Elance users have once again fallen victim to a network security mishap that threatens highly sensitive, private data. For the second time this summer, Elance service providers and buyers have had their personal information publicly distributed on the internet. This is the second network security gaffe in just over one month. These major security breeches threaten the credibility of Elance as a quality service for professionals to conduct business.
Data Mining of Elance Provider Info
The first security breech occurred in July when hackers illegally obtained and posted Elance user information, resulting in an excess of unwanted email solicitations. User information that was compromised included full name, email address, home or business address, phone numbers, and even some passwords. The private information showed up on an outside bidding website that Elance users had never signed up with.
Elance issued a statement on their website and apologized to their customers; however, the issue has yet to be resolved. Elance claims that hackers accessed user data tables that store contact information and login identification. Allegedly the site’s third party security monitoring system failed to flag an unknown security hole. This issue has been reported to the internet crimes division of the F.B.I. and similar authorities who investigate internet fraud.
Elance Violates Customer Privacy
The latest security violation occurred when Elance providers received upwards of 50 emails of “Daily Workroom Summary”. These “Workroom Summaries” are an opt-in email in which the buyer and provider receive email notifications detailing project activity such as messages, attachments and can include sensitive material protected by Non-Disclosure Agreements. During this recent security gaffe, “Daily Workroom Summaries” were sent out, en masse, to everyone except the parties involved in the project.
The network security breech caused thousands of private messages erroneously sent to out to mass Elance users. In some cases, these messages contained confidential information and sensitive data like logins for Elance and third party accounts.
Implications
Recently, websites like Twitter and Facebook have experienced their own headaches with hackers. When this happens, other sites are diligent to secure the site and respond to user concerns. Unfortunately, Elance is doing very little to sway fears. It is unclear what Elance has done, or will do, in response to the egregious mishandling of their customer’s privacy. They released a statement of apology, claiming human error and that the problem was “fixed”.
It is understandable that an internet based business may be the target of criminal activity. The complexity of computer programming is a sensitive issue. There are steps that can be taken to protect a website from these threats, and these safety measures are required that much more for a site with high visibility. It is irresponsible for a site to make changes to their script and not thoroughly test it before use.
It may be tempting to cut corners on something that initially seems like an unnecessary expense. But not being diligent about the details can have serious, widespread consequences. Just over a month ago, Elance learned the hard way that small cracks in the dam can flood the whole town; however tiny they are, these cracks exist and it is Elance’s responsibility to perform quality control. When the town gets flooded twice in two months, customers begin to wonder why they pay Elance for a service that damages their business foundation.
 |
 |
