There are screenshots on Facebook showing a different freelancer's name in the drop-down list. That looks very much like the system had them logged in as the other person. The fact is that with a screw-up of this magnitude none of us have any idea what was or was not at risk - and neither do Upwork. They simply haven't had enough time to investigate properly.
@fergus M wrote:
There are screenshots on Facebook showing a different freelancer's name in the drop-down list.
Fergus, I was also a male with a tie suddenly, and I have screenshots too. Clicking on anything at all got me to that bit of my own profile. It was apparently fixed hours ago, and the site was down while they fixed it.
Was this a pretty major clusterbeep? No doubt.
Do I think my security is at this point in danger? Personally I do not.
Do I think this is being handled well? Not really, no.
I was, briefly, a man with a tie. I was in a part of his profile. Heaven knows who was in mine. That is "not a good thing"
A bit more than " we appreciate your patience" should have been forthcoming hours ago
"I was also a male with a tie suddenly"
So was I, once. Then I was a male in a uniform. Now I'm a freelancer, so I'm a male in whatever the hell I feel like wearing to work. If anything (sorry, Preston).
You're right; the response to this has been an utter shambles. I'm not complacent about security, because the site is clearly so screwed up at this point that I don't think anyone can say what has or hasn't been left vulnerable, but either way we should have been kept properly informed and not palmed off with the usual boilerplate.
I'm afraid a forum post isn't very reassuring. Can you categorically guarantee that no user data was compromised, and do you intend to have a proper security audit carried out?