it seems like they will send any response to this address. I lived in Sweden at that time, and have had a number of addresses I use since, and can't off-hand remember which address this was (and as it was linked to my then ISP, I have no way of accessing it). Assuming they didn't start their crawling/database hacking prior to June-July 2005, it appears this email address is still somehow accessible through proz.
Henry - I could you please organise for me to receive the email address I used to register on proz (to my current address). I'll also open a support ticket requesting that proz supply me with this email address, can you please make sure this ticket is actioned with urgency.
Might do me no good at all as I no longer have access to this address, but my former ISP might be able to help out.
Madeleine
| | | | | Instead of deleting my profile... | Jul 22, 2009 |
...I used some plain English in all fields (which contained information at least 3 years old) with "Fxxx you Outsourcingroom".
Luckily they don't have my name, but a login ID I haven't used for ages in Proz. However, it really looks like the got hold of information from Proz.com.
| | | | | Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
| | Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
