|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
13 Apr 2018, 02:36 PM | #1 |
Member
Join Date: Mar 2018
Posts: 53
|
Fastmail giving out email addresses without permission
Fastmail gave out my main email address to a survey company without permission. I had made a point of not giving out my main email address to anyone. The only company that had it was Fastmail (obviously).
This morning I received mail at that address from surveygizmodo on Fastmail's behalf. So the main email address & login for my account that I was keeping secure is now known to an American survey company & heaven only knows who else. |
13 Apr 2018, 02:49 PM | #2 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,029
|
I dont think so.
Updated 14.04.18 My apology ferrety you were correct. Last edited by Terry : 14 Apr 2018 at 07:28 PM. |
13 Apr 2018, 03:28 PM | #3 |
Member
Join Date: Mar 2018
Posts: 53
|
Last edited by ferrety : 13 Apr 2018 at 04:36 PM. |
13 Apr 2018, 06:36 PM | #4 |
Senior Member
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 133
|
Just change it.
https://www.fastmail.com/help/accoun...eusername.html Happened to me a while back. Because the login username is a secret, changing it is no big deal. Just have to update any clients etc. |
13 Apr 2018, 08:07 PM | #5 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,095
|
Bear in mind that malware on one of your devices could be harvesting your data
|
13 Apr 2018, 08:16 PM | #6 |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
Just to provide more details for those reading this, our (FastMail) marketing team contacted a random sample of a few of our recent signups with a set of survey questions designed to understand why people choose FastMail, or choose not to remain at the end of their trial.
The survey company (SurveyGizmo) is only permitted to use that list of addresses for the explicit purpose of sending the survey we designed, and collecting the results of said survey. SurveyGizmo have a privacy policy which allows you to see exactly what data they have on you, and allows you to request that all that data is wiped. We immediately requested that SurveyGizmo remove all data for the user ("ferrety" here) upon receipt of a request from that user. The reason we chose to use a third party rather than building a survey tool inhouse was entirely around skill and time - it would have taken us inordinately long to build the tooling ourselves as opposed to paying experts to do it. We chose SurveyGizmo because they have a good privacy history, and provide tooling to allow non-programmers to extract useful data from the surveys. In response to the complaint we received today, we are reviewing how we choose users to survey, and plan to require an opt-in of some sort. The head of our communications team has been in direct contact with the user about this issue, and I expect further communications will continue there rather than on this public forum. Regards, Bron (CEO, FastMail Pty Ltd) Last edited by brong : 13 Apr 2018 at 08:20 PM. Reason: named wrong company! |
13 Apr 2018, 08:18 PM | #7 |
Essential Contributor
Join Date: Jul 2013
Location: Germany
Posts: 251
|
((( Comment deleted by myslef as it's obsolete after Bron's post )))
|
13 Apr 2018, 08:24 PM | #8 | |
The "e" in e-mail
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696
Representative of:
Fastmail.fm |
https://www.surveygizmo.com/privacy/ is their privacy policy. "ferrety" did the right thing in contacting us per that policy:
Quote:
|
|
14 Apr 2018, 03:01 AM | #9 |
Member
Join Date: Mar 2018
Posts: 53
|
This situation has not been resolved & the last I heard from fastmail was this morning.
|
14 Apr 2018, 03:06 AM | #10 | ||
Member
Join Date: Mar 2018
Posts: 53
|
Quote:
Quote:
They gave out your email too? My login name isn't secret anymore thanks to fastmail. If Experian can get hacked so can their survey company Last edited by ferrety : 14 Apr 2018 at 03:13 AM. |
||
14 Apr 2018, 04:34 AM | #11 |
Cornerstone of the Community
Join Date: Sep 2013
Posts: 536
|
I absolutely agree with ferrety here.
You shouldn't have to contact support in order to get a third party to delete our personal email address. Giving your costumers email address to a third party is something that I would never expect FM to do. I'm honestly very sadened by this. Hopefully a lesson is learned here and all exchanges of information with third parties will require an opt-in in the future. Also, was this really necessary? If so, you could've easily created a blog post asking users to answer a brief questionair. I am sure you'd have more than enough answers. |
14 Apr 2018, 06:05 AM | #12 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,749
|
Two things. A blog post questionnaire would not be accurate and is easily gamed. A professional survey company will choose a sample that more closely represents the users of Fastmail or whatever subgroup they wish to know more about. Second. There are so many ways to prevent problems with an email address, such as just blocking all incoming email to that address or creating another one since you don't use it for anything except logging in. Just as an experiment, keep this "compromised" address to see if it attracts any email for some reason. In any case, it seems like a mountain made out of a mole hill. I regularly use a Gmail address that has been in the wild since 2004 and has been used on literally thousands of different sites and services, and I have never had a problem. Use a strong password and 2FA and you are good to go.
|
14 Apr 2018, 08:33 AM | #13 |
Junior Member
Join Date: Apr 2018
Posts: 2
|
I'm a longtime lurker who never really intended to ever reply to a post here, but this made me angry enough to register for an account.
Those of you trying to trivialize ferrety's concerns and just telling him to block any new spam resulting from this screw-up by Fastmail are missing the point. As I suspect ferrety does, I have my own domain that I use for email addresses that I give out. My actual Fastmail username, i.e. the email with an @fastmail.com address, is NEVER given out to anyone. It is kept strictly confidential and used only as my login username. Fastmail has now bypassed that extra bit of security by giving out that closely guarded secret to a third party without asking permission to do so. That's outrageous. Fortunately I haven't received a survey request so I don't appear to be a victim of this debacle, but if I had, I would close my Fastmail account and move my domain over to my Runbox account. I may still do it anyway, I'm that angry about reading that Fastmail would do something stupid like that. |
14 Apr 2018, 09:23 AM | #14 | |
Senior Member
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 133
|
Quote:
As mentioned, if your login was a secret that has been revealed, and that has reduced its value to you, it's simple to change it. |
|
14 Apr 2018, 01:35 PM | #15 |
Member
Join Date: Mar 2018
Posts: 53
|
The last contact that this Communications Manager made to me was at 07.33hrs UK time yesterday (16.30hrs Melbourne Australia time). They thought to tell me what I was feeling, apparently I would "be pleased to know" (I wasn't). Also I was told that it was fine because they had told the survey company not to contact me. They seemed to think that made it all ok.
Bron's post here was written nearly five hours later at 12.16hrs UK time (21.16hrs Melbourne time). Making it look like they were talking to me. Yet the CM had ignored me for five hours at that point, it is now over 22hrs since she emailed me. I've barely slept, it wouldn't have killed her to respond to my email were I answered her questions before they left for the weekend. It is the forum members that have answered one of my questions about changing the primary email now Fastmail have given it out. Thank you to the forum members for that. I had asked the CM this but she hasn't answered. I had no idea that this person was a CM I assumed from the way she was saying that it was fine because they told the survey company not to contact me that she was a normal support person. Another support person told me it was a phishing email. They said that I had to put the survey email a special folder so Fastmail could see it. I pointed out that I had already forwarded the email to them with my initial complaint & that another support person had already said Fastmail was responsible. What bothers me most is the initial response telling me just unsubscribe. I've just told you that you have compromised my account & that is the response. |