Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

So Upwork, this security breach?

Community Guru
Phyllis G Member Since: Sep 8, 2016
11 of 59

Lena E wrote:

Rene and others, 

 

We understand that this is more than an inconvenience and was startling to many of you. The issue has been resolved and I will be updating the Community with more information about this site incident and the impact as soon as I have all the details.  I do understand your urgency, and appreciate your patience in the interim.

 

-Lena 


I'm sure I speak for the Community in saying we'll appreciate an update here. But a mishap of this scale and gravity merits official announcements teased with banner messages on every login page. Relatively few UW members haunt the Community Forum on a regular basis and those who don't, are in the dark about this. I happened to communicate with a FL I'm working with right now and alerted her. She had seen the outage yesterday but assumed it was just another routine outage and thought no more about it. We're so well conditioned to roll our eyes and work around it.

 

In any case, UW needs to stop creating the vivid impression that the leadership team is camped out in a locked conference room with the lights out, waiting for the attention to dissipate, and get some information out here in the open where it will do the most good.

Community Guru
Will L Member Since: Jul 9, 2015
12 of 59

We look forward to seeing more information on this and what is being done to prevent it from happening again.

Community Leader
Aleksandr S Member Since: Jun 22, 2015
13 of 59

Upwork CTO must definitely resign. It's 100% his fault: he failed to build the development process properly and that lead to this breach. I can't remember any similar disaster in any other company, except being hacked.

Community Guru
Rene K Member Since: Jul 10, 2014
14 of 59

Aleksandr S. wrote:

Upwork CTO must definitely resign. It's 100% his fault: he failed to build the development process properly and that lead to this breach. I can't remember any similar disaster in any other company, except being hacked.


Considering how wobbly their IT infrastructure is since the beginning, I'm worried by the fact that they haven't already fired him many times.

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Ace Contributor
Valerio S Member Since: Oct 13, 2017
15 of 59

Wouldn't be amazing if Upwork would send an email when things like this happen?

it's the second time in two weeks (see the Budget vs Proposal topic) that a massive bug comes up and the only way to know about that is through some random topics on this forum...

Community Leader
Annette E Member Since: Mar 17, 2018
16 of 59

I assume that it was the same for client accounts, but did anyone here with a client account experience the same? And if so, have they received any (official) notification from Upwork?

Community Guru
Rene K Member Since: Jul 10, 2014
17 of 59

So, it's crickets it seems. That shows your respect for your customers.

 

 

-----------
"Where darkness shines like dazzling light"   —William Ashbless
Community Guru
Virginia F Member Since: Feb 15, 2016
18 of 59

Rene K wrote:

So, it's crickets it seems. That shows your respect for your customers.

 


I can't imagine they can ignore addressing this serious breach. There is probably some serious scrambling going on. We'd all like to know if any of our personal information was compromised.

Community Leader
Annette E Member Since: Mar 17, 2018
19 of 59

Virginia F wrote:

Rene K wrote:

So, it's crickets it seems. That shows your respect for your customers.

 


I can't imagine they can ignore addressing this serious breach. There is probably some serious scrambling going on. We'd all like to know if any of our personal information was compromised.


I think that this is pretty darned serious. Every US state, every country where Upwork operates (most likely) has legislation in place about data leaks; legislation that must be adhered to, including communicating (directly) to every individual customer who has been affected. I think that some states in the US (and most likely also elsewhere) have legislation that stipulate that customers must be informed immediately.

 

I imagine it's a busy day/evening at Upwork with legal consultation, PR strategy etc. 

 

NDA's have potentially been compromised whereever work product is available through Upwork's chat. Work product without NDAs has potentially been accessed, full names of freelancers disclosed, etc. etc. Whether it was possible to also access bank/payment information etc., I don't know, but I can't even imagine the scope of this as it is/may be so massive.

 

 

Community Guru
Tiffany S Member Since: Jan 15, 2016
20 of 59

Annette E wrote:

I think that this is pretty darned serious. Every US state, every country where Upwork operates (most likely) has legislation in place about data leaks; legislation that must be adhered to, including communicating (directly) to every individual customer who has been affected. I think that some states in the US (and most likely also elsewhere) have legislation that stipulate that customers must be informed immediately.

 

It's not just affected users, either. For instance, in New York an outside company is required not only to provide a very specific notice to affected users in the state, but also to provide notice to the state Attorney General's office, the New York State Police,and the State Department.

 

The statute provides both for actual damages and for civil penalties in the hundreds of thousands of dollars.

 

And that's just one jurisdiction. 

TOP KUDOED MEMBERS