Question: Do you think your users really understand what they are giving to you - all of their personal information, and how you process it, and how you monetise it? Do you think people really understand?
Mark: I think people understand the basic terms. <Clearly, he means, no, they don't, and my fortune depends on it.>
This is very likely a fake service website.
Some months ago, the Godaddy customer database of people who have bought domain names was sold.
A direct consequence of that was that every day, I started getting 8-10 calls asking me if I wanted help in getting a website made.
When I asked them how they got my number, they all mentioned that they got it from GoDaddy.
I made the BIGGEST mistake of my life buying something from GoDaddy.
These companies do not even do the basic due diligence of finding out if a number is DND before spamming a person at all hours, in the hospital, on weekends. My life has been made hell over the last many months because of GoDaddy.
The callers knew my name, and knew that i have bought a domain name from GoDaddy. They all told me that they got the contact information from GoDaddy. - This means that this was not a leak. GoDaddy sold this database and the buyers had the confidence to call and tell me that you have bought a domain from GoDaddy, can we help you make a website.
Thank you, GoDaddy, for sparing the hackers some work and leaking your own customer database to spammers.
#GoDaddyIsPureHell #ExperienceSharing
This is the list of companies that have spammed me by violating DND.
Infocrate Technologies - He was also blatant enough to say please add me to the database of spammers.
Magicware services noida sector 66
Pagetraffic.com
Gowave Idea Software Development Company; Khushboo; West Bengal Durgapur;
Auysh Softar Ranchi
2 thoughts on security.
1. When a platform provides a service, it is a safe assumption to make that the platform is secure and will be kept secure. 2FA is essentially the platform shifting the responsibility of security from itself to the customer. It is also putting the customer's personal devices at risk, because now the compromise requires the use of the personal email / phone no. It is unethical and impractical because, as we know, customer accounts and devices are compromised a lot quicker than enterprise IT infra. Platforms need to be accountable to customers and provide a mandatory RCA for every account breach.
2. Today, an appliance broke down in our house. Since it was still covered by warranty, I took the precaution of finding the company care center and calling them. The person said that I would get my request no. after the call disconnects, and the service center will call me within two hours.
The subsequent conversation went like this:
Me: How will the person calling authenticate themselves?
She: They will call you within two hours ma'm.
Me: Yes. But how will I know that the person calling me is from Whirlpool? Will they give me the request ID?
She: Can I please place your call on hold?
That was when I realised that while service centers are a MAJOR source of financial frauds today, companies have not even thought of a way to protect themselves.
When a customer is defrauded thanks to fake customer care numbers, it is the brand that suffers. But when one reaches a genuine customer care number and then finds that obvious security flaws have not been plugged, one is quite nonplussed.
This is the kind of book in which everything makes sense right at the end. All the threads come together and they make sense. Except, perhaps, one.
The pace is adequate - neither too rushed nor too languid.
It's a very easy book to read. At my age, the print size matters as much as the plot.
But jokes apart, the book is easy to read because there is enough happening to keep the interest of the reader.
The genre is spy thriller. There are enough coded references in the text to keep us guessing and engaged.
I would recommend the book for young adults and above. So much better than fantasy - that appears to have become the default genre for young adults.
Quality, by definition, relies on uniformity of process. It requires that every interacting entity be given the same treatment. And through that, it ensures uniformity of experience. Which is great for machine parts, cars, powders.
But humans, by their very nature, require personalised care. Uniformity of process will only ensure non-uniformity of experience. Therefore, in all human interactions - hospitals, education..... quality has to move from uniformity of process to uniformity of outcome. Everyone must get the personalised care that they need, so they can all feel cared for, accepted, and well.
I have a strange problem.
My hostmonster account was compromised and 25 domain names were bought between Dec 31 and Jan 17. The billing amount varied from 14.15 to 70.75 USD.
Different credit cards were used for each purchase.
I got no email notification for ANY of these purchases and no receipts were emailed to me.
I accidently found out when one of the credit card holders noticed a fraudulent charge and raised a dispute and got a chargeback. My hosting account was suspended and i could not access it because of the chargeback. I was surprised because no renewal was due on any of my products and no chargeback had been initiated by me.
Hostmonster completely refused to do any analysis on how the emails were missed and instead mentioned that maybe my basic email id itself was compromised. EVEN IF that were so, it would be impossible to miss so many emails. All the same, I changed the password and took other security measures.
Now, some weeks ago, my core site - kidsnews.top itself was compromised. We found out that the cpanel password was changed and that is how the hacker took control of our sites. The hostmonster support team helped us reset the cpanel password and also told us how to restore our website.
However, they did no forensics to understand how the cpanel password was changed.
Yesterday, when I tried to change my Cpanel password again, I realised that the CPanel password is not what I had set last time. When I tried to reset password, the email did not come.
I confirmed the email id AND that I am supposed to get an email when the password changes (screenshot below).
I am now able to access CPanel from the hosting main login.
The issues are:
A. Each transaction of 70 USD was done on a different credit card, but hostmonster is not able to explain why no email came to me OR cancel the credit card transactions OR even share the credit card numbers that were used.
B. No idea how the CPanel password was changed with no notification to me.
C. I asked for ip addresses of logins to my account and that was also not available.
At this point, I am ok to shut down the entire hosting account and delete ALL our websites on Hostmonster. I also want to ensure that the credit card transactions that were fraudulently done are reversed and i m not listed as the owner of these domain names on the ICANN Registry.
Can you please help?
