May 22, 2021 08:14:38 AM by Blake M
Hello,
I am wondering about something kind of strange. I have been getting what look like perfectly legitmate notifications much like the ones I get, on a regular basis, from Upwork. They always say the same thing, that my account has been accessed by an unknow device, often when I am actually logged in myself, at an unknown location typically at least 1,000 miiles from where I live. The notification suggests I change my password and contain links, in the E-mail, where one can supposedly to change it. The last thing the E-mail says is a question: "Was this you who did this?". Well, I virtually never login on an unknown device and the notifications, again, usually show up while I am using the save device I always use.
So, question is, have you guys been sending me notifications that my account has been logged into, by an unknown device, generally speaking, from many places across the entire United States, with it being a different, apparently random, location every time?
May 30, 2021 10:36:41 AM by Blake M
Gentlemen,
I think we may have a serious problem. I continue to get notifications, supposedly from Upwork, saying an unknown device, or browser, has been used to login to my account. This seems to happen at the same time I am already logged in and using my account. The apparent notification suggests I change my password immediately and there are links in the E-mail to do so, and/or contact the support team. I have now changed my password twice, and yet I still keep getting what are beginning to look very much like BOGUS notifications. I had asked before if Upwork is sending these and got NO reply. The last time I reset my password was on 5/23/21 and I got the latest "notification" today, 5/30/21. The latest password is 20 characters long including letters (upper and lower case), numbers and special characters. This is an EXTREMELY strong password and I find the idea that it could have been cracked in 7 days to be absolutely unacceptable. So, either these are fake notifications, from a scammer somewhere, who happens to know my E-mail address, or you people have an internal security problem. That is, someone, in your company, may be stealing user's passwords from your encrypted database and handing them out, or selling them, to scammers. I sincerely hope it is the first case and not the second, as the second would represent a VERY serious problem to your company in many untold ways. But at this point, I honestly don't know which is the truth.
May 30, 2021 11:30:24 AM by Viacheslav K
Try changing your email password as well, enable 2 factor authorization and check your machine with some antivirus.
May 30, 2021 11:54:23 AM by Andrea G
Hi Blake,
I checked and it looks like our team has reached out to you with more information regarding this concern and to assist you further. Could you please confirm if you received their email or are able to access your support ticket here? If you have any further questions, please feel free to reply to the team directly as they are the ones who can best assist you.