Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Thread poster: RoxanaTrad (X)
| Other sites have suffered similar attacks | Jul 31, 2009 |
Hi,
I don't know if it is related but some job sites have had similar attacks:
http://www.theregister.co.uk/2008/07/07/jobsite_data_hackharvesting_hack/
A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.
Phreak has begun selling its "identity harvesting services" to fraudsters, charging $600 for data that might be applied to targeted phishing attacks, ID fraud or other nefarious purposes. Would-be clients are able to contact the gang on ICQ. For a fee the gang will filter its database for entries that refer to a particular country or particular employer.
Sounds familiar, doesn't it?
Daniel | | | sylvie malich (X) Germany Local time: 11:17 German to English A post worth repeating. | Jul 31, 2009 |
Michele Johnson wrote:
It's interesting to compare the response of proz.com and elance (about half the size of proz.com, if my research is correct) to the security breach. At proz.com, the issue has been addressed in a forum, but there certainly has not been email communication with affected parties (IMO every single user of the site), no password changes have been forced as of yet, there is no indication of communication with industry watchdogs, no mention of working with 3rd party auditors, no mention of working with law enforcement, no security alert, and everyone is still pretty much up in the air as to whether this has been resolved. I can see how some people think this is not being handled seriously or professionally.
In comparison, this is the kind of security alert I would have expected to see in a very public place at proz.com by now:
http://www.elance.com/p/trust/account_security.html
What is Elance doing about it?
We have taken a ‘drop-everything’ approach to this security breach in an effort to react as swiftly and decisively as possible. Here’s what we’ve done so far:
* Openly communicated with all affected parties via email, the Elance blog, our Twitter feed, and via our Trust & Safety center on Elance.com to alert all parties of the security breach
* Strengthened our password requirements and forced password changes to ensure that all Elance users have their accounts protected by “strong” passwords
* Communicated openly with TRUSTe who act as an industry watch-dog for security breaches online to validate our response to this
* Closed the recently identified security hole by releasing updated code on Elance
* Collaborated with our 3rd party security audit service to ensure that they now can identify this particular security hole in all cases
* Worked with authorities to take down sites that are unlawfully exposing any user information
| | | Does proz hold "old" data or not? | Jul 31, 2009 |
Regardless of the assurances we've received from Henry and others, I do believe they do somewhere in their systems.
This is the reply I got to my request for proz to enlighten me regarding which email address I used to set up my account about 6 years ago:
As per the title of this request, note that the email address associated with your account is the one entered in your Profile Updater, [email protected].
However, if you changed this email address since you created your account at ProZ.com, I am afraid we do not have access to old information when it has been updated.
Hope this explains.
If this does not answer your request, please re-open this support request and specify your request in detail and I'll be happy to help.
I might have believed that proz doesn't have any records of the email address I used to initially sign up, 2003, if it wasn't quite obvious that the other site appears to have this info. I've tried using all the email addresses I've used since summer 2005, my main address + 3 x gmail, to delete the visible data on the other site. But no luck, and as others have been able to do this using their correct email addresses it's clear to me that the address the other site has for me is the one I used before relocating to the UK in the summer of 2005. The one I can't remember and have no access to...
Either this other site has been live with our data for a number of years without anyone of proz's thousands of members happening to stumble across it or they've been collecting data for at least 4 years in the hope of eventually using it...
Neither of these scenarios seem very likely to me.
Edited for typo.
And another typo, just trying to get used to a Mac
I better get a driving license for this machine and it's keyboard...
[Edited at 2009-07-31 20:01 GMT]
[Edited at 2009-07-31 20:02 GMT]
[Edited at 2009-07-31 20:04 GMT] | |
|
|
Is it just me... | Aug 1, 2009 |
...or someone is waiting for this thread to dry out? | | | PRen (X) Canada Local time: 06:17 French to English + ... And is anyone concerned | Aug 1, 2009 |
ViktoriaG wrote:
...or someone is waiting for this thread to dry out?
about the invoicing/financial reporting function, given the security breaches possible on proz. Do you really want all that information floating around this site? I wouldn't. | | | Keeping this thread alive | Aug 1, 2009 |
I've been following this thread since its first post. I visited the site in question and googled my name, my user name, my company name, several combinations of my name - 5 names Nothing..
I noticed that some of you think that only old data were kidnapped, but the thread starter registered in Apr 2009 and became a member in June ..
I also noticed that most of the stolen data are from Europe, U... See more I've been following this thread since its first post. I visited the site in question and googled my name, my user name, my company name, several combinations of my name - 5 names Nothing..
I noticed that some of you think that only old data were kidnapped, but the thread starter registered in Apr 2009 and became a member in June ..
I also noticed that most of the stolen data are from Europe, US, some from Latin America. There were also a few profiles from Brazil.
Maybe 'osr' has specific countries/language pairs/ fields of expertise targets. It could be any other factor or just a randomized selection.
Unfortunately, I have no time to do an extensive research..
And the site is soooo gloomy, I don't want to go there again ... ▲ Collapse | | | Interesting thread - nobody seems to care | Aug 2, 2009 |
This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting. But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.
Siegfried
[Edited at 2009-08-02 18:37 GMT] | |
|
|
Ralf Lemster Germany Local time: 11:17 English to German + ... Customer "service" | Aug 2, 2009 |
Hi Siegfried,
Siegfried Armbruster wrote:
This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting.
My best guess is that sadly, the topic was posted in the wrong forum, which isn't actively followed by many (AFAIK). This should have been posted in the "Translator Coop" forum.
But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.
Indeed - another fine example of the kind of customer service was presented last week.
After Henry's initial responses to the issue at hand, I was optimistic that this leak of data was being taken seriously. Seems I was too optimistic.
Best regards,
Ralf | | | More than 20.000 views of this thread | Aug 2, 2009 |
Siegfried Armbruster wrote:
This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting. But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.
Siegfried
I would not call this "very few".
But it seems we are still too few to deserve a clear and incisive answer, as soon as possible.y | | | Maria Karra United States Local time: 05:17 Member (2000) Greek to English + ...
Siegfried Armbruster wrote:
This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting.
I'm sure most members are interested in this issue, we're just waiting for a response from ProZ staff. Frankly I don't know why staff isn't answering; the moderators of this forum are two staff members; moderators are supposed to read all forum posts that are published in their forum. Surely they have seen that we're waiting for them to give us an update. So, why this silence?
Maria | | | Aniello Scognamiglio (X) Germany Local time: 11:17 English to German + ... Patience, folks! | Aug 2, 2009 |
It takes a lot of time to find the "right" words or to admit that nothing has changed so far. | |
|
|
Hey, nice trick! | Aug 2, 2009 |
Aniello Scognamiglio wrote:
It takes a lot of time to find the "right" words or to admit that nothing has changed so far.
Wow, thanks for the tip! Next time a deadline is approaching, I'll tell my client that! They would surely understand! | | | Rachel Fell United Kingdom Local time: 10:17 French to English + ... I'm sure that... | Aug 2, 2009 |
lots of people are still aware of the situation, though I rather wonder whether there aren't other sites of that type with our/people's info. ...? | | | I wouldn't be surprised | Aug 2, 2009 |
Rachel Fell wrote:
I rather wonder whether there aren't other sites of that type with our/people's info. ...?
...to find other sites displaying our publicly available info. It's the internet and most data is easily accessible.
Only in this case osr appears to have/have had access to data which was, supposedly, not publicly available.
As it is, they appear to have more info about me than I do. Like the the email address that I used to sign up to proz in 2003. An address I have long since forgotten, have no access to and which proz tell me they no longer have any record of... | | | Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
| Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |