Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.
Something is SERIOUSLY wrong about the website's security. It keeps logging me in as other people as well as making people's private messages available to me... I emailed the administrator.. I have no clue if that went thru.
I've been TNB and someone else so far. I'm also getting random messages of invald security tolkens as well. I'm not really doing anything just hitting refresh or trying to open a thread. And for a while I was signed out, and no matter how many times i hit sign in nothing happened.
I showed up logged in as cympreni, but now I'm myself. Weird.
"Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas My fotki: http://public.fotki.com/nynaeve77/ Password: orphanannie
Yeah, I've been logged in as cympreni, Amneris, MoppyT, and Junipero.
(this is nynaeve77, just in case this goes through as yet another poster)
"Maybe Lucy's right. Of all the Charlie Browns in the world, you're the Charlie Browniest."--Linus, A Charlie Brown Christmas My fotki: http://public.fotki.com/nynaeve77/ Password: orphanannie
This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.
This is happening to me too. I've had several posters names show up, the latest being cympreni and nynaeve. Now it says wild~hair again. It seems like posting doesn't work and I get a security error when someone else's name is showing up. When it's my own name, all works fine.
I am on the website as well.
ETA: One of the names that comes up for me is junipero and I saw someone reported them as a spammer. FWIW.
It's not logging me in as anyone else, but it's being really buggy when I try to submit a reply on a thread. It's as if the page keeps trying to load and refreshing, sort of hard to explain.
I'm on the site, not using the app.
[SIGPIC][/SIGPIC]
Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond. I do have a secret yen for pink in unexpected places. ~ninja dog I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
I've been logged in as someone named Junipero (sp?) several times now.. for some reason the name seems familiar..but not a regular name I've seen before.
I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.
This is freaky!
ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
ACK! I just went to my PM box and it has me logged in as Devushka. Absolutely promise I closed it right away and didn't read anything. Hopefully they're just doing some type of site upgrades that has everything freaked out and it's nothing malicious.
[SIGPIC][/SIGPIC]
Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! . The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond. I do have a secret yen for pink in unexpected places. ~ninja dog I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.
This is freaky!
ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.
I'm logged in as myself, but when I go to my inbox it has me logged in as AmberBrown and the box is filled with pm's. Promise, AmberBrown - I haven't opened any of them.
This is freaky!
ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.
No problem. I'm hopeful everyone will do the same. This is all pretty freaky. I guess I should go empty my folders as well...
I haven't looked at anyone's PMs, so nobody has to worry about that. At this point I've deleted all of mine in case this is someone's malicious attempt to get information as I have a few posters' personal info.
This is so strange!
Well, I for one am reading everyone's PMs and having a laugh.
j/k
I don't see how reading anyone's PMs is even possible because whenever I clicked a link, I was someone else or back to myself again. Or the site wigged out and threw a security error at me.
That's not to say a hacker couldn't be accessing them.
I have some more info for you. The NC Smart Guy says the strange things you were seeing were not a breach of security (although it might have looked that way).
The company was using some very aggressing caching techniques that, for a very short time, were serving up some cached pages.
So a page would be requested by, say, "Gretchen", because I was logged in.
This page has "Welcome, Gretchen" as part of the html in the upper left hand corner. When this page was cached, a subsequent request (by another user) would simply not go to our server, but just return this cached page (html). Although it appeared as if you were logged in as someone else, in fact you were not. You could not actually gain access to this other person's information, it was simply cached html markup.
It was a weird uh oh, and we're truly sorry for any concern caused.
Please know that NaturallyCurly takes security very seriously and would never permit a true breach to occur.
Gretchen just to let you know..private messages meant for others were indeed readable. I was reading one that I thought was for me..and realized I was TOTALLY in someone else's PM box. I looked at the inbox to be sure and indeed I was in someone else's PM box even though I had logged on as myself. I tried to log in again and it happened with another members box. I immediately sent a message to the administration here. Then I started posting and creating threads about the issue to alert the staff and members.
Maybe that's not a big deal or anything but I just wanted to let you know so you could be aware of it.. But I am glad to hear the site wasn't hacked!
Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker on our website.
Comments
It just logged me in as you.^
My fotki: http://public.fotki.com/nynaeve77/
Password: orphanannie
Siri types my posts for me.
Med/Coarse, porous curly.
(this is nynaeve77, just in case this goes through as yet another poster)
My fotki: http://public.fotki.com/nynaeve77/
Password: orphanannie
I am on the website as well.
I am on the website as well.
ETA: One of the names that comes up for me is junipero and I saw someone reported them as a spammer. FWIW.
I'm on the site, not using the app.
Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! .
The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
I do have a secret yen for pink in unexpected places. ~ninja dog
I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
This is Marah.
This is freaky!
ETA: As soon as I posted the above, it had me logged in as Spring1onu. I refreshed the page and I'm me again.
I'm on the site.
Byron,GA> Charleston, SC> Jacksonville, FL> Guilford, CT> Rohnert Park, CA! A southern drawl in sunny Cali! .
The amount of time from slipping on the peel and landing on the pavement is exactly one bananosecond.
I do have a secret yen for pink in unexpected places. ~ninja dog
I've decided that I'll never get down to my original weight, and I'm OK with that--After all, 8 pounds 2 oz. is just not realistic.
I appreciate that Misspam! I've been trying to empty my folders since I first noticed the issues but I can't! I've been a bunch of people too, respecting everyone's privacy.
No problem. I'm hopeful everyone will do the same. This is all pretty freaky. I guess I should go empty my folders as well...
This is so strange!
j/k
I don't see how reading anyone's PMs is even possible because whenever I clicked a link, I was someone else or back to myself again. Or the site wigged out and threw a security error at me.
That's not to say a hacker couldn't be accessing them.
Anyway, it seems to have calmed down now …
Haha made me laugh
3a/3b
Gretchen
NaturallyCurly.com co-founder
3A
You are beautiful!
The company was using some very aggressing caching techniques that, for a very short time, were serving up some cached pages.
So a page would be requested by, say, "Gretchen", because I was logged in.
This page has "Welcome, Gretchen" as part of the html in the upper left hand corner. When this page was cached, a subsequent request (by another user) would simply not go to our server, but just return this cached page (html). Although it appeared as if you were logged in as someone else, in fact you were not. You could not actually gain access to this other person's information, it was simply cached html markup.
It was a weird uh oh, and we're truly sorry for any concern caused.
Please know that NaturallyCurly takes security very seriously and would never permit a true breach to occur.
Thanks for helping us track this one down!
Gretchen
NaturallyCurly.com co-founder
3A
You are beautiful!
Maybe that's not a big deal or anything but I just wanted to let you know so you could be aware of it.. But I am glad to hear the site wasn't hacked!
Gretchen
NaturallyCurly.com co-founder
3A
You are beautiful!
I was here on the website looking in what I thought was my own inbox on my laptop. I don't get emails from here.