User Tag List

12 Last

Results 1 to 10 of 14

  1. #1
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,904

    Default Notification To Members - Email Address Leak

    In an attempt to be more proactive in communicating to the membership about new developments on the forum, on Thursday, I used some native VBulletin functionality to message our members about the new customizable user profile feature. The message went to a subset of our members who were eligible to use this new feature. Unfortunately, when VBulletin sent out this message, it included email addresses in the "to" field. That apparently is how it works (there is no bcc functionality).

    What it means is that a list of email addresses of a subset of active members was circulated to a subset of our member base - specifically members with 500 posts or more. The email did not include member names. If you didn't receive the email, you weren't impacted.

    I offer my sincerest apologies for the mishap. The leadership team on the forum take your privacy seriously. The purpose of this note is to communicate some steps you can take to protect yourself and further steps that we are taking more broadly on the issue.

    First, these are all optional but there are a few things you can consider doing if you received the email:

    Name Change - For those who request it, if your are concerned there may be a connection to your forum and real name (or anything similar) we'll do an immediate name change. This won't count towards name change quotas.

    Change Email Adddress Outside the Forum - Some may wish to consider this. By deactivating and changing your account, it reduces the potential, albeit small, that your email address could be used for something other than what you wish. You'll have to do this action on your own

    Change Email Address on the Forum - You can change your email address on the forum by going into UserCP, My Account, Edit Email & Password. You have to put in your password and then jump down the the email address field and enter the desired email address twice. See attached for an example. Please note that you need to use a valid email address or your account will go into suspense.

    Notification To Members - Email Address Leak-email-address-change-jpg

    Account Deletion - Though it is our policy to not delete accounts, we are making an exception to the policy for those who request it for the next 30 days. While your posts will remain on the forum, your account profile will be gone and the posts will no longer be searchable by username. This is not necessarily recommended, but is an option should the member so desire. The action is irreversible. EDIT: You are also allowed to create a new ID after the deletion.

    As to what we're doing more broadly on the forum:

    No Bulk Emails - Except for the follow up email to impacted members notifying them of the issue, how it impacts them etc., we're not going to be sending out any more bulk emails. There is a way to do this securely, by generating an email address list and copying it into the BCC field of an email (as was done when we implemented Tapatalk). However, it's too easy to make a mistake and we're not going to take the risk.

    Forum Security Measures - We've taken a lot of steps to beef up forum security over the past few months already, as I've mentioned before. This has included hardening the operating system, removing unnecessary software, staying current on our software and mods, putting the site behind a firewall, implementing anti-malware software checks four times per day, and other items. The latest round of changes in this regard were made last weekend. We will continue to be diligent and look for opportunities to to improve and or maintain this.

    Taking Care With New Features - It's apparent that we need to more carefully consider the privacy related implications of any changes or enhancements we make to the forum. It will be a key consideration on implementation of any new features and forum enhancements in general moving forward.



    As always, any feedback you have on the matter would be appreciated.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  2. #2
    Senior Member INTJMom's Avatar
    Join Date
    Sep 2007
    MBTI
    INTJ
    Posts
    5,350

    Default

    My name was not in the email, so my account is fine.

    I deleted the email.

    But I wanted to keep the body of the email, so I forwarded it to myself... deleted all the email addresses... leaving only the body of the email
    so that I still have the link to get to the instructions on how to do the profile thing.

  3. #3
    Senior Member prplchknz's Avatar
    Join Date
    Jun 2007
    MBTI
    yupp
    Posts
    29,781

    Default

    there's at least 50 people with my same name. and that account i got when i was 12. plus no one wants to hurt me. and if they do that's fine, people will do what they do
    In no likes experiment.

    that is all

    i dunno what else to say so

  4. #4
    veteran attention whore Jeffster's Avatar
    Join Date
    Jun 2008
    MBTI
    ESFP
    Enneagram
    7w6 sx
    Socionics
    SEE Fi
    Posts
    6,727

    Default

    I don't get what the big deal is.
    Jeffster Illustrates the Artisan Temperament <---- click here

    "I like the sigs with quotes in them from other forum members." -- Oberon

    The SP Spazz Youtube Channel

  5. #5
    Riva
    Guest

    Default

    I don't see how deleting the account would help in keeping one's privacy - in this instance your email which might lead to your fp and other accounts -.

  6. #6
    Senior Member Nicodemus's Avatar
    Join Date
    Aug 2010
    Posts
    9,130

    Default

    You killed YWIR!


  7. #7
    Riva
    Guest

    Default

    ^
    And ginkgo.

    Edit - account deletion doesn't help keep privacy. If anything the email addresses should change assuming they lead to other accounts.

  8. #8
    shadow boxer strawberries's Avatar
    Join Date
    Apr 2010
    MBTI
    ----
    Posts
    950

    Default

    setting aside the privacy stuff from this incident, i don't think people need to receive emails on new features of the forum - bit spammy. if people are interested in what's new have a section on the forum that updates them.

  9. #9
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,904

    Default

    Quote Originally Posted by Riva View Post
    I don't see how deleting the account would help in keeping one's privacy - in this instance your email which might lead to your fp and other accounts -.
    Quote Originally Posted by Nicodemus View Post
    You killed YWIR!

    What some members have decided to do is to delete their accounts and then re-register. Some have changed their name prior to doing that. As to the value of deleting an account - it does make it harder to find information on a member. There are pros and cons. You lose all your posting history, which is of course the point but does have its downsides.

    Some of these overall suggestions might help:
    • Be careful what personal information you share online including in email, on social networking sites like Facebook and Twitter
    • Create a different email account for registering in social networking sites and other online spaces.
    • Don't feel obligated to fill out all fields when registering online or provide identifying information such as birth dates and place in required fields.
    • In your online user profile, use a photo that doesn’t identify you or your location, so you can’t be recognized.
    • Consider using a name that is not your real name or a nickname as your email name, screen name or user ID and pick a name that is gender and age neutral.
    • Services such as Facebook change their privacy policy all the time, so it is a good idea to check your privacy settings to make sure you are sharing the information you want to share with people you trust and not the general internet public.
    • Do an Internet search of your name and monitor where you appear online. If you find unauthorized info about yourself online, contact the website moderator to request its removal.

    Quote Originally Posted by strawberries View Post
    setting aside the privacy stuff from this incident, i don't think people need to receive emails on new features of the forum - bit spammy. if people are interested in what's new have a section on the forum that updates them.
    Good point. As mentioned above, we're not going to send out any more mass-emails. We have implemented a lot of new things over the past three months and one of the key feedback points in the Forum Improvement Committee discussions was actually that we needed to do a better job communicating those new things proactively. The need for better communication in general was a feedback point. In the future, we're looking at a redesign of the home page and/or using the "What's New" tab to allow highlighting of new features on the site. PMs are also another option that was suggested. If the stuff starts to feel spammy then please let the madmin team know or start a feedback thread.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  10. #10
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,904

    Default

    We also have a NEW option now to change the name in old quoted posts. For example, if you had a former member name that has a relationship with your real name, we can change all references to that old member name in quoted posts to the new member name.

    Example: Your real name is Joe. Your username was Joe at one point but you changed your member name to fluffyrabbit. Before your name change, your quoted posts will still reference Joe. The tool that we developed will allow us to change all references to Joe in those old threads to fluffyrabbit.

    If you want to do this, please just contact one of the moderators or admins on the forum.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

Similar Threads

  1. Getting introverts to respond to work email
    By thisGuy in forum Academics and Careers
    Replies: 24
    Last Post: 10-14-2011, 09:34 PM
  2. Let's give Holiday presents to members...
    By The Ü™ in forum The Bonfire
    Replies: 60
    Last Post: 11-16-2008, 07:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO