Vom Thema belegte Seiten:   < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] >
Illegal use of data from ProZ.com profile
Initiator des Themas: RoxanaTrad (X)
Daniel García
Daniel García
Englisch > Spanisch
+ ...
Other sites have suffered similar attacks Jul 31, 2009

Hi,

I don't know if it is related but some job sites have had similar attacks:

http://www.theregister.co.uk/2008/07/07/jobsite_data_hackharvesting_hack/


A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

Phreak has begun selling its "identity harvesting services" to fraudsters, charging $600 for data that might be applied to targeted phishing attacks, ID fraud or other nefarious purposes. Would-be clients are able to contact the gang on ICQ. For a fee the gang will filter its database for entries that refer to a particular country or particular employer.


Sounds familiar, doesn't it?

Daniel


 
sylvie malich (X)
sylvie malich (X)
Deutschland
Local time: 04:14
Deutsch > Englisch
A post worth repeating. Jul 31, 2009

Michele Johnson wrote:

It's interesting to compare the response of proz.com and elance (about half the size of proz.com, if my research is correct) to the security breach. At proz.com, the issue has been addressed in a forum, but there certainly has not been email communication with affected parties (IMO every single user of the site), no password changes have been forced as of yet, there is no indication of communication with industry watchdogs, no mention of working with 3rd party auditors, no mention of working with law enforcement, no security alert, and everyone is still pretty much up in the air as to whether this has been resolved. I can see how some people think this is not being handled seriously or professionally.

In comparison, this is the kind of security alert I would have expected to see in a very public place at proz.com by now:

http://www.elance.com/p/trust/account_security.html
What is Elance doing about it?
We have taken a ‘drop-everything’ approach to this security breach in an effort to react as swiftly and decisively as possible. Here’s what we’ve done so far:

* Openly communicated with all affected parties via email, the Elance blog, our Twitter feed, and via our Trust & Safety center on Elance.com to alert all parties of the security breach
* Strengthened our password requirements and forced password changes to ensure that all Elance users have their accounts protected by “strong” passwords
* Communicated openly with TRUSTe who act as an industry watch-dog for security breaches online to validate our response to this
* Closed the recently identified security hole by releasing updated code on Elance
* Collaborated with our 3rd party security audit service to ensure that they now can identify this particular security hole in all cases
* Worked with authorities to take down sites that are unlawfully exposing any user information


 
Madeleine MacRae Klintebo
Madeleine MacRae Klintebo  Identity Verified
Vereinigtes Königreich
Local time: 03:14
Schwedisch > Englisch
+ ...
Does proz hold "old" data or not? Jul 31, 2009

Regardless of the assurances we've received from Henry and others, I do believe they do somewhere in their systems.

This is the reply I got to my request for proz to enlighten me regarding which email address I used to set up my account about 6 years ago:


As per the title of this request, note that the email address associated with your account is the one entered in your Profile Updater, [email protected].

However, if you changed this email address since you created your account at ProZ.com, I am afraid we do not have access to old information when it has been updated.

Hope this explains.

If this does not answer your request, please re-open this support request and specify your request in detail and I'll be happy to help.


I might have believed that proz doesn't have any records of the email address I used to initially sign up, 2003, if it wasn't quite obvious that the other site appears to have this info. I've tried using all the email addresses I've used since summer 2005, my main address + 3 x gmail, to delete the visible data on the other site. But no luck, and as others have been able to do this using their correct email addresses it's clear to me that the address the other site has for me is the one I used before relocating to the UK in the summer of 2005. The one I can't remember and have no access to...

Either this other site has been live with our data for a number of years without anyone of proz's thousands of members happening to stumble across it or they've been collecting data for at least 4 years in the hope of eventually using it...

Neither of these scenarios seem very likely to me.

Edited for typo.
And another typo, just trying to get used to a Mac
I better get a driving license for this machine and it's keyboard...

[Edited at 2009-07-31 20:01 GMT]

[Edited at 2009-07-31 20:02 GMT]

[Edited at 2009-07-31 20:04 GMT]


 
Viktoria Gimbe
Viktoria Gimbe  Identity Verified
Kanada
Local time: 22:14
Englisch > Französisch
+ ...
Is it just me... Aug 1, 2009

...or someone is waiting for this thread to dry out?

 
PRen (X)
PRen (X)
Kanada
Local time: 23:14
Französisch > Englisch
+ ...
And is anyone concerned Aug 1, 2009

ViktoriaG wrote:

...or someone is waiting for this thread to dry out?


about the invoicing/financial reporting function, given the security breaches possible on proz. Do you really want all that information floating around this site? I wouldn't.


 
Christina Paiva
Christina Paiva  Identity Verified
Brasilien
Local time: 00:14
Portugiesisch > Englisch
+ ...
Keeping this thread alive Aug 1, 2009

I've been following this thread since its first post. I visited the site in question and googled my name, my user name, my company name, several combinations of my name - 5 names Nothing..

I noticed that some of you think that only old data were kidnapped, but the thread starter registered in Apr 2009 and became a member in June ..

I also noticed that most of the stolen data are from Europe, U
... See more
I've been following this thread since its first post. I visited the site in question and googled my name, my user name, my company name, several combinations of my name - 5 names Nothing..

I noticed that some of you think that only old data were kidnapped, but the thread starter registered in Apr 2009 and became a member in June ..

I also noticed that most of the stolen data are from Europe, US, some from Latin America. There were also a few profiles from Brazil.

Maybe 'osr' has specific countries/language pairs/ fields of expertise targets. It could be any other factor or just a randomized selection.

Unfortunately, I have no time to do an extensive research..

And the site is soooo gloomy, I don't want to go there again ...
Collapse


 
Siegfried Armbruster
Siegfried Armbruster  Identity Verified
Deutschland
Local time: 04:14
Englisch > Deutsch
+ ...
In stillem Gedenken
Interesting thread - nobody seems to care Aug 2, 2009

This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting. But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.
Siegfried

[Edited at 2009-08-02 18:37 GMT]


 
Ralf Lemster
Ralf Lemster  Identity Verified
Deutschland
Local time: 04:14
Englisch > Deutsch
+ ...
Customer "service" Aug 2, 2009

Hi Siegfried,
Siegfried Armbruster wrote:

This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting.

My best guess is that sadly, the topic was posted in the wrong forum, which isn't actively followed by many (AFAIK). This should have been posted in the "Translator Coop" forum.

But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.

Indeed - another fine example of the kind of customer service was presented last week.

After Henry's initial responses to the issue at hand, I was optimistic that this leak of data was being taken seriously. Seems I was too optimistic.

Best regards,
Ralf


 
Christel Zipfel
Christel Zipfel  Identity Verified
Local time: 04:14
Italienisch > Deutsch
+ ...
More than 20.000 views of this thread Aug 2, 2009

Siegfried Armbruster wrote:

This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting. But for me, the much more interesting aspect is how Proz staff and management handle the problem and how they communicate their actions to their members.
Siegfried


I would not call this "very few".

But it seems we are still too few to deserve a clear and incisive answer, as soon as possible.y


 
Maria Karra
Maria Karra  Identity Verified
Vereinigte Staaten
Local time: 22:14
Mitglied (2000)
Griechisch > Englisch
+ ...
waiting... Aug 2, 2009

Siegfried Armbruster wrote:

This is really becoming interesting, not only because only very few members of PROZ seem to find this topic interesting.


I'm sure most members are interested in this issue, we're just waiting for a response from ProZ staff. Frankly I don't know why staff isn't answering; the moderators of this forum are two staff members; moderators are supposed to read all forum posts that are published in their forum. Surely they have seen that we're waiting for them to give us an update. So, why this silence?

Maria


 
Aniello Scognamiglio (X)
Aniello Scognamiglio (X)  Identity Verified
Deutschland
Local time: 04:14
Englisch > Deutsch
+ ...
Patience, folks! Aug 2, 2009

It takes a lot of time to find the "right" words or to admit that nothing has changed so far.

 
Viktoria Gimbe
Viktoria Gimbe  Identity Verified
Kanada
Local time: 22:14
Englisch > Französisch
+ ...
Hey, nice trick! Aug 2, 2009

Aniello Scognamiglio wrote:

It takes a lot of time to find the "right" words or to admit that nothing has changed so far.

Wow, thanks for the tip! Next time a deadline is approaching, I'll tell my client that! They would surely understand!


 
Rachel Fell
Rachel Fell  Identity Verified
Vereinigtes Königreich
Local time: 03:14
Französisch > Englisch
+ ...
I'm sure that... Aug 2, 2009

lots of people are still aware of the situation, though I rather wonder whether there aren't other sites of that type with our/people's info. ...?

 
Madeleine MacRae Klintebo
Madeleine MacRae Klintebo  Identity Verified
Vereinigtes Königreich
Local time: 03:14
Schwedisch > Englisch
+ ...
I wouldn't be surprised Aug 2, 2009

Rachel Fell wrote:

I rather wonder whether there aren't other sites of that type with our/people's info. ...?


...to find other sites displaying our publicly available info. It's the internet and most data is easily accessible.

Only in this case osr appears to have/have had access to data which was, supposedly, not publicly available.

As it is, they appear to have more info about me than I do. Like the the email address that I used to sign up to proz in 2003. An address I have long since forgotten, have no access to and which proz tell me they no longer have any record of...


 
Vom Thema belegte Seiten:   < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Illegal use of data from ProZ.com profile






CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

Buy now! »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

Buy now! »