Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

More information on profile issue

Highlighted
Community Guru
Garnor M Member Since: Oct 29, 2014
1 of 39

UPDATE: this thread has been closed from further replies.

 

Hi all,

Thanks for your patience while we gathered more information on the issue you saw earlier today on Upwork. This issue was causing some users to see another member’s profile picture and Job Feed after logging in to the Upwork site.


Here’s a quick summary of what occurred and confirmation that we’ve resolved the issue. As you’ll see from the points listed below, your identity and private information on Upwork is safe.

 

Q. What did people see?

For a brief period of time freelancers logging into upwork.com may have seen another user’s cached Job Feed landing page (upwork.com/find-work-home/). This page displays:

  • suggestions for jobs
  • personalized RSS feeds if the user set them up
  • username, first and last name, and profile picture in the navigation bar
    • Note these are visible if the user has a public profile
  • aggregate statistics about # Connects and submitted proposals


Users arriving at the cached pages were not able to make any changes to the other user’s accounts, nor were they able to access any account information.

 

Q. How long did this issue last?

35 minutes total

From 16:25 UTC to 17:00 UTC

 

Q. How many people did it impact?

It is likely that at most, cached job feed pages for a few dozen users were visible to freelancers who logged in during the 35 minute window.

 

Q. Is my financial information or identity at risk?

No, your identity is safe. No financial information, passwords, or tax ID numbers were released.

 

Q. Was my information shown to other users?

Given the small number of cache accounts, it is unlikely your Job Feed page was shown to anyone else.  If your information was shown to others, we will contact you directly.

 

Q. Was this a vulnerability that was exploited?

No, this problem arose from a brief caching issue on our servers that has since been resolved.

 

Q. Were people able to change my profile?

No, this issue did not allow other users to change or make any action on the affected accounts.

Highlighted
Community Guru
Claudia Z Member Since: Jul 28, 2015
2 of 39

Is it possible that the accounts that were affected by this to be suspended for multiple logins?

Highlighted
Community Guru
Garnor M Member Since: Oct 29, 2014
3 of 39

@Claudia Z wrote:

Is it possible that the accounts that were affected by this to be suspended for multiple logins?


No Claudia, since users weren't actually logging in as someone else, this would not be a result. 

Highlighted
Community Guru
Claudia Z Member Since: Jul 28, 2015
4 of 39

Thank you Garnor! It was scary at a first sight...

Highlighted
Community Guru
Krisztina U Member Since: Aug 7, 2009
5 of 39

@Garnor M wrote:

Hi all,

Thanks for your patience while we gathered more information on the issue you saw earlier today on Upwork. This issue was causing some users to see another member’s profile picture and Job Feed after logging in to the Upwork site.


Here’s a quick summary of what occurred and confirmation that we’ve resolved the issue. As you’ll see from the points listed below, your identity and private information on Upwork is safe.

 

Q. What did people see?

For a brief period of time freelancers logging into upwork.com may have seen another user’s cached Job Feed landing page (upwork.com/find-work-home/). This page displays:

  • suggestions for jobs
  • personalized RSS feeds if the user set them up
  • username, first and last name, and profile picture in the navigation bar
    • Note these are visible if the user has a public profile
  • aggregate statistics about # Connects and submitted proposals


Users arriving at the cached pages were not able to make any changes to the other user’s accounts, nor were they able to access any account information.

 

Q. How long did this issue last?

35 minutes total

From 16:25 UTC to 17:00 UTC

 

Q. How many people did it impact?

It is likely that at most, cached job feed pages for a few dozen users were visible to freelancers who logged in during the 35 minute window.

 

Q. Is my financial information or identity at risk?

No, your identity is safe. No financial information, passwords, or tax ID numbers were released.

 

Q. Was my information shown to other users?

Given the small number of cache accounts, it is unlikely your Job Feed page was shown to anyone else.  If your information was shown to others, we will contact you directly.

 

Q. Was this a vulnerability that was exploited?

No, this problem arose from a brief caching issue on our servers that has since been resolved.

 

Q. Were people able to change my profile?

No, this issue did not allow other users to change or make any action on the affected accounts.


This issue has been going on for hours, which is very easily verifiable by the screenshots, some with timestamps, that have been posted. Based on the numbers in this forum and on Facebook alone, this has not just affected a few dozen users. The username is also not part of a public profile. And I could go on.

 

This is not an accurate account of what happened, nor is it appropriate for you to communicate this in a forum post. An email needs to be sent out to every single Upwork user by your CEO. 

Highlighted
Community Guru
Garnor M Member Since: Oct 29, 2014
6 of 39

Hi Krisztina,

We will be emailing users who had their profiles appear. We've also reviewed all reports to confirm the timing of the issue. 

Highlighted
Community Guru
Krisztina U Member Since: Aug 7, 2009
7 of 39

@Garnor M wrote:

Hi Krisztina,

We will be emailing users who had their profiles appear. We've also reviewed all reports to confirm the timing of the issue. 


Interesting company policy, Garnor and one does not instill any trust. Are you also emailing clients who had their info exposed, because this did not just affect a "few dozen" freelancers. 

Highlighted
Community Guru
Garnor M Member Since: Oct 29, 2014
8 of 39

We will be emailing any user who we find appeared inadvertently, of which we expect there were at most a few dozen.

 

Highlighted
Community Guru
Krisztina U Member Since: Aug 7, 2009
9 of 39

@Garnor M wrote:

We will be emailing any user who we find appeared inadvertently, of which we expect there were at most a few dozen.

 


Again, you may delete screenshots from this forum and even your facebook page, but whoever is doing the Facebook clean up is doing a very sloppy job. I have taken over 50 screenshots and what you say is simply not true. 

Highlighted
Ace Contributor
Jennifer S Member Since: Dec 16, 2014
10 of 39

Couldn't agree more. I saw the numbers proposed and went back to Facebook. Seen way more than a 'few dozen' there, but most are gone. It would be assumed that way more people seen it and went to other outlets to report it like here on forums and through customer service. Just take a look at how many screenshots were edited from other forum post on the subject.

 

TOP KUDOED MEMBERS