Pages in topic:   [1 2] >
Email address data breach from Proz
Thread poster: Thomas T. Frost
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
May 9

I have just received two empty emails titled 'A message from ProZ.com translation news' from Jared at proz.com, each containing about 500 of my colleagues' email addresses in the CC field in addition to my own.

Do you guys even know what you are doing any more, or have you been hacked?


Rachel Waddington
P.L.F. Persio
Zea_Mays
Luca Tutino
Philip Lees
Barbara Carrara
Chris Says Bye
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
TOPIC STARTER
Support ticket opened in the 'privacy' category May 9


Support request received
Your support request has been received and added to the ProZ.com support system.

Track the progress of your support request online.

There are currently 122 support requests from paying ProZ.com members in the queue. Please note that paying members are given priority support over non-members. We appreciate your patience.

View a f... See more

Support request received
Your support request has been received and added to the ProZ.com support system.

Track the progress of your support request online.

There are currently 122 support requests from paying ProZ.com members in the queue. Please note that paying members are given priority support over non-members. We appreciate your patience.

View a full list of membership benefits.
See what others say about their experience with paid ProZ.com membership.

An email acknowledgement has been sent to you at xxxxxxxxxxxxxxx. Support staff will respond as quickly as possible. You will receive a separate email notification when a response is submitted.


A privacy/data breach request at the end of a 122-request queue? Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines? Privacy has nothing to do with paid membership; it's a right.

[Edited at 2024-05-09 19:57 GMT]
Collapse


Jennifer Levey
Zea_Mays
Maria Teresa Borges de Almeida
Philip Lees
Barbara Carrara
P.L.F. Persio
Anton Konashenok
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
TOPIC STARTER
Spam May 9

Now there is spam at https://www.proz.com/forum/prozcom_technical_support/367436-no_strings_attached_relationships_relax_and_enjoy.html posted under the account of a user who registered 10 years ago.

Has the site been hacked?


Jennifer Levey
 
Lingua 5B
Lingua 5B  Identity Verified
Bosnia and Herzegovina
Local time: 18:37
Member (2009)
English to Croatian
+ ...
Hopefully not May 9

Thomas T. Frost wrote:

Now there is spam at https://www.proz.com/forum/prozcom_technical_support/367436-no_strings_attached_relationships_relax_and_enjoy.html posted under the account of a user who registered 10 years ago.

Has the site been hacked?


Hopefully not, that sounds scary.


 
Arne Krueger
Arne Krueger
Germany
Local time: 18:37
German to English
+ ...
??? May 9

Where is the entry from the brother from Africa??

What should be more concerning... WHO approved this entry? Or maybe we are all living in an illusion and communicate with bots...


 
Zea_Mays
Zea_Mays  Identity Verified
Italy
Local time: 18:37
English to German
+ ...
I alerted Jared and Lucia, May 9

the mods of this forum. Let's hope their accounts have not been hacked. (Meanwhile the spam post has been removed, so someone is checking.)

Thomas T. Frost
Maria Teresa Borges de Almeida
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
TOPIC STARTER
Support looking at it May 9

Yana from support replied to my support ticket and requested a copy of the emails, which have now been provided.

Maybe this is a good time to change my Proz password just in case, since we don't know what's going on yet. Hopefully, it's just a silly mistake or bug.


Zea_Mays
 
Luca Tutino
Luca Tutino  Identity Verified
Italy
Member (2002)
English to Italian
+ ...
Same message here, followed by a fishy "Invitation: Professional Opportunity" message. May 9

I also received a very similar empty message with the subject "A message from ProZ.com translation news", a long list of CC-ed addresses, and an empty body. Less than 2 hours later, I received another fishy message with the subject "Invitation: Professional Opportunity [...]". The invitation is appealing and detailed but contains a couple of suspicious clues, and is similar to a message which I received on March 16 and quickly denounced as a phishing attempt posing as coming from TransPerfect... See more
I also received a very similar empty message with the subject "A message from ProZ.com translation news", a long list of CC-ed addresses, and an empty body. Less than 2 hours later, I received another fishy message with the subject "Invitation: Professional Opportunity [...]". The invitation is appealing and detailed but contains a couple of suspicious clues, and is similar to a message which I received on March 16 and quickly denounced as a phishing attempt posing as coming from TransPerfect, but quickly denounced by "verification@transperfect.com".Collapse


Angie Garbarino
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
TOPIC STARTER
Reply from support below May 9

Thanks for the response and for sending the information requested.

I am afraid the issue is related to the last update in Translation news section only.

The site or login data was not compromised.

ProZ.com Staff will contact all affected users directly.

The development team is applying changes now to prevent something similar from happening again.

We are very sorry again for the inconvenience.


 
Philip Lees
Philip Lees  Identity Verified
Greece
Local time: 19:37
Greek to English
Upgrade May 10

Thomas T. Frost wrote:

Reply from support below

I am afraid the issue is related to the last update in Translation news section only.

So this is a consequence of the continuing "upgrade" of the ProZ website.

A team of programmers busily introducing new bugs (instead of fixing the old ones).


Barbara Carrara
Maria Teresa Borges de Almeida
Zea_Mays
Maciek Drobka
Yasutomo Kanazawa
 
Zea_Mays
Zea_Mays  Identity Verified
Italy
Local time: 18:37
English to German
+ ...
privacy culture May 10

Thomas T. Frost wrote:

Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines?


I think the awareness in the US of privacy and the laws around it are way behind the culture in European countries.
Actually, all the people on this CC list could file a complaint about this.
Maybe this is the right time for ProZ to take and make things seriously.


P.L.F. Persio
Maria Teresa Borges de Almeida
Barbara Carrara
Thomas T. Frost
Maciek Drobka
Yasutomo Kanazawa
Anna Sarah Krämer
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 17:37
Danish to English
+ ...
TOPIC STARTER
Coding May 10

Philip Lees wrote:

Thomas T. Frost wrote:

Reply from support below

I am afraid the issue is related to the last update in Translation news section only.

So this is a consequence of the continuing "upgrade" of the ProZ website.

A team of programmers busily introducing new bugs (instead of fixing the old ones).


As far as I understand, Proz realised that they found themselves between a rock and a hard place in terms of coding, as the coding standard was so old and out of date that further development would be difficult or impossible. When you compound this with the haphazard structure Proz has grown into with countless additions and duplications of functions through the years, quite possibly without much documentation, it looks like a nightmare scenario. Even for top-level developers, modernising and consolidating such a system is a major challenge, and I don't think Proz has the budget for top level. The current developers may not know how different parts of the code interact, why things were done as they were and what can go wrong if they change this or that. Even banks sometimes get this disastrously wrong. See for example The Guardian: TSB fined £48m over ‘serious failings’ in IT meltdown.

The public may believe big companies know what they are doing, but they often don't. I've seen this from the inside when working in IT. Understanding legacy systems at airlines, banks, etc. can be like discovering hidden rooms in a pyramid. Since IT was introduced back in the 1960s, there has been a widespread management failure across the board to ensure systems, coding, architectures, processes, etc. are properly documented for future maintenance. There seems to be a widespread misconception amongst management everywhere to the effect that if only a candidate understands the operating system and the programming language, then they can simply 'hit the ground running', to quote a management expression I thoroughly hate, and manage a highly complex system of program modules they know nothing about.

Proz made the basic mistake of not informing its users when this began, but they have belatedly told us what they are doing. When you explain a problem from the start, you can get the users on board, as they can see there is no easy solution, but when users first begin to notice one problem after another and no communication from staff, then the company ends up making enemies instead of allies.


Maciek Drobka
Charlie Bavington
Zea_Mays
Chris Says Bye
Jennifer Levey
Yasutomo Kanazawa
P.L.F. Persio
 
Data protection racket May 10

Zea_Mays wrote:

Thomas T. Frost wrote:

Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines?


I think the awareness in the US of privacy and the laws around it are way behind the culture in European countries.
Actually, all the people on this CC list could file a complaint about this.
Maybe this is the right time for ProZ to take and make things seriously.


An unnamed company, one which used to be a respected translation company and now owns Trados for some reason, notified me of a data breach last year, and I said can I have some money then, and they said no, so I wonder what the point of it all is really.


 
Zea_Mays
Zea_Mays  Identity Verified
Italy
Local time: 18:37
English to German
+ ...
file an official complaint May 10

Christopher Schröder wrote:

Zea_Mays wrote:

Actually, all the people on this CC list could file a complaint about this.


An unnamed company, one which used to be a respected translation company and now owns Trados for some reason, notified me of a data breach last year, and I said can I have some money then, and they said no, so I wonder what the point of it all is really.


From the web: "The GDPR gives you a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law. This includes both “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress)."
I think it is not enough to just ask them "give me money".

The most important point here is that the breach is the responsibility of ProZ itself.


Chris Says Bye
P.L.F. Persio
Maria Teresa Borges de Almeida
 
Lucia Leszinsky
Lucia Leszinsky
SITE STAFF
Thank you, investigating so that this doesn't repeat May 10

Hello everyone,

Thank you for reporting this, Thomas. Also thank you, Zea_Mays, for your alert message.

One of our developers has been working on an update to the Translation News service that requires adjustments to the email alerts service that notifies subscribers of new articles. The email some of you received was intended as an internal test, so I'm now investigating to see what happened and make sure it doesn't repeat.

Thomas T. Frost wrote:

Proz made the basic mistake of not informing its users when this began, but they have belatedly told us what they are doing. When you explain a problem from the start, you can get the users on board, as they can see there is no easy solution, but when users first begin to notice one problem after another and no communication from staff, then the company ends up making enemies instead of allies.


You are 100% right, Thomas. When updates started last year, the community should have been duly informed. We failed at that and we apologize. I also apologize for the inconveniences this may have caused you. A few smaller updates are still underway, and bugs may continue to appear, but the ProZ.com team is doing its best every day to address them in a timely and effective manner. Your reports and alerts are really helpful. So, thanks again.

Have a nice weekend everyone.

Lucia


Thomas T. Frost
Zea_Mays
Maria Teresa Borges de Almeida
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Email address data breach from Proz






Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »
CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

Buy now! »