| Număr de pagini: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Inițiatorul discuției: RoxanaTrad (X)
|
|---|
| I have updated the page to answer questions received via support and in this thread | Aug 7, 2009 |
I have updated the page to include answers to the questions that have been posed via support and in this thread. See: http://www.proz.com/about/security
I would ask again for your cooperation: the 'official' page includes everything we know now. Where there are additional questions or concerns, your addressing them directly via a support ticket will help us to continue concentrating on the... See more I have updated the page to include answers to the questions that have been posed via support and in this thread. See: http://www.proz.com/about/security
I would ask again for your cooperation: the 'official' page includes everything we know now. Where there are additional questions or concerns, your addressing them directly via a support ticket will help us to continue concentrating on the task at hand. ▲ Collapse
| | | | Balttext 
Letonia
Local time: 21:57
din engleză în letonă
+ ...
| Surprise, surprise... | Aug 7, 2009 |
... and not a pleasant one - to find out that my data were stolen and published elsewhere. Not much harm done there, as the info taken is mostly contact details, etc.
However, most of my "unpleasant surprise" relates to the fact that this happened weeks (!) ago and I learn it only now from a dry and official statement of assumptions rather than facts. From the little I know about marketing and communications, a lot of how everyone handles any crisis, especially business-related, is ... See more ... and not a pleasant one - to find out that my data were stolen and published elsewhere. Not much harm done there, as the info taken is mostly contact details, etc.
However, most of my "unpleasant surprise" relates to the fact that this happened weeks (!) ago and I learn it only now from a dry and official statement of assumptions rather than facts. From the little I know about marketing and communications, a lot of how everyone handles any crisis, especially business-related, is determined by the communication during the crisis. In this particular case I get the impression of the following:
1) It took ProZ.com staff several days to get out the first response to the serious concerns of its paying members regarding suspicions of identity theft effected through ProZ.com,
2) Solutions to the situation were sought for and implemented vigorously, but for the most part unfortunately behind the scenes with no clear communication to repeated concerns of site users,
3) Unaware users were informed about the incident only after most of fixing was completed and their stolen date were (and still are) publicly available on other sites for weeks.
This leads me to believe that the site first thought of itself, what bad news about it being hacked, not secure enough, etc. would to its business rather than do what any professional international company would in such case - immediately inform anyone concerned and reassure (and keep reassuring each step of the way!) that everything possible is done to rectify the situation, and not just state that but prove with examples.
Like some of the colleagues said, similar to any investigation we want to be kept in the loop on what exactly has been done and is going to be done, not just keep receiving a press release every other week saying that everything possible has been done and thanking for our patience, this is not how you handle serious incidents that raise doubts about the priorities of the site.
I am sorry to say but with some of the recent changes in the role of moderators and the way this incident was handled I feel more and more like a "milking cow" on one of social networking sites that adds his contributions to the company's profits and less and less like a professional who pays money to a site to be professionally represented and whose interests should come first.
Sorry for the tone, but I am really disappointed by the attitude of the staff
Kind regards,
Uldis Sprogis
Balttext ▲ Collapse
| | | | Marijke Mayer
Ţările de Jos
Local time: 20:57
din olandeză în engleză
+ ...
| I removed 'my account' | Aug 7, 2009 |
to every one whose name has been illegally imported in that site, there is an option to remove your account. At any rate you have to pay a monthly charge for it, which I won't do anyhow. I suggest you all do that, then there is nothing they can do.
Good luck,
Marijke Mayer
| | | | | I will not jump to such conclusions... | Aug 7, 2009 |
... and will give Proz.com more time.
But I realyy wonder, why they never contacted the Ukrainian branch of Proz.com and asked for help. It is obvious that 'intruder' is from Ukraine.
| | |
|
|
|
Ligia Dias Costa
Portugalia
Local time: 19:57
din engleză în portugheză
+ ...
SITE LOCALIZER
Marijke Mayer wrote:
to every one whose name has been illegally imported in that site, there is an option to remove your account. At any rate you have to pay a monthly charge for it, which I won't do anyhow. I suggest you all do that, then there is nothing they can do.
Good luck,
Marijke Mayer
Don't you have to know your password for that? How do you know it?
| | | |
Hello Natalia,
Natalia Zakharova wrote:
... and will give Proz.com more time.
But I realyy wonder, why they never contacted the Ukrainian branch of Proz.com and asked for help. It is obvious that 'intruder' is from Ukraine.
How would you know they didn't? Is then so sure that that is the Country? These days there are news about another Country for similar activities.
Giuliana
| | | | | Response to Balttext | Aug 7, 2009 |
Balttext wrote:
... and not a pleasant one - to find out that my data were stolen and published elsewhere. Not much harm done there, as the info taken is mostly contact details, etc.
I am very sorry that you were also affected. I am glad that you are able to take it in stride.
However, most of my "unpleasant surprise" relates to the fact that this happened weeks (!) ago and I learn it only now...
1) It took ProZ.com staff several days to get out the first response to the serious concerns of its paying members regarding suspicions of identity theft effected through ProZ.com,
Right, it took about two days (much too long!) for evidence of the intrusion to be found. But during that period, I posted what we knew when we knew it. When we finally found the intrusion, we posted immediately. If it was not within minutes after we knew, it was within hours that the facts were available publicly.
2) Solutions to the situation were sought for and implemented vigorously, but for the most part unfortunately behind the scenes with no clear communication to repeated concerns of site users,
That is not accurate. We said what we were going to do in the forum and then we set about doing it. During the entire period, anyone who asked for specific information via a support ticket -- which was the method we kept emphasizing, and people who were very concerned used -- got it. (To the extent we had it, of course.)
3) Unaware users were informed about the incident only after most of fixing was completed and their stolen date were (and still are) publicly available on other sites for weeks.
This was and is extremely regrettable. Without question, everyone affected deserved to know immediately. It is reasonable for you to question how this delay can be justified.
As alluded to in the informational page, there was a specific reason that notification did not go out. Suffice it to say that our responsibility to protect the overwhelming majority of data that had not been stolen, and the majority of users whose data had not been accessed, was weighed against delaying the notifications. Note that six weeks had already passed when the breach was discovered - so we were looking at notifying at week seven instead of week six, versus risking a second attack on the remaining data. (In the end, two weeks passed instead of one.)
Was it the right decision? Well, as soon as the general announcement went out, a second attempt was made on the data, and this time, we were ready. So I think it was.
I am not proud, in fact I am entirely dissatisfied, that there was so much work to be done, and I regret that we did not have the wherewithal to plug the holes faster. On the other hand, I am proud of how our team came together and worked continuously on the project. I can tell you that the only goal of the team during this long period of low sleep was protecting your private data.
Elance, a leading Internet company with $66 million in investments, handled the situation much more professionally than we did. I am envious. But I am also sure that if we were an average company when it comes to security a month ago, we will be a great one before too long.
To put it another way, we take the responsibility of protecting your data very seriously and intend to win back your trust as a member.
This leads me to believe that the site first thought of itself, what bad news about it being hacked, not secure enough, etc.
This supposition is contradicted by the facts and postings: full disclosure was given from the outset and no attempt was made to understate the seriousness of what happened.
Like some of the colleagues said, similar to any investigation we want to be kept in the loop on what exactly has been done and is going to be done, not just keep receiving a press release every other week saying that everything possible has been done and thanking for our patience, this is not how you handle serious incidents that raise doubts about the priorities of the site.
That is not a fair assessment of the nature of the information that has gone out. Very specific facts have been given, as anyone can confirm for him or herself: http://www.proz.com/about/security
Thanks for being a member. Thanks for posting.
| | | | | How to remove your account from that site yourself - Step by Step instructions | Aug 7, 2009 |
Ligia Dias Costa wrote: Marijke Mayer wrote:
to every one whose name has been illegally imported in that site, there is an option to remove your account. Don't you have to know your password for that? How do you know it?
Hi Ligia,
I know this is a mega-monstrous thread and it is hard to find the relevant info in the previous postings. Here are the links to my previous two postings where I described how I found and removed my account.
http://www.proz.com/forum/prozcom_job_systems/140369-illegal_use_of_data_from_prozcom_profile-page8.html?action=Reply"e=1&post_id=1176233
http://www.proz.com/forum/prozcom_job_systems/140369-illegal_use_of_data_from_prozcom_profile-page9.html#1176443
Here is the same process, in a "step by step" style:
Step 1. Find your account: Search THAT site for your last name. If you can't find yourself, search for your ProZ login name. This is what you use when you log in to ProZ, if you forgot, check your Profile page, it is listed under "User name" on the Contact tab. If you still can't find yourself, there is another way. Use the URL I gave in the first posting above. If you are not there in any way, than you are probably not affected. ProZ said the hackers only accessed data in profiles created before May of 2006. So, if you created your profile after that (during the past 3 years), your data was safe. You can stop here.
Step 2. Get your password: It seems whoever set up the accounts put in some random passwords, there is no way of knowing them. So, you have to go through the "I forgot my password" game. Try to log in with your login name that you found in Step 1, and click the "I forgot my password" link. It will send an email to your email account, with a link to change your password. The email will go to the email address they have on file for you. They stole the email addresses from ProZ profiles, so it is most likely the address that you have as your primary ProZ contact, where you are getting your KudoZ and Job notifications, etc. If you have changed this email since the attack in June 2009 (in other words, during the past 2 months) then you may be out of luck.. So, whatever you had as your email back then, that's probably what they have. If you can't read email at that address anymore, you are stuck, this posting won't help you.
Step 3. Change your password: If you get the email with the link to reset your password, use it to change your password. Do not use any password that you use anywhere else, just use something temporary.
Step 4. Log in: If you completed Step 2 and 3 successfully, then you have all the info you need to log in. So go ahead, log in. Now, you have to choose whether you are a "Provider" or a "Buyer". Click Provider and pick Basic membership, or whatever they now call the account that is free. Then, you will be allowed to see your profile. After the initial shock, proceed to the next step.
Step 5. Delete your data: Go through all fields and remove your data. The system will not let you save empty fields, but it allows a single space. Or, alternatively, you can put in other nonsense, such as "this is stolen data","fraud" or whatever - use your imagination. Save all modified fields. (Now, deleting your data this way is probably not necessary, and doesn't help much, because if they keep backups, your old data will still be on their system somewhere, although not public. But this part of the process could actually provide some creative fun, so I thought I would include it here anyway...) After that, click on the "Remove account" button.
Step 6. Check whether your profile is removed: Go back and repeat the process in Step 1 to see if the removal was successful.
I hope this helps.
Katalin
(Edited to clarify timing issues about the attack and which email addresses were subject to theft.)
[Edited at 2009-08-07 15:37 GMT]
| | |
|
|
|
Niraja Nanjundan (X)
Local time: 00:27
din germană în engleză
| A suggestion to colleagues: visit ProZ at least once every day | Aug 7, 2009 |
Many of you have commented that you only got to know about this issue very late because you just happened to stumble across this thread. It was pointed out a couple of times during this discussion that the thread should have been moved to the "Translator Co-op" forum from the "ProZ.com jobs systems" forum, which many people probably don't look at. This was not done, and there's probably not much point in doing so now.
I know the main reason most site members and users have their pr... See more Many of you have commented that you only got to know about this issue very late because you just happened to stumble across this thread. It was pointed out a couple of times during this discussion that the thread should have been moved to the "Translator Co-op" forum from the "ProZ.com jobs systems" forum, which many people probably don't look at. This was not done, and there's probably not much point in doing so now.
I know the main reason most site members and users have their profiles here is for professional purposes, to get translation assignments, apply to jobs posted here and be contacted by clients through the directory and their profiles. Most of the 300,000+ users are not interested in the forum at all, or just don't have the time to read forum discussions on a regular basis. However, after this incident, I would like to suggest that colleagues at least have glance at the recent forum postings list once every day, if possible, maybe when you're having your tea or coffee break. That way you will not miss such announcements when they are made. I even check my e-mails and have a look at what's going on here when I'm on holiday, but I perfectly understand that many people want to stay away from the Internet at such times. ▲ Collapse
| | | | Ligia Dias Costa
Portugalia
Local time: 19:57
din engleză în portugheză
+ ...
SITE LOCALIZER
Katalin Horvath McClure wrote: Ligia Dias Costa wrote: Marijke Mayer wrote:
to every one whose name has been illegally imported in that site, there is an option to remove your account. Don't you have to know your password for that? How do you know it? Hi Ligia, I know this is a mega-monstrous thread and it is hard to find the relevant info in the previous postings. Here are the links to my previous two postings where I described how I found and removed my account.... I hope this helps. Katalin [Edited at 2009-08-07 14:43 GMT]
Thanks Katalin for your long, thorough and helpful post.
Done with success!
Ligia Dias Costa
| | | | | Thanks, Katalin | Aug 7, 2009 |
Ligia Dias Costa wrote: Katalin Horvath McClure wrote:
I know this is a mega-monstrous thread and it is hard to find the relevant info in the previous postings. Here are the links to my previous two postings where I described how I found and removed my account.... I hope this helps. Thanks Katalin for your long, thorough and helpful post.
Indeed, thanks! I added a link to the information page.
| | | | Ines Burrell
Regatul Unit
Local time: 19:57
Membru (2004)
din engleză în letonă
+ ...
| Mine arrived, but thanks for the offer! | Aug 7, 2009 |
JaneTranslates wrote: Burrell wrote:
I have not received any. Checked the spam box as well, nothing. Is everytbody supposed to get it? Or does it get sent in batches? Obviously it is rather useless but if I even do not even get a notification weeks after my data was stolen, how many months will I have to wait for that info to be removed? I would be glad to share. I received the notification 6 times within 2 minutes! No, I haven't bothered to read and compare every word to be sure they are absolutely identical.
Got mine around midnight. What I really would like to know is whether Proz is going to get our data removed or do we have to waste endless hours trying to do it ourselves when in some cases it obviously does not work. Still no answer to that.
| | |
|
|
|
Ligia Dias Costa
Portugalia
Local time: 19:57
din engleză în portugheză
+ ...
SITE LOCALIZER
[
Burrell wrote:
Got mine around midnight. What I really would like to know is whether Proz is going to get our data removed or do we have to waste endless hours trying to do it ourselves when in some cases it obviously does not work. Still no answer to that.
Removed my profile in five minutes, thanks to Katalin's instructions!
Ligia Dias Costa
[Edited at 2009-08-07 16:14 GMT]
| | | | | Thanks--and a repeat question | Aug 7, 2009 |
Thanks, Katalin. Your information would have been indeed very useful--had I access to the e-mail address they have. I don't. It's an old address I have no access to anymore (switched ISPs). So, I can't delete "my" account.
This is why I will again ask Henry, who gave a long, detailed reply to another poster yet mysteriously disregarded my very simple question, the following: Is ProZ doing anything at all to have the data removed?
I want my data removed. I really want my... See more Thanks, Katalin. Your information would have been indeed very useful--had I access to the e-mail address they have. I don't. It's an old address I have no access to anymore (switched ISPs). So, I can't delete "my" account.
This is why I will again ask Henry, who gave a long, detailed reply to another poster yet mysteriously disregarded my very simple question, the following: Is ProZ doing anything at all to have the data removed?
I want my data removed. I really want my data removed. Did you know I want my data removed? Oh Henry, I would like to let you know that I want my data removed. In case it isn't clear by now, I want to let you know that I want my data removed.
Why is this so hard for you, Henry? What is keeping you from addressing the most important and most urgent of all issues? No matter how secure you make your servers, my data is still going to be out there, thanks to your inaction. And why is it that you have ignored my question six times already?
I am really losing patience now. ▲ Collapse
| | | | RoxanaTrad (X)
România
Local time: 21:57
din engleză în română
+ ...
INIŢIATORUL SUBIECTULUI | Not a chance... | Aug 7, 2009 |
When I started this topic I never imagined it could involve so many people. Yet, it seems we are all there. Regarding the security link, Henry, I must disagree with you on something: you said this affected profiles older than 3 years. Well, since I started this whole thing and obviously it happened to me too I must inform you that I have only been using it for a few months. Regarding Elance, same there too. Besides, I have tried everything to close my account THERE and not a chance. I used all ... See more When I started this topic I never imagined it could involve so many people. Yet, it seems we are all there. Regarding the security link, Henry, I must disagree with you on something: you said this affected profiles older than 3 years. Well, since I started this whole thing and obviously it happened to me too I must inform you that I have only been using it for a few months. Regarding Elance, same there too. Besides, I have tried everything to close my account THERE and not a chance. I used all methods presented here, even the "forgot your password" game. I received a link to change it and when I did my login name came out invalid. How about that?? The same login name I used to get to my so-called account in the first place. Has anyone noticed that all those accounts are empty, as in no one is using them, no feedback, no activity, no bids, nothing?
Another issue: I now regularly google my name, username, email, married or maiden name (NOT paranoia) and I always find my proz.com CVs, which I selected to be viewed by logged-in users only. HOW IS THAT POSSIBLE?
Am I still a singular case of fraud for identity? Has anyone else been contacted by outsourcers to inform you that they received a business offer under your name? When will this nightmare be over??? ▲ Collapse
| | | | | Număr de pagini: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
