Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

So Upwork, this security breach?

Community Guru
Nichola L Member Since: Mar 13, 2015
51 of 60

Petra R wrote:

Nichola L wrote:

I have just read the post of a freelancer whose profile was hijacked, and as a result his account has been suspended. Naturally, there has been no comment from a moderator on this. Is this another question that is too difficult to answer? 

 

I do not think Upwork should be suspending any freelancer accounts until this security breach has been clarified.  


Nichola, when someone believes that their account has been compromised, the account is immediately locked down to prevent any (further) attempts to access it my a possible unauthorized person. This is purely a security measure until the rightful owner of the account can be determined and the intruder locked out and identified. Or the "hacking"  or "hijacking" has been proved to be a false alarm.

 

NOT locking everything down when there is a chance of anything fishy going on would be insane.

It is done purely to protect the account and only until the rightful owner has been determined.

 


_____________________________

That is actually not so. When my profile was stolen (twice), my account was compromised but it was not suspended, neither I may say, were the accounts of the people who did the stealing. 

Community Guru
Petra R Member Since: Aug 3, 2011
52 of 60

Nichola, we are talking about two  different things. A hijacked account is one where someone has gained access to the account.

 

Not when someone copies your public profile.  Obviously there is no need to suspend in that case.

Are you sure someone was suspended because someone else had copied their overview? Compromised in account speak means "security breach"

What would a copied profile have to do with what happened on Tuesday?

Community Guru
Nichola L Member Since: Mar 13, 2015
53 of 60

Petra R wrote:

Nichola, we are talking about two  different things. A hijacked account is one where someone has gained access to the account.

 

Not when someone copies your public profile.  Obviously there is no need to suspend in that case.

Are you sure someone was suspended because someone else had copied their overview? Compromised in account speak means "security breach"

What would a copied profile have to do with what happened on Tuesday?


_____________________

 

No, you are right, it wasn't a copied overview. Somebody replaced the FL's photo with another. So presumably the account was compromised. 

 

 

Community Guru
Petra R Member Since: Aug 3, 2011
54 of 60

Nichola L wrote:

No, you are right, it wasn't a copied overview. Somebody replaced the FL's photo with another. So presumably the account was compromised. 


Huh, I am lost now? link to thread? Obviously if someone replaced a freelancer's photo with another the account WAS compromised as how could someone replace a photo without hacking into the account, in which case the account would have been compromised / hijacked / hacked and would need to be secured.

 

And to avoid thread-jacking:

 

We are now nearing day 4 after everyone was wandering about in strangers' accounts. STILL no response from Upwork. (Other than understanding that we were "startled" by the what has happened...)

 

 

Community Manager
Lena E Community Manager Member Since: Apr 7, 2015
55 of 60

Hi everyone,

 

Thanks for your patience while we gathered information on the issue that occurred on Monday, Feb 11, 2019. To update, our engineering team discovered a bug on our site that resulted in some customer data being shown to other customers who were logged in during a two-hour period. This was due to a technical error, and not due to any malicious intent or access by an outside party. The issue has been resolved and we have taken steps to verify the ongoing security of your data. We sincerely apologize for this error. Han, our head of engineering, posted more information about this incident in the Announcement area here.

 

-Lena

Untitled
Community Guru
Virginia F Member Since: Feb 15, 2016
56 of 60

Lena E wrote:

Hi everyone,

 

Thanks for your patience while we gathered information on the issue that occurred on Monday, Feb 11, 2019. To update, our engineering team discovered a bug on our site that resulted in some customer data being shown to other customers who were logged in during a two-hour period. This was due to a technical error, and not due to any malicious intent or access by an outside party. The issue has been resolved and we have taken steps to verify the ongoing security of your data. We sincerely apologize for this error. Han, our head of engineering, posted more information about this incident in the Announcement area here.

 

-Lena


And no one from Upwork could take one minute over this past week to let us know an investigation was going on? No, instead you wait until we are about to scream in frustration. I sincerely hope the way in which Upwork handles it's communication gets worked on ... because thus far in 2019, it has been abysmal.

Community Guru
Mary W Member Since: Nov 10, 2014
57 of 60

And I will reiterate what I said in the Announcements section:

Could someone please address whether or not freelancers who were logged in to the "wrong accounts" could access payment information on those accounts??

Community Guru
Petra R Member Since: Aug 3, 2011
58 of 60

Mary W wrote:

And I will reiterate what I said in the Announcements section:

Could someone please address whether or not freelancers who were logged in to the "wrong accounts" could access payment information on those accounts??


I was "logged in" another account and could not. When clicking on Settings it took me to my own (with my own password)

Reports were also my own.

 

Community Guru
Wendy C Member Since: Aug 24, 2015
59 of 60

As some of you know I encountered problems trying to change my password throughout the week. 

 

After Han Yuen, the lead engineers @ U., posted an explanation for what had happened and steps taken, I PMed him details of what I was encountering plus applicable screenshots.

 

A gazillion kudos to Han and Cheryl, the member of the Executive Escalations team, he asked to assist me.   

 

I figure we all b**ched a lot - justifiably; so it is only fair that I express my appreciation and praise to two of U's staff that did a great job.

 
Ace Contributor
Tamal S Member Since: Apr 3, 2017
60 of 60

I have been following this thread from the beginning and changed my password to 30 digit non-pronounceable  'crypt' that day. 

Yesterday, I have some issues with Upwork. I didn't receive any notifications (the unread text count on the browser head), sound or any email for any new message. As soon as I noticed this, something weird started to happen. I started chatting with a client and when I moved to another tab I could see the unread message badge popped up for a fraction of a second and disappeared, no sound. It was like someone was reading my messages. I didn't receive any notification on my phone too.

Today after getting a night of sound sleep, I checked my phone, no message notification, so I checked Upwork from my PC browser, there was no unread message badge. But there were 5 new messages from various clients which were read!
I changed my password today (again) and this issue was fixed. I don't know what's gone wrong with Upwork lately but it is making me very concerned. 

________________________

"I'm silently judging your font choice."

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS