| Pages in topic: [1 2] > | Email address data breach from Proz Thread poster: Thomas T. Frost
|
|---|
I have just received two empty emails titled 'A message from ProZ.com translation news' from Jared at proz.com, each containing about 500 of my colleagues' email addresses in the CC field in addition to my own.
Do you guys even know what you are doing any more, or have you been hacked?
| | | | Thomas T. Frost 
Portugal
Local time: 22:55
Danish to English
+ ...
TOPIC STARTER | Support ticket opened in the 'privacy' category | May 9 |
Support request received
Your support request has been received and added to the ProZ.com support system.
Track the progress of your support request online.
There are currently 122 support requests from paying ProZ.com members in the queue. Please note that paying members are given priority support over non-members. We appreciate your patience.
View a f
... See more
Support request received
Your support request has been received and added to the ProZ.com support system.
Track the progress of your support request online.
There are currently 122 support requests from paying ProZ.com members in the queue. Please note that paying members are given priority support over non-members. We appreciate your patience.
View a full list of membership benefits.
See what others say about their experience with paid ProZ.com membership.
An email acknowledgement has been sent to you at xxxxxxxxxxxxxxx. Support staff will respond as quickly as possible. You will receive a separate email notification when a response is submitted.
A privacy/data breach request at the end of a 122-request queue? Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines? Privacy has nothing to do with paid membership; it's a right.
[Edited at 2024-05-09 19:57 GMT] ▲ Collapse
| | | | Thomas T. Frost
Portugal
Local time: 22:55
Danish to English
+ ...
TOPIC STARTER | Lingua 5B
Bosnia and Herzegovina
Local time: 23:55
Member (2009)
English to Croatian
+ ...
Hopefully not, that sounds scary.
| | |
|
|
|
Arne Krueger
Germany
Local time: 23:55
German to English
+ ...
Where is the entry from the brother from Africa??
What should be more concerning... WHO approved this entry? Or maybe we are all living in an illusion and communicate with bots...
| | | | Zea_Mays
Italy
Local time: 23:55
Member (2009)
English to German
+ ...
| I alerted Jared and Lucia, | May 9 |
the mods of this forum. Let's hope their accounts have not been hacked. (Meanwhile the spam post has been removed, so someone is checking.)
| | | | Thomas T. Frost
Portugal
Local time: 22:55
Danish to English
+ ...
TOPIC STARTER | Support looking at it | May 9 |
Yana from support replied to my support ticket and requested a copy of the emails, which have now been provided.
Maybe this is a good time to change my Proz password just in case, since we don't know what's going on yet. Hopefully, it's just a silly mistake or bug.
| | | | Luca Tutino
Italy
Member (2002)
English to Italian
+ ...
| Same message here, followed by a fishy "Invitation: Professional Opportunity" message. | May 9 |
I also received a very similar empty message with the subject "A message from ProZ.com translation news", a long list of CC-ed addresses, and an empty body. Less than 2 hours later, I received another fishy message with the subject "Invitation: Professional Opportunity [...]". The invitation is appealing and detailed but contains a couple of suspicious clues, and is similar to a message which I received on March 16 and quickly denounced as a phishing attempt posing as coming from TransPerfect... See more I also received a very similar empty message with the subject "A message from ProZ.com translation news", a long list of CC-ed addresses, and an empty body. Less than 2 hours later, I received another fishy message with the subject "Invitation: Professional Opportunity [...]". The invitation is appealing and detailed but contains a couple of suspicious clues, and is similar to a message which I received on March 16 and quickly denounced as a phishing attempt posing as coming from TransPerfect, but quickly denounced by "[email protected]". ▲ Collapse
| | |
|
|
|
Thomas T. Frost
Portugal
Local time: 22:55
Danish to English
+ ...
TOPIC STARTER | Reply from support below | May 9 |
Thanks for the response and for sending the information requested.
I am afraid the issue is related to the last update in Translation news section only.
The site or login data was not compromised.
ProZ.com Staff will contact all affected users directly.
The development team is applying changes now to prevent something similar from happening again.
We are very sorry again for the inconvenience.
| | | |
Thomas T. Frost wrote:
Reply from support below
I am afraid the issue is related to the last update in Translation news section only.
So this is a consequence of the continuing "upgrade" of the ProZ website.
A team of programmers busily introducing new bugs (instead of fixing the old ones).
| | | | Zea_Mays
Italy
Local time: 23:55
Member (2009)
English to German
+ ...
Thomas T. Frost wrote:
Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines?
I think the awareness in the US of privacy and the laws around it are way behind the culture in European countries.
Actually, all the people on this CC list could file a complaint about this.
Maybe this is the right time for ProZ to take and make things seriously.
| | | | Thomas T. Frost
Portugal
Local time: 22:55
Danish to English
+ ...
TOPIC STARTER
Philip Lees wrote: Thomas T. Frost wrote:
Reply from support below
I am afraid the issue is related to the last update in Translation news section only.
So this is a consequence of the continuing "upgrade" of the ProZ website. A team of programmers busily introducing new bugs (instead of fixing the old ones).
As far as I understand, Proz realised that they found themselves between a rock and a hard place in terms of coding, as the coding standard was so old and out of date that further development would be difficult or impossible. When you compound this with the haphazard structure Proz has grown into with countless additions and duplications of functions through the years, quite possibly without much documentation, it looks like a nightmare scenario. Even for top-level developers, modernising and consolidating such a system is a major challenge, and I don't think Proz has the budget for top level. The current developers may not know how different parts of the code interact, why things were done as they were and what can go wrong if they change this or that. Even banks sometimes get this disastrously wrong. See for example The Guardian: TSB fined £48m over ‘serious failings’ in IT meltdown.
The public may believe big companies know what they are doing, but they often don't. I've seen this from the inside when working in IT. Understanding legacy systems at airlines, banks, etc. can be like discovering hidden rooms in a pyramid. Since IT was introduced back in the 1960s, there has been a widespread management failure across the board to ensure systems, coding, architectures, processes, etc. are properly documented for future maintenance. There seems to be a widespread misconception amongst management everywhere to the effect that if only a candidate understands the operating system and the programming language, then they can simply 'hit the ground running', to quote a management expression I thoroughly hate, and manage a highly complex system of program modules they know nothing about.
Proz made the basic mistake of not informing its users when this began, but they have belatedly told us what they are doing. When you explain a problem from the start, you can get the users on board, as they can see there is no easy solution, but when users first begin to notice one problem after another and no communication from staff, then the company ends up making enemies instead of allies.
| | |
|
|
|
| Data protection racket | May 10 |
Zea_Mays wrote: Thomas T. Frost wrote:
Does Proz prefer that we report it to an EU data protection authority instead, leading to potential fines? I think the awareness in the US of privacy and the laws around it are way behind the culture in European countries. Actually, all the people on this CC list could file a complaint about this. Maybe this is the right time for ProZ to take and make things seriously.
An unnamed company, one which used to be a respected translation company and now owns Trados for some reason, notified me of a data breach last year, and I said can I have some money then, and they said no, so I wonder what the point of it all is really.
| | | | Zea_Mays
Italy
Local time: 23:55
Member (2009)
English to German
+ ...
| file an official complaint | May 10 |
Christopher Schröder wrote: Zea_Mays wrote:
Actually, all the people on this CC list could file a complaint about this.
An unnamed company, one which used to be a respected translation company and now owns Trados for some reason, notified me of a data breach last year, and I said can I have some money then, and they said no, so I wonder what the point of it all is really.
From the web: "The GDPR gives you a right to claim compensation from an organisation if you have suffered damage as a result of it breaking data protection law. This includes both “material damage” (e.g. you have lost money) or “non-material damage” (e.g. you have suffered distress)."
I think it is not enough to just ask them "give me money". 
The most important point here is that the breach is the responsibility of ProZ itself.
| | | | | Thank you, investigating so that this doesn't repeat | May 10 |
Hello everyone,
Thank you for reporting this, Thomas. Also thank you, Zea_Mays, for your alert message.
One of our developers has been working on an update to the Translation News service that requires adjustments to the email alerts service that notifies subscribers of new articles. The email some of you received was intended as an internal test, so I'm now investigating to see what happened and make sure it doesn't repeat.
Thomas T. Frost wrote:
Proz made the basic mistake of not informing its users when this began, but they have belatedly told us what they are doing. When you explain a problem from the start, you can get the users on board, as they can see there is no easy solution, but when users first begin to notice one problem after another and no communication from staff, then the company ends up making enemies instead of allies.
You are 100% right, Thomas. When updates started last year, the community should have been duly informed. We failed at that and we apologize. I also apologize for the inconveniences this may have caused you. A few smaller updates are still underway, and bugs may continue to appear, but the ProZ.com team is doing its best every day to address them in a timely and effective manner. Your reports and alerts are really helpful. So, thanks again.
Have a nice weekend everyone.
Lucia
| | | | | Pages in topic: [1 2] > | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Email address data breach from Proz | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
