URGENT LJ PRIVACY ISSUES!
DANGER WILL ROBINSON, DANGER!!
ALERT: MASSIVE LJ PRIVACY BREECH CURRENTLY UNDERWAY!
I just saw this on one of my fandom communities and thought I would share it with you all. There is apparently a huge PRIVACY BREECH that is a result of LJ's latest release. Please see THIS WEBSITE for more information on the PRIVACY BREECH.
EDIT: cocanuts wrote that they were logged into random strangers LJ accounts during this change over here. They do not mention if they had control over the account as it seems that they logged back out as soon as they realised!
EDIT THE SECOND: It seems the same thing has happened to itsaserket.
EDIT THE THIRD: Same again to rachelmanija however they have since claimed that it has been fixed.
EDIT THE FOURTH: The same thing has happened to nix_this.
EDIT THE FIFTH: kazzisato wrote: I was bounced into the inbox of somebody selling items through their journal, I was able to see the buyers addresses, paypal information, etc. Source. PLEASE BE AWARE IF YOU HAVE GIVEN AWAY SUCH INFORMATION.
EDIT THE SIXTH: The same thing has happened to fallacy_angel who did some quick thinking and took a screencap of the issue.
EDIT THE SEVENTH: silveraspen wrote to a LJ Support member and received a vague and unhelpful response as shown here. It states that a LJ Maintenance post should be up shortly.
EDIT THE EIGTH: LJ address the issues, or rather completely blows off any concerns, here. According to LJ, it was not a security breech as it "had no effect on security" because even if you were sent to someone's inbox, private post or account information you were not able to edit/change things. WHAT THE EVER LOVING FUCK!! As mentioned above, not only were users able to see f-locked entries but one user reports that they were sent to someone's inbox which had people's addresses and paypal details. AND YOU DON'T THINK THAT THIS HAD AN EFFECT ON SECURITY?!? Also are you 100% certain that things couldn't be changed, because some users got the 'Edit Entry' page?
EDIT THE NINTH:So much for that '3 minute' thing, eh?
EDIT THE TENTH: Seriously, this is the longest three minutes I've ever seen. In fact I'd say this three minutes was closer to 72 hours. I understand how easy it is to mix up 3 minutes and 3 days but in future please make sure you use the correct term. Saves a lot of cunfusion.
EDIT THE ELEVENTH: And what was that you were saying about being 'not possible to perform any actions'? Cause I'm pretty sure being able to post a comment is classed as an action. WARNING: THE LINKED CONTENT IS QUITE RACIST TOWARDS RUSSIANS. PLEASE BE AWARE!
EDIT THE TWELTH: LJ News has finally mention it here. That is, if you call "a service issue that sprung up a couple days ago and was quickly resolved" mentioning it.
EDIT THE TOO MANY TO CONTINUE COUNTING: eruthros seems to have compiled information regarding the SECURITY/PRIVACY issues over here.
EDIT THE SAME AS ABOVE +1: lorax has also complied a list of information including a report of what happened to them here.
EDIT THE SAME AS ABOVE +2: boundbooks also has complied a list here.
ALERT: MASSIVE LJ PRIVACY BREECH CURRENTLY UNDERWAY!
I just saw this on one of my fandom communities and thought I would share it with you all. There is apparently a huge PRIVACY BREECH that is a result of LJ's latest release. Please see THIS WEBSITE for more information on the PRIVACY BREECH.
EDIT: cocanuts wrote that they were logged into random strangers LJ accounts during this change over here. They do not mention if they had control over the account as it seems that they logged back out as soon as they realised!
EDIT THE SECOND: It seems the same thing has happened to itsaserket.
EDIT THE THIRD: Same again to rachelmanija however they have since claimed that it has been fixed.
EDIT THE FOURTH: The same thing has happened to nix_this.
EDIT THE FIFTH: kazzisato wrote: I was bounced into the inbox of somebody selling items through their journal, I was able to see the buyers addresses, paypal information, etc. Source. PLEASE BE AWARE IF YOU HAVE GIVEN AWAY SUCH INFORMATION.
EDIT THE SIXTH: The same thing has happened to fallacy_angel who did some quick thinking and took a screencap of the issue.
EDIT THE SEVENTH: silveraspen wrote to a LJ Support member and received a vague and unhelpful response as shown here. It states that a LJ Maintenance post should be up shortly.
EDIT THE EIGTH: LJ address the issues, or rather completely blows off any concerns, here. According to LJ, it was not a security breech as it "had no effect on security" because even if you were sent to someone's inbox, private post or account information you were not able to edit/change things. WHAT THE EVER LOVING FUCK!! As mentioned above, not only were users able to see f-locked entries but one user reports that they were sent to someone's inbox which had people's addresses and paypal details. AND YOU DON'T THINK THAT THIS HAD AN EFFECT ON SECURITY?!? Also are you 100% certain that things couldn't be changed, because some users got the 'Edit Entry' page?
EDIT THE NINTH:So much for that '3 minute' thing, eh?
EDIT THE TENTH: Seriously, this is the longest three minutes I've ever seen. In fact I'd say this three minutes was closer to 72 hours. I understand how easy it is to mix up 3 minutes and 3 days but in future please make sure you use the correct term. Saves a lot of cunfusion.
EDIT THE ELEVENTH: And what was that you were saying about being 'not possible to perform any actions'? Cause I'm pretty sure being able to post a comment is classed as an action. WARNING: THE LINKED CONTENT IS QUITE RACIST TOWARDS RUSSIANS. PLEASE BE AWARE!
EDIT THE TWELTH: LJ News has finally mention it here. That is, if you call "a service issue that sprung up a couple days ago and was quickly resolved" mentioning it.
EDIT THE TOO MANY TO CONTINUE COUNTING: eruthros seems to have compiled information regarding the SECURITY/PRIVACY issues over here.
EDIT THE SAME AS ABOVE +1: lorax has also complied a list of information including a report of what happened to them here.
EDIT THE SAME AS ABOVE +2: boundbooks also has complied a list here.