Pages sur ce sujet:   < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] >
Illegal use of data from ProZ.com profile
Auteur du fil: RoxanaTrad (X)
Henry Dotterer
Henry Dotterer
Local time: 01:46
CRÉATEUR DU SITE
Thanks for clarification, Katalin Jul 22, 2009

Katalin Horvath McClure wrote:
Henry D wrote:
... the data fields do not line up, which suggests crawling without access to a database. (Katalin found her middle name in the place for a first name, for example.)

Henry, I think you got it wrong.
On ProZ, there is no field for the middle name, only First name and Last Name.

Thanks for clarifying your case, Katalin, I should not have used that as an example, but still, the fields don't correspond in any of the ways they might be expected to if they had direct access to the ProZ.com database. I'll explain to you offline if you like.


 
Neil Coffey
Neil Coffey  Identity Verified
Royaume-Uni
Local time: 06:46
français vers anglais
+ ...
They've acted unethically but stop the conspiracy theories! Jul 22, 2009

People, people... what the web site in question has done is clearly irritating and unethical.

But it isn't helpful for us to concoct implausible conspiracy theories either.

Speaking as a programmer, I completely agree with Henry: there's really little evidence that they've done anything other than a boring old web scrape with one or two slight sophistications. So yes, it looks like they've amalgamated different pieces of profile data that were public at different times.
... See more
People, people... what the web site in question has done is clearly irritating and unethical.

But it isn't helpful for us to concoct implausible conspiracy theories either.

Speaking as a programmer, I completely agree with Henry: there's really little evidence that they've done anything other than a boring old web scrape with one or two slight sophistications. So yes, it looks like they've amalgamated different pieces of profile data that were public at different times. But this is really a pretty easy programming task, made all the more easier since user IDs don't change, so the scrapers have a unique identifier they can use to match up the versions of the profiles.

Katalin: in the "Contact" page, if you look closely you'll see there's a double space between the first name field and surname fields (it's more obvious in the source HTML than on the page as it appears in the browser). It's really more likely they've just looked for a double space than hacked the database to separate these fields!

Things like replacing the first name with an initial and full stop if the name is beyond a certain length is also really trivial, even if it does coincidentally make the name match the name on your credit card (yes, even your credit card company were clever enough to come up with the same scheme!).

Honestly, it's much easier to pay a programmer in India 10 dollars to knock up a computer program to do the above than base your business model on stealing backup tapes and hacking into servers!

So I'm not condoning what they've done. I myself am irritated at being included in their "user" count when I have never used their site, and in no way wish to be associated with their unethical practices. But we should be careful about creating conspiracy theories too. On this occasion, Princess Diana probably did just die in a car crash.
Collapse


 
Luis Arri Cibils
Luis Arri Cibils  Identity Verified
Local time: 00:46
anglais vers espagnol
+ ...
No longer any doubts Jul 22, 2009

Henry D wrote:

Katalin Horvath McClure wrote:
Henry D wrote:
... the data fields do not line up, which suggests crawling without access to a database. (Katalin found her middle name in the place for a first name, for example.)

Henry, I think you got it wrong.
On ProZ, there is no field for the middle name, only First name and Last Name.

Thanks for clarifying your case, Katalin, I should not have used that as an example, but still, the fields don't correspond in any of the ways they might be expected to if they had direct access to the ProZ.com database. I'll explain to you offline if you like.


Hi Henry,

Again, no problems re the info they got. However, I no longer have any doubts that the data was obtained via ProZ private information. Of course, with my assurances and 3 bucks you might get a cup of coffee at Starbuck.

I went to the site, click on the change profile link at the bottom of the page and was asked for a password. Of course, I could not give any. I asked for info; I was asked for an email address. I created one; not good I was told. I tried with my alternate address, available on ProZ, no luck. Then I used my regular commercial email address. I got a message saying I would received instructions on my regulat email inbox to chamge the password, which I did.

I changed the password, put some nonsense as I would never use it again, but neither could them (unless them is outsourcingroom), accesed my profile and deleted it, but not before looking what it was there. I found my telephone number, which appears on the private info I gave to ProZ.

Legally speaking, and I aint interested in legalities, they could have obtained both my email address and my home telephone number from my profile at the ATA website. But, then, why would the identity thief would care about my mother's maiden name, my second last name, as it appears on ProZ, as well as on outsourcingroom.

You can be sure that I am not publishing freely my telephone number on the Net, other than at the ATA site.

In any event, as far as I know, no harm was done. The most critical info they could have gotten through ProZ is the emaol address linked to my PayPal account, but not my PW to that email account or my PW at PayPal. I am assuming that any credit card info that I might have provided to ProZ, say to renew my mebership, was adequately protected.

However, I would think we have to forget whether they got the info from ProZ or not, whether it happened because there was or still there is a rotten apple inside, or whether it happened just because they are one hell of a hacker. After all, they cracked Elance too, and are contacting Elance's clients. Rather, we should focus on what to do next. My profile is no longer available to the public in general, but outsourcingroom.com, the most likely guilty party, perhaps, still have my info. Contacting Interpol is most likely the best approach. Number one in my to do list.

Best to all,

Luis

[Edited at 2009-07-22 02:50 GMT]

[Edited at 2009-07-22 02:51 GMT]

[Edited at 2009-07-22 02:59 GMT]


 
Damian Harrison (X)
Damian Harrison (X)
Allemagne
Local time: 07:46
allemand vers anglais
Unsolicited mail Jul 22, 2009

Henry D wrote:


Here, to build upon Neil and Katalin's experiment, I wonder: has anyone received an unsolicited email from outsourcingroom?



I received the following mail on 10.07.09. Have not yet checked to see whether an account has been created in my name.

Subject: To Damian Harrison, M.A.

Dear %who,

This is our pleasure to introduce our new project, an international translation workplace where translators, interpreters, translation companies and end clients can meet and work efficiently and profitably.

Are you a professional translator or interpreter?
Join the world's leading community of translators and interpreters.

Looking for a translator or translation company?
Describe your need in a job posting, or search the industry's largest directories of professional translators.

Take a moment to discover the number of projects and ready to work freelancers and visit our new website www.oroom.info


 
Raffaella Panigada
Raffaella Panigada  Identity Verified
Suisse
Local time: 07:46
Membre (2007)
anglais vers italien
+ ...
Unsolicited mail Jul 22, 2009

The unsolicited mail described by Damian is exactly the same I remembered receiving a while ago. Unfortunately I deleted it. But it was addressed to the mailbox I use for communications with ProZ, not to the one I use for business. They might have got it elsewhere, but I think the numbers reported here are beyond coincidence.
Although at this stage my login name is the only data they seem to have stolen (I still have to try to access my profile using my e-mail address) I also noticed an in
... See more
The unsolicited mail described by Damian is exactly the same I remembered receiving a while ago. Unfortunately I deleted it. But it was addressed to the mailbox I use for communications with ProZ, not to the one I use for business. They might have got it elsewhere, but I think the numbers reported here are beyond coincidence.
Although at this stage my login name is the only data they seem to have stolen (I still have to try to access my profile using my e-mail address) I also noticed an increase in the number of visits to my profile originating from Russia (and China, but I hope this doesn't mean I appear in a Chinese version of OR).

Raffaella

[Edited at 2009-07-22 05:14 GMT]

[Edited at 2009-07-22 06:41 GMT]
Collapse


 
avsie (X)
avsie (X)  Identity Verified
Local time: 07:46
anglais vers français
+ ...
Not successful at getting password Jul 22, 2009

I tried to reset my password, as many of you did. However I never received the e-mail with the link for resetting my password, even after three attempts. I suspect their e-mails were blocked directly by my ISP and never reached my inbox at all. The e-mail address they have on file is the same used for all communications via ProZ.

 
hazmatgerman (X)
hazmatgerman (X)
Local time: 07:46
anglais vers allemand
some security procedures Jul 22, 2009

To the site management:
it may be worth thinking about
- systematically checking whether ProZ users without the pertinent data available at ProZ have seen their data misused - this could pinpoint fields with restricted access
- comparing access log files with data versions on ProZ and what could/can later be found elsewhere to establish likely time windows
- planting deliberate and unique but plausible misinformation in the same format as the misused data in bogus profile
... See more
To the site management:
it may be worth thinking about
- systematically checking whether ProZ users without the pertinent data available at ProZ have seen their data misused - this could pinpoint fields with restricted access
- comparing access log files with data versions on ProZ and what could/can later be found elsewhere to establish likely time windows
- planting deliberate and unique but plausible misinformation in the same format as the misused data in bogus profiles and monitor if it gets misused, too.
If any of these yield further grounds for suspicion it might well be best to refer the matter to the competent authorities. Otherwise, considering the site safe may be an unjustifiable assumption.
Regards.
Collapse


 
Didier Briel
Didier Briel  Identity Verified
France
Local time: 07:46
anglais vers français
+ ...
Whois is more reliable Jul 22, 2009

Katalin Horvath McClure wrote:
On the other hand, I did some further investigation on the issue.
In the header of the email I got when I performed the "I forgot my password" experiment (see earlier post) was this:
[213.155.5.136] (helo=outsourcingroom.com)

This IP address shows up in the Melissa database as:
Country NAMIBIA
ISP XMIRRORS - EUGENY GALKIN.


A whois on this address gives:
inetnum: 213.155.5.136 - 213.155.5.143
netname: outsourcingroom
descr: outsourcingroom - Dmitriy Ohrimenko
country: NA
admin-c: DO40-RIPE
tech-c: DO40-RIPE
status: ASSIGNED PA
mnt-by: MNT-HOSTINGUA
source: RIPE # Filtered

person: Dmitriy Ohrimenko

(I'm not publishing address and telephone number, but they are available.)

route: 213.155.0.0/19
descr: Datacenter Hosting.UA

So Namibia is rather unlikely.

A traceroute confirms it, the last point before reaching the address being in Ukraine.

Didier


 
AWa (X)
AWa (X)
Local time: 07:46
anglais vers allemand
+ ...
Finally my profile has been removed Jul 22, 2009

from outsourcingroom.com

Since finding out about it on Saturday I sent an e-mail a day demanding the deletion of my profile. Yesterday I gave them a 24 hour deadline before I'd take legal action. Next time I'll try that immendiately;-)

Of course they still have any data they harvested but at least they don't display it there anymore. I'll just have to search the web for myself more frequently in case they set up another site.


 
Henry Dotterer
Henry Dotterer
Local time: 01:46
CRÉATEUR DU SITE
Thanks, Damian Jul 22, 2009

Damian Harrison, M.A. wrote:
Henry D wrote:
Here, to build upon Neil and Katalin's experiment, I wonder: has anyone received an unsolicited email from outsourcingroom?

I received the following mail on 10.07.09. Have not yet checked to see whether an account has been created in my name.

Subject: To Damian Harrison, M.A.

Dear %who,

This is our pleasure to introduce our new project... visit our new website www.oroom.info

Thanks, Damian and Raffaella. That would appear to seal it. You never entered your email address at their site, but they have it anyway. They evidently got it here.

I'll post in few minutes with what we now know.


 
Henry Dotterer
Henry Dotterer
Local time: 01:46
CRÉATEUR DU SITE
What we know now Jul 22, 2009

OK, folks, here is the latest.

First, Neil's post is spot on. It seems fairly clear that direct access to the database was not obtained. Everything points to them doing, as Neil put it, "a boring old web scrape with one or two slight sophistications". In that way, the public areas, at least, of approximately 1/3 of ProZ.com profiles were definitely crawled. (If your profile is higher than 145,000, you probably were not affected... unless you are also at elance.)

The bad
... See more
OK, folks, here is the latest.

First, Neil's post is spot on. It seems fairly clear that direct access to the database was not obtained. Everything points to them doing, as Neil put it, "a boring old web scrape with one or two slight sophistications". In that way, the public areas, at least, of approximately 1/3 of ProZ.com profiles were definitely crawled. (If your profile is higher than 145,000, you probably were not affected... unless you are also at elance.)

The bad news starts beyond that. Unfortunately, the evidence would point to the fact that the "slight sophistications" in crawling that Neil refers have somehow yielded access to email addresses (and possibly other contact data) -- at least in some cases.

For this, I have to apologize. I know that many of you have been inconvenienced and unsettled by the appearance of your contact details on another site. To the extent those contact details have included information that was supposed to have been kept private at ProZ.com, I'm very sorry. I accept full personal responsibility for letting you all down in this case. I will do my best to make this situation right as soon as I can, to the extent that I can.

We don't yet know in what percentage of profiles supposedly private data was breached, but we continue to make progress in the job of reviewing the data, and I am fairly certain we'll have more specifics for you soon. (Your reports have been very helpful.) When we have a clearer picture, we'll notify those affected.

In the meantime, I want to reiterate that ProZ.com does not take or save credit card, bank or other payment data. Even if it seemed that you entered a credit card at ProZ.com, the data in fact went straight to Paypal or other large payment processor. So at this point, apart from the inconvenience to all of you and us, spam is the worst outcome I can think of to come out of this breach.

As I say, we'll keep you posted.
Collapse


 
Henry Dotterer
Henry Dotterer
Local time: 01:46
CRÉATEUR DU SITE
Thanks, hazmatgerman Jul 22, 2009

wrote:

To the site management:
it may be worth thinking about
- systematically checking whether ProZ users without the pertinent data available at ProZ have seen their data misused - this could pinpoint fields with restricted access
- comparing access log files with data versions on ProZ and what could/can later be found elsewhere to establish likely time windows

Thanks, hazmatgerman. That is exactly the sort of thing we are in the thick of now.


 
Edward Vreeburg
Edward Vreeburg  Identity Verified
Pays-Bas
Local time: 07:46
Membre (2008)
anglais vers néerlandais
+ ...
Found my details and they where removed within 24 hours Jul 22, 2009

I responded yesterday afternoon using the webform on their site and a little threatening language + fake email address. My details where removed this morning already...

Ed


 
Charlie Bavington
Charlie Bavington  Identity Verified
Local time: 06:46
français vers anglais
I was thinking opportunism rather than conspiracy Jul 22, 2009

Neil Coffey wrote:

People, people... what the web site in question has done is clearly irritating and unethical.

But it isn't helpful for us to concoct implausible conspiracy theories either.

Neil, Neil,
'Twas hardly a conspiracy theory, just bouncing ideas around. Like burglars and windows left open, people look for easy ways to get the ball rolling. I certainly was not imagining Brinks Mat, or even the Pink Panther, but the apparent coincidence of geography involved was also a factor, I confess.
I admit I was also working on the hypothesis that (almost) everyone on here was on there (and some more than once). If it is now known that only about a third of us are on there, that does put a slightly different complexion on it, for sure.

I'm still not sure they ever put a man on the moon, though.


 
Angie Garbarino
Angie Garbarino  Identity Verified
Local time: 07:46
Membre (2003)
français vers italien
+ ...
Info (perhaps it can be useful) Jul 22, 2009

Henry D wrote:
(If your profile is higher than 145,000, you probably were not affected... unless you are also at elance.)


Hi Henry

If it can be useful, my profile is lower than 145,000 (it dates 2003) but it was not affected, I searched very carefully with any possible combination but I am NOT there.

I don't know if this info can be useful to you, just wanted to let you know.

Angio


 
Pages sur ce sujet:   < [1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Illegal use of data from ProZ.com profile






TM-Town
Manage your TMs and Terms ... and boost your translation business

Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »