Please Go Away Plaxo!

by Brian on 20. Aug, 2008 in Rants

So, a few months ago I posted and updated you about Plaxo revealing some user email addresses and I instantly deleted my account…

…or so I thought:

2008-08-20_1005

FAIL!

5 Responses to “Please Go Away Plaxo!”

  1. Redgee Capili 20. Aug, 2008 at 1:20 pm #

    Did you opt out or just deleted your account? If you just deleted your account, others can still invite you to join (again). But if you opt out, you won’t get further emails from Plaxo.

    ps: When you say “revealing email addresses”, the only issue which comes to mind was the passing of email addresses (of people you’re already connected to) embedded in links to your server logs (to which only you had access) when those same folks visited your site. That was patched immediately.

    Reply
  2. Redgee Capili 20. Aug, 2008 at 1:45 pm #

    Hmmm, actually – looking at this image a bit more, it’s a connection request – not an Invite. I wonder if you have another account?? Can you contact me directly so we can find out what’s up and delete it (if that’s the case). Thanks.

    Reply
  3. Brian 20. Aug, 2008 at 1:58 pm #

    Redgee – I appreciate you’re quick response to this – I’ll contact you directly and hopefully get this resolved.

    In reference to your first response – regardless of whether it was patched quickly or not, or whether someone was already connected to me, revealing email addresses is just too big a mistake to make me feel good about my contacts and data being housed securely with Plaxo, at least for now…

    Reply
  4. Redgee Capili 20. Aug, 2008 at 2:09 pm #

    Thanks. And certainly we were transparent to that mistake. We goofed – albeit that it was a minor leak. It was still a leak nonetheless.

    But the point I’d like to make to your readers is that your address book information, password, etc – were never in danger.

    The leak was due to a bad URL to blogs found in the weekly reminder emails sent to members. If the member clicked on that link, their email address was appended at the end of the url (in itself is not a problem). But the server hosting that blog would now have your email address in their server logs. (sigh). Again, no excuses.

    Thanks again Brian.

    Redgee

    Reply
  5. bdusablon 16. Feb, 2009 at 7:16 pm #

    In related news, I recently received more "would like to connect with you" requests from Plaxo. Not good.

    Reply

Leave a Reply