Normally, when a website inadvertently publishes the personal information of 2436 people to the internet, they apologize. Of course that requires an executive decision and good luck finding the EC owner on the beach. With the announcement of the new EC forums coming soon, it wasn’t too hard to guess the actual URL. (Hmm, I bet it has “Entrecard and Forums” in it) While the pages have now been taken down, they were up for hours letting any spammer collect your email address. Below are two screenshots. One showing the email page, the other showing the Oh So Secret Mod Forums. Notice how there has been no mod discussion since September? Way to communicate guys! Note: unlike EC, I was kind enough to black out personal information.
My favorite? “Keep an eye on cats!” Coming next week, “Firestorm Secrets!”
You mean to tell me they published my email information without my permission?! OMFG. Heads will roll!
Doubt those heads roll very far, asshats make excellent speed bumps.
So they’ve effectively ported it over and used the email addresses as usernames? Thinking about it I don;t think there was a simple way to do it without that happening but you’d think knowing thats how it worked he wouldn’t even try it?
It’s easy enough to hide the email addresses in v-bulletin. The issue is having it go live instead of creating a virtual host to view locally “just in case”. It’s just irresponsible. Now the page requires permission. Great idea after the fact.
yeah its simple enough not to show email addresses in vbulletin but its another thing not to show usernames on the memberslist. In order to port the old database over to vb the usernames would have to match up so the usernames would have to be the email addresses that EC uses for that. You just can’t hide that on vb.
Not arguing on the issue just that the method he chose to port it doesn’t make sense even if it was only on a virtual host as if they eventually did go live you’d still have the email addresses sitting there as the usernames for everyone to see.
That can’t possibly be the final version, since they stated the new forum will have a universal login. As for going live, they mentioned some time this weekend. Not that you want to set your clock by any of their claims.
What a f*ckup
Still, about par for the course for that particular operation.
A vindictive man might have emailed all 2436 to warn them that they were thus exposed… just a thought
Cheers, Andrew
Nice sleuthing! I had all but forgotten the lackluster promise of new forums — what, weeks ago now?
And lol! @ 2436. I caught that.
Ah Turnip, why is the man such a dick? Entrecard had so much going for it and he has just been an absolute ASSHAT and I will bet he drives it right into the ground. So damned sad. I met a lot of great people there, now it is just a thing.
I noticed that the forums were down for a long time on Friday.
It’s just one thing after another, isn’t it?
BTW, I love the blackouts on Graham’s email address. I’m sure that was just an oversight.
http://entrecard.com/forums/3/17139/#p=11
Nice, they claim that they knew their security was breached “one hour after it happened”. Yet they don’t make an announcement until over 12 hours later because “we think it was only one person”. Duh.
Listen up, jackass. Time you pull your pointy head out of your rear end.
1. You violated your own TOS policy by playing fast and loose with your users data. What’s next, blaming the interns? Either you run your company or you don’t. Deal with it. Take the blame just once and don’t blame some vietnamese coder.
2. You claim the URL was some secret internal URL. The url was forums.entrecard.com which was my first guess, as your server records probably told you.
3. It’s your responsibility to report the incident to your users. Not to have some ex-member post about your goof and then finally have your own members read about it hours later still.
4. Not once in your entire reply do I see the words “sorry” or “apology”. Nothing new for EC in 2009.
We should all keep an eye on cats. He is very funny and very witty. I think he will go far.
Unbelievable …. the mismanagement continues. People begged for a new forum and now that there is little interest in a forum or Entrecard, they get one and get their email addresses compromised to boot. I think they should have asked people if they wanted to be a member of the new forums. A lot of people simply lost interest due to all the censorship. There’s plenty of forums around that actually encourage lively conversation and differing points of view. (Formerly DotComMogul until I sold it).
They will change privacy forever!
lmao: Isn’t that one of your forums being discussed in that mod screenshot where it says “Who deleted the firestorm blog?”?
What I find interesting is that since you wrote about this security flaw, Graham has been active in the EC forums again.
He’ll disappear again in a few days.
He’ll stop his damage control spam by noon tomorrow. Funny how none of his forum lackeys have asked “why was our info ever put on the net like this?” They like to blame the messenger, and not the organization showing the lapse in judgement.
Graham must hate you Turnip..probably has your photo in his office and throws darts at it all day…:)
Teasa: Why? Public humiliation should be nothing new for him. This is actually a case of news reporting. Say you typed forums.visa.com and you saw all the names and credit card numbers of every card holder. You don’t blame the news source; you blame the company that exposed the info to the public. Graham can hate anyone he chooses, but the blame is still on his shoulders. Wonder if anyone still buys his phoney version of events?
Yikes! I don’t use the EC forum anymore because the reason I loved it before (the bloggers with all the great advice) are no longer there. Now it’s mostly newbies. Is there another forum where x-ec’ers meet?
Gina, you need to come visit us at cmfads.com forum. I think you will know almost everyone there, minus the spammers.
Ugh! I’m supposedly a moderator and didn’t read about this in the EC forums, but here…shows how much communication we mods get.
Hey Turnip: if you want a good laugh 1 of the modz deleted Graham’z cancer blog for not meetin EC’z T&C! BTW: your still listed wiz asshatz favorite blogz he lovez you so much he wantz 2 be you
That blog was a joke and a lie. He paid a top stumbler to stumble his posts and he barely dropped a single card. Doesn’t that tell you all you need to know about him? His blog advice is recycled trash at best, and insulting at worse.
Just sent them this email. In case image tags don’t work, here’s the pic:
http://img213.imageshack.us/img213/3272/entrecardemailrn9.jpg
Part of their corporate strategy is to never issue an apology or deny wrongdoing. I applaud your decision. Now how long until their investor sends the same letter?