| Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | Illegal use of data from ProZ.com profile Thread poster: RoxanaTrad (X)
|
|---|
AWa wrote:
from outsourcingroom.com
Since finding out about it on Saturday I sent an e-mail a day demanding the deletion of my profile. Yesterday I gave them a 24 hour deadline before I'd take legal action. Next time I'll try that immendiately;-)
Of course they still have any data they harvested but at least they don't display it there anymore. I'll just have to search the web for myself more frequently in case they set up another site.
Same here,
On Monday I had sent them a second email demanding to be removed within 48 hrs and threatening to report them to the Interpol, this morning I checked and my profile has been canceled.
Still, what they have done is utterly illegal and against all privacy laws, therefore everybody affected and the Proz Staff have every right to undertake a legal action and have that darn website shut down.
[Edited at 2009-07-22 21:17 GMT]
| | | | | More details | Jul 22, 2009 |
Hi all,
It turns out that what happened at elance happened also at ProZ.com: certain contact information was obtained, from certain profiles, with it later appearing on outsourcingroom.com.
The data was accessed during the first week of June, ie. a little over a month ago (though as I have posted previously, it is older ProZ.com profiles that were affected.) Among the information accessed were username, password (encrypted, not readable), first name, last name, phone nu... See more Hi all,
It turns out that what happened at elance happened also at ProZ.com: certain contact information was obtained, from certain profiles, with it later appearing on outsourcingroom.com.
The data was accessed during the first week of June, ie. a little over a month ago (though as I have posted previously, it is older ProZ.com profiles that were affected.) Among the information accessed were username, password (encrypted, not readable), first name, last name, phone number, email address and some geographical fields.
As posted previously, ProZ.com does not accept or hold credit card or bank account information, national identity (ex. social security), corporate or other identity numbers, so this incident did not involve the loss of any of those.
The breach exploited a little-used area of the site that had not been updated for quite some time. The vulnerability has been corrected and further steps are being taken. We have begun efforts with relevent parties -- including outsourcingroom.com directly -- to have the unauthorized publishing of the data stopped.
In the meantime, to again quote Neil (thanks, Neil!):
What you should do is make sure that all of your accounts: ProZ, e-mail accounts, accounts for other web sites... have unique, secure passwords... Choose a separate, long, random sequence of letters, digits and symbols for your password for each account.
To update your password, go to: http://www.proz.com/?sp=new_password
I am very sorry for the trouble caused to all of you in this case. I also regret that it took so long for us to get to the bottom of this. If you have a question or specific concern about how you may have been affected, please submit a support ticket. We will try to respond to all tickets as quickly as possible.
I will be sending notification by email soon to those who may have been affected.
Thanks again for your help, folks.
Henry ▲ Collapse
| | | | | Thank you Henry | Jul 22, 2009 |
For the relatively quick and effective response to this issue (you see, contrary to popular belief, I can give credit where it is due )
Data theft of this magnitude is not easy to contain and it seems as if everything is on the right track to being resolved, with a little patience and time from all involved.
| | | | | Just to let you know, Henry | Jul 22, 2009 |
Both me and my two daughters registered at ProZ.com are among the affected.
I've already used their contact screen, giving a fake email, to demand removal.
We'll see if it works...
| | |
|
|
|
| Rather funny attitude | Jul 22, 2009 |
I find it a bit strange that the website in question, whose address or name I am unwilling to repeat because I will not give them the gift of further web traffic, is not deleting accounts until being specifically asked to do so.
Several colleagues have reported that their accounts were removed after giving the website in question a nudge, but mine is still there. I have not contacted them as I don't want to make matters worse (I will not give them another e-mail address and I prefer... See more I find it a bit strange that the website in question, whose address or name I am unwilling to repeat because I will not give them the gift of further web traffic, is not deleting accounts until being specifically asked to do so.
Several colleagues have reported that their accounts were removed after giving the website in question a nudge, but mine is still there. I have not contacted them as I don't want to make matters worse (I will not give them another e-mail address and I prefer for "my" account to remain there as proof for Interpol--if the site deletes the account, there will not remain any proof for potential legal action).
If the people behind the site in question are aware of the problem, why aren't they simply deleting all fraudulent accounts? I doubt it would be hard for them to find out which accounts are fraudulent and which ones are genuine... I suspect they will hold on to accounts (and stolen personal data) as long as nobody requests their removal. It is clear to me that that site is the only one to blame (to use the CEO's own terms) for these multiple identity thefts. ▲ Collapse
| | | | Uldis Liepkalns 
Latvia
Local time: 17:41
Member (2003)
English to Latvian
+ ...
| As my profile still is there | Jul 22, 2009 |
notwithstanding my demand to remove it, I sent a second demand, as well as reported them to Interpol.
Uldis
Iza Szczypka wrote: Both me and my two daughters registered at ProZ.com are among the affected. I've already used their contact screen, giving a fake email, to demand removal. We'll see if it works...
| | | | Neil Coffey
United Kingdom
Local time: 15:41
French to English
+ ...
| Think I managed to remove mine | Jul 22, 2009 |
For what it's worth, it looks like taking hold of the account (by using the "forgotton password" option with your ProZ user name and e-mail), then logging in and selecting "Remove Account" does stop your "account" from being publicly displayed. Or at least, it seems to have worked for me.
Obviously if you do this, make sure you give them a password that has nothing to do with any other password you ever use (especially not to do with your e-mail account!).
| | | | | Thank you, Lawyer-Linguist | Jul 23, 2009 |
Lawyer-Linguist wrote: For the relatively quick and effective response to this issue (you see, contrary to popular belief, I can give credit where it is due )
I appreciate this posting very much, Lawyer-Linguist.
| | |
|
|
|
Uldis Liepkalns
Latvia
Local time: 17:41
Member (2003)
English to Latvian
+ ...
| Doesn't seem to make much sense to me | Jul 23, 2009 |
Yes, I myself tried to do it yesterday, however no return email arrived.
But then- we can spend hours each to change/remove our profiles, they will run automatic backup restore and all our efforts/time will be down the drain.
And yes, sorry, this is politics, and forbidden there, but I'll risk it- I don't believe complaints to Interpol will help much, however, as Ukraine is attempting to do what it does, complaint from the US Company ProZ.com (having the office also in ... See more Yes, I myself tried to do it yesterday, however no return email arrived.
But then- we can spend hours each to change/remove our profiles, they will run automatic backup restore and all our efforts/time will be down the drain.
And yes, sorry, this is politics, and forbidden there, but I'll risk it- I don't believe complaints to Interpol will help much, however, as Ukraine is attempting to do what it does, complaint from the US Company ProZ.com (having the office also in Ukraine) to the US Embassy in Ukraine and following complaint from the US Embassy to Ukraine police might just do it... And some Ukrainian Law officer might get even an extra star for it (as far as I know how things are done in our parts).
Uldis
Neil Coffey wrote:
For what it's worth, it looks like taking hold of the account (by using the "forgotton password" option with your ProZ user name and e-mail), then logging in and selecting "Remove Account" does stop your "account" from being publicly displayed. Or at least, it seems to have worked for me.
▲ Collapse
| | | | Neil Coffey
United Kingdom
Local time: 15:41
French to English
+ ...
| Deleted is never deleted; legality | Jul 23, 2009 |
Uldis -- you're absolutely right: if that is their intention, they could certainly put the "deleted" profiles back. What's more, they wouldn't even need a backup: in practice, whenever you "delete" something from a database, it's practically never actually deleted. It's fairly standard practice never to actually delete data from a database; instead, some flag is set on the record in question saying "don't consider this any more", and the program accessing the database designed to take such fllag... See more Uldis -- you're absolutely right: if that is their intention, they could certainly put the "deleted" profiles back. What's more, they wouldn't even need a backup: in practice, whenever you "delete" something from a database, it's practically never actually deleted. It's fairly standard practice never to actually delete data from a database; instead, some flag is set on the record in question saying "don't consider this any more", and the program accessing the database designed to take such fllags into account.
(The reason for this practice is that the consequencesof data accidentally lost through accidental deletion is generally considered worse than the consequences of "deleted" data accidentally reappearing.)
However, the site's underlying motives may not actually be that nafarious. To me, it looks like they were essentially trying to "drum up trade": automatically registering people and hoping they would continue with the registration, meanwhile counting the profiles that they set up as "registered" users to make their site look higher-profile/more attractive to recruiters than it really is. If they were intending to use the data to hack into accounts, commit fraud etc, then I suspect that publishing the evidence of their fraud on their own web site isn't typical fraudster behaviour.
I'm not a legal expert, but I suspect Interpol will be powerless.
Not so much for political reasons in this case, but simply because it may not be clear that a crime has actually been committed. The site owners will argue that they are simply "indexing" data made publicly available via ProZ (or wherever). When you connect to a web server via a protocol specifically designed to publish data and say "can I have this data please" and the web server says "OK, here you are, then", it's hard for the owner of that web server to then claim you have "stolen" the data. Any legal case would probably hinge on whether inclusion of the scraped profiles in the site's user count was considered a fraudulent claim (and whether that's actually illegal in the Ukraine), whether the "indexing" of profiles that they claim to perform is considered "fair use", and whether the inclusion/indexing of those profiles is considered to be making an untrue claim about the individuals concerned (suggesting they're part of a web site that they're not), and whether that untrue claim is actually considered illegal.
I'd love to be proven wrong on this, but sadly it's what I suspect.
On the other hand, you MIGHT have more joy with the relevant domain registrar/hosting company. They may be able to shut the site down on the grounds that what they are doing is unethical/unacceptable, even if it's not deemed to be strictly illegal. ▲ Collapse
| | | | Niraja Nanjundan (X)
Local time: 20:11
German to English
Neil Coffey wrote:
However, the site's underlying motives may not actually be that nafarious. To me, it looks like they were essentially trying to "drum up trade": automatically registering people and hoping they would continue with the registration, meanwhile counting the profiles that they set up as "registered" users to make their site look higher-profile/more attractive to recruiters than it really is. If they were intending to use the data to hack into accounts, commit fraud etc, then I suspect that publishing the evidence of their fraud on their own web site isn't typical fraudster behaviour.
....this does seem to be the case.
I'm sure most of you have seen this, but on the right hand side of their home page is a column which says "Ready to work" with names of people from various professions (web and programming, sales and marketing, design and multimedia *and* writing and translation) who have actually uploaded photos and filled in their profiles with more details. They are obviously thinking of seriously using the site for professional purposes. Of course, this is no excuse for "stealing" data from other websites without the permission of its owners and some action should be taken, although as others have pointed out, I don't know how effective any legal action would be.
| | | | | Nobody seems to love me, sniff | Jul 23, 2009 |
I tried from all angles. My profile is just not there. Nobody seems to love me then.
Regards,
N. Raghavan
| | |
|
|
|
| yep, won't try again | Jul 23, 2009 |
Hi Uldis,
Uldis Liepkalns wrote:
But then- we can spend hours each to change/remove our profiles, they will run automatic backup restore and all our efforts/time will be down the drain.
I tried only once, the profile is still there, won't try a second time.
I'll be singing a different song here, but that's a typical trait , so here you go:
I think that from a business point of view having been over the Net for a long time with my name & family name will turn out to be "safer" than with an anonymous nick.
As said, acquired relations are not a problem, serious prospects not coming from offline channels/directly from my associations will double-check data..... after all easy with n & fn
Giuliana
[Edited at 2009-07-23 06:47 GMT]
| | | | Ralf Lemster
Germany
Local time: 16:41
English to German
+ ...
| Remove password restrictions? | Jul 23, 2009 |
Hi Henry,
Thanks for the explanations.
In the meantime, to again quote Neil (thanks, Neil!): What you should do is make sure that all of your accounts: ProZ, e-mail accounts, accounts for other web sites... have unique, secure passwords... Choose a separate, long, random sequence of letters, digits and symbols for your password for each account. To update your password, go to: http://www.proz.com/?sp=new_password
I noted that ProZ.com does not accept special characters for passwords, or passwords longer than 10 characters. Unless there is some compelling technical reason for this, you may want to lift these restrictions, to permit safer passwords.
Best regards,
Ralf
| | | | | Thank you Henry & Co. | Jul 23, 2009 |
I appreciate the update and information on what was behind the breach. Everything you mentioned correlates with what I found on that site when I finally succeeded in accessing my profile there in an attempt to remove it. After last year's Indian incident and various other pilfered content that I've found, I would say it appears that ProZ is a popular target for data theft of various sorts. I suppose it's nice to know that there is something worth stealing ... See more I appreciate the update and information on what was behind the breach. Everything you mentioned correlates with what I found on that site when I finally succeeded in accessing my profile there in an attempt to remove it. After last year's Indian incident and various other pilfered content that I've found, I would say it appears that ProZ is a popular target for data theft of various sorts. I suppose it's nice to know that there is something worth stealing If there isn't already a specific menu item for this in the support requests, you might think about adding one. Discussion forum posts, Twittering and blogs are all very nice for spreading the word and raising awareness, but if some sort of menu link that triggers notification of key people is in place it might help to resolve these things faster with less confusion.
And I tend to agree with Giuliana's point:
[quote]I think that from a business point of view having been over the Net for a long time with my ame] will turn out to be "safer" than with an anonymous nick.
Of course, safety through disclosure can have serious limits. ▲ Collapse
| | | | | Pages in topic: < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Illegal use of data from ProZ.com profile | Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
| | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
