Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

So Upwork, this security breach?

Community Guru
Rene K Member Since: Jul 10, 2014
1 of 60

Hey Upwork, the security breach described in the following thread deserves more than a sorry for the inconvenience. It's not an inconvenience, users have reported that they were able to log into other's accounts and see messages and stuff.

 

At least you are legally required to inform your EU users about any data breach. You can treat others with crickets if you want...

 

https://community.upwork.com/t5/Freelancers/Nightmare-experience-logged-in-as-someone-else/td-p/5628...

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Community Guru
Virginia F Member Since: Feb 15, 2016
2 of 60

Rene K wrote:

Hey Upwork, the security breach described in the following thread deserves more than a sorry for the inconvenience. It's not an inconvenience, users have reported that they were able to log in other's accounts and see messages and stuff.

 

At least you are legally required to inform your EU users about any data breach. You can treat others with crickets if you want...

 

https://community.upwork.com/t5/Freelancers/Nightmare-experience-logged-in-as-someone-else/td-p/5628...




Wow .... just now finding out about this. Subscribing to see what Upwork has to say. This is most certainly not the time for crickets, no matter where we're located.

 

ETA: Were people able to get into someone else's banking information? How far into those profiles could you get when this was going on?

Community Leader
Annette E Member Since: Mar 17, 2018
3 of 60

NDA agreements freelancers may have signed are now worthless. Who is responsible? More importantly, who is liable?

Community Guru
Petra R Member Since: Aug 3, 2011
4 of 60

Why did it take so long before the site was taken down despite knowing that hundreds of thousands of people were traipsing around other people's accounts?

 

Community Guru
Sanja D Member Since: Dec 18, 2013
5 of 60

from what I've read - some users were able to see everything,  so   I'm assuming  banking, NDA, paypal  info  could  also be available...

Community Manager
Lena E Community Manager Member Since: Apr 7, 2015
6 of 60

Rene and others, 

 

We understand that this is more than an inconvenience and was startling to many of you. The issue has been resolved and I will be updating the Community with more information about this site incident and the impact as soon as I have all the details.  I do understand your urgency, and appreciate your patience in the interim.

 

-Lena 

Untitled
Community Leader
Annette E Member Since: Mar 17, 2018
7 of 60

Lena E wrote:

Rene and others, 

 

We understand that this is more than an inconvenience and was startling to many of you. The issue has been resolved and I will be updating the Community with more information about this site incident and the impact as soon as I have all the details.  I do understand your urgency, and appreciate your patience in the interim.

 

-Lena 


 

"There are certain incidents that organisations need to tell us about. Use this page if you are an organisation that has experienced one of the following types of incident and need to report it to the ICO:

 

  • a personal data breach under the GDPR or the Data Protection Act 2018;
  • a Privacy and Electronic Communications Regulations (PECR) security breach by a telecoms or internet service provider;
  • a potential breach of the NIS Directive; or
  • a potential breach of the eIDAS Regulation

 

GDPR or DPA 2018 personal data breach

 

From 25 May 2018, if you experience a personal data breach you need to consider whether this poses a risk to people. You need to consider the likelihood and severity of any risk to people’s rights and freedoms, following the breach. When you’ve made this assessment, if it’s likely there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. You do not need to report every breach to the ICO.

 

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

 

For more information about what a personal data breach is and when you need to report it to us, please see the personal data breach pages of our Guide to the GDPR or if you are processing personal data for law enforcement purposes please see our Guide to Law Enforcement Processing.

You can also voluntarily report data security breaches that occurred before 25 May 2018, following the same process for reporting breaches of the DPA 2018."

 

Source: https://ico.org.uk/for-organisations/report-a-breach/

 

 

Community Guru
Rene K Member Since: Jul 10, 2014
8 of 60

People, change your password, check that your e-mail and bank details were not messed up with, read your profile to see if then person who Upwork invited into your account did not feel like being creative with your overview and check your messages to see if nobody has been messaging your contacts.

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Community Guru
Maria T Member Since: Nov 12, 2015
9 of 60

Hi Lena,

 

When are you going to give information about what happened "exactly"?
And also to know to what extent the information of the profiles has been exposed.
I think it is a subject serious enough not to have us waiting like other times.
I changed my passwords yesterday and it seems that everything is in order but, how do I know if someone connected to Upwork and my profile appeared with all my data ?
Very worrying.

Community Guru
Petra R Member Since: Aug 3, 2011
10 of 60

Lena E wrote:

I will be updating the Community with more information about this site incident and the impact as soon as I have all the details.  I do understand your urgency, and appreciate your patience in the interim.


Well?

Or shall we continue to be "startled?" (which is one level below "confused" in the "offensive ways to describe your users' reactions to major Upwork fails" hall of fame)

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS