←back to thread

1121 points alokedesai | 1 comments | | HN request time: 0.235s | source
Show context
livejamie ◴[] No.10467017[source]
My old Homejoy login doesn't work on that site, and doing "forgot your password" gives an error of "user does not exist" for the email I used with Homejoy.
replies(1): >>10467040 #
kornish ◴[] No.10467040[source]
They're probably not porting over accounts by default, but rather waiting for users to express interest by clicking the link in the marketing email.

From the original post:

> Worst still, as I navigated around the site I realized the email link I clicked logged me into “My Account”. This screen had lots of my personal information, home address, email, even my credit card number.

replies(1): >>10467158 #
chris_wot ◴[] No.10467158[source]
So hold on... If we can work out how they encoded those activation URLs, or someone intercepts the email then they can get full access to anyone's account?

I have zero sympathy for HomeJoy. They failed, which is something I can gave sympathy for. But they sold all their customer's private data without notifying them of this fact, and caused major security concerns in the process!

replies(1): >>10467336 #
pavel_lishin ◴[] No.10467336[source]
We don't actually know what happened here. It could have been just one founder doing something shady; it could have been a hack; it could be something we can't imagine yet.

Let's not break out the pitchforks until we know who to point them at.

replies(2): >>10467554 #>>10468021 #
1. ◴[] No.10467554[source]