debeast
(o)(o)
Posts: 238 
Likes: 44
|
Post by debeast on Feb 14, 2014 12:06:45 GMT
Only just been informed but in a recent mail to all Gmail users SS just included us all in the To field.
So i can now see a nice list of the email addresses (pretty much comprised of real names) on all of SS's investors
*** guys!
|
|
badersleg
Member of DD Central
Posts: 180
Likes: 78
|
Post by badersleg on Feb 14, 2014 12:13:34 GMT
I didnt receive the email from SS but I did get this this email from a complete stranger-
" Hi,
Excuse the intrusion but the guy from saving stream made all of our email addresses visible.
I'd appreciate any feedback on what you know about this company, the returns are very attractive, but what's the risk?
Have any of you guys invested?
Regards "
Tim
|
|
|
|
Post by notaclue on Feb 14, 2014 12:27:46 GMT
I've just had a similar email too
Hi,
Excuse the intrusion but the guy from saving stream made all of our email addresses visible.
I'd appreciate any feedback on what you know about this company, the returns are very attractive, but what's the risk?
Have any of you guys invested?
Regards
not good !!!
|
|
|
|
Post by savingstream on Feb 14, 2014 12:44:03 GMT
To all Saving Stream investors with Gmail accounts:
Whilst attempting to inform those investors who have Gmail email accounts about the fact that some SS New Loan notification emails were ending up in Gmail's junk mail boxes, the email was accidentally sent using the TO field rather than the BCC field.
Please accept our sincere apologies for this embarrassing mistake. We can't apologise enough. We can only assure you we have taken steps to ensure this does not occur in the future.
With regards to registered users contacting each other for advice about our investment platform, whilst we cannot prevent this from happening, we would ask you kindly to not send unsolicited emails to the email addresses within the aforementioned email.
Kind regards,
Saving Stream
|
|
ramblin rose
Member of DD Central
“Some people grumble that roses have thorns; I am grateful that thorns have roses.” — Alphonse Karr
Posts: 1,370
Likes: 857
|
Post by ramblin rose on Feb 14, 2014 17:22:56 GMT
I was spared on this one as I don't use my gmail address for on-line finance things. It's a bad mess-up, but SS aren't alone in having done it - Funding Secure did the same thing, but to every lender on their list, in their first few weeks. They also apoligised, and it hasn't happenend since, but I did feel very aggrieved at the time.
|
|
|
|
Post by westcountryfunder on Feb 14, 2014 17:24:24 GMT
Yet another excellent reason for not using Gmail or any other cloud-based system!
|
|
oldgrumpy
Member of DD Central
Posts: 5,087
Likes: 3,233
|
Post by oldgrumpy on Feb 14, 2014 17:33:02 GMT
Or using your actual name in the address. PS any email with oldgrumpy@*******.com will not be me!  |
|
|
|
Post by batchoy on Feb 14, 2014 17:42:59 GMT
Or having your email as your userid (which seems so beloved of P2P platforms), the first step in the security of these peoples' accounts has now been breached, as there is now a (partial) list of SS userids in circulation.
|
|
oldgrumpy
Member of DD Central
Posts: 5,087
Likes: 3,233
|
Post by oldgrumpy on Feb 14, 2014 17:58:23 GMT
Or having your email as your userid (which seem so beloved of P2P platforms), the first step in the security of these peoples' accounts has now been breached, as there is now a (partial) list of SS userids in circulation. Grumpy doesn't like this one little bit. User name should be self selected and as odd as possible (not difficult for me!).
|
|
|
|
Post by batchoy on Feb 14, 2014 18:14:43 GMT
Or having your email as your userid (which seem so beloved of P2P platforms), the first step in the security of these peoples' accounts has now been breached, as there is now a (partial) list of SS userids in circulation. Grumpy doesn't like this one little bit. User name should be self selected and as odd as possible (not difficult for me!). The question now is does the SS system have the ability to detect multiple failed login attempts against valid userids and then lock the associated account, plus the ability for users to change their compromised userids.
|
|
|
|
Post by Lep Recorn on Feb 14, 2014 18:24:36 GMT
I commented on the other thread that the reply from SS to MONEY led to questions regarding their engineering competence. This breach of confidentiality must lead to further questions. Answers to those questions are now urgently required in the form of immediate upgrades to the user front- door security. If this does not happen I shall be withdrawing as quickly as possible.
|
|
mikes1531
Member of DD Central
Posts: 6,452
Likes: 2,320
|
Post by mikes1531 on Feb 14, 2014 18:27:37 GMT
Yet another excellent reason for not using Gmail or any other cloud-based system! I don't follow. The problem here was caused because FS sent out a mass email with the recipients' addresses in the To field rather than the Bcc field. It just happened that in this particular case they were trying to reach users with Gmail addresses, but they just as easily could have decided to send the message reminding people to check their spam folders to all their users, and then we'd all have been affected. Luckily for the rest of us, they didn't, but the fact that the people affected happened to be using a cloud-based email system has nothing to do with it. Or have I misunderstood something?
|
|
|
|
Post by batchoy on Feb 14, 2014 18:44:08 GMT
Yet another excellent reason for not using Gmail or any other cloud-based system! I don't follow. The problem here was caused because FS sent out a mass email with the recipients' addresses in the To field rather than the Bcc field. It just happened that in this particular case they were trying to reach users with Gmail addresses, but they just as easily could have decided to send the message reminding people to check their spam folders to all their users, and then we'd all have been affected. Luckily for the rest of us, they didn't, but the fact that the people affected happened to be using a cloud-based email system has nothing to do with it. Or have I misunderstood something? No misunderstanding, you are correct the error is solely down to poor practices by SS and could have affected anyone it just happened to be gmail users because the gmail mail filters have taken a dislike to SS and so it putting their email in people's junk folders. Sending using bulk emails using BCC is also a bad practice as BCC can fail with a similar result.
|
|
|
|
Post by davee39 on Feb 14, 2014 18:53:27 GMT
the gmail mail filters have taken a dislike to SS Clearly they are very wise filters!
|
|
