EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 13 Apr 2018, 03:36 PM   #1
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Fastmail giving out email addresses without permission

Fastmail gave out my main email address to a survey company without permission. I had made a point of not giving out my main email address to anyone. The only company that had it was Fastmail (obviously).
This morning I received mail at that address from surveygizmodo on Fastmail's behalf.

So the main email address & login for my account that I was keeping secure is now known to an American survey company & heaven only knows who else.
ferrety is offline   Reply With Quote

Old 13 Apr 2018, 03:49 PM   #2
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,994
I dont think so.

Updated 14.04.18
My apology ferrety you were correct.

Last edited by Terry : 14 Apr 2018 at 08:28 PM.
Terry is online now   Reply With Quote
Old 13 Apr 2018, 04:28 PM   #3
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by Terry View Post
I dont think so...
You don't think so what?


https://s17.postimg.cc/b28y2zeqn/17d...f9eb6e2b6b.png

Last edited by ferrety : 13 Apr 2018 at 05:36 PM.
ferrety is offline   Reply With Quote
Old 13 Apr 2018, 07:36 PM   #4
pjroutledge
Senior Member
 
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 126
Just change it.

https://www.fastmail.com/help/accoun...eusername.html

Happened to me a while back. Because the login username is a secret, changing it is no big deal. Just have to update any clients etc.
pjroutledge is offline   Reply With Quote
Old 13 Apr 2018, 09:07 PM   #5
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
Bear in mind that malware on one of your devices could be harvesting your data
BritTim is offline   Reply With Quote
Old 13 Apr 2018, 09:16 PM   #6
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
Just to provide more details for those reading this, our (FastMail) marketing team contacted a random sample of a few of our recent signups with a set of survey questions designed to understand why people choose FastMail, or choose not to remain at the end of their trial.

The survey company (SurveyGizmo) is only permitted to use that list of addresses for the explicit purpose of sending the survey we designed, and collecting the results of said survey.

SurveyGizmo have a privacy policy which allows you to see exactly what data they have on you, and allows you to request that all that data is wiped. We immediately requested that SurveyGizmo remove all data for the user ("ferrety" here) upon receipt of a request from that user.

The reason we chose to use a third party rather than building a survey tool inhouse was entirely around skill and time - it would have taken us inordinately long to build the tooling ourselves as opposed to paying experts to do it. We chose SurveyGizmo because they have a good privacy history, and provide tooling to allow non-programmers to extract useful data from the surveys.

In response to the complaint we received today, we are reviewing how we choose users to survey, and plan to require an opt-in of some sort.

The head of our communications team has been in direct contact with the user about this issue, and I expect further communications will continue there rather than on this public forum.

Regards,

Bron (CEO, FastMail Pty Ltd)

Last edited by brong : 13 Apr 2018 at 09:20 PM. Reason: named wrong company!
brong is offline   Reply With Quote
Old 13 Apr 2018, 09:18 PM   #7
misc
Essential Contributor
 
Join Date: Jul 2013
Location: Germany
Posts: 251
((( Comment deleted by myslef as it's obsolete after Bron's post )))
misc is offline   Reply With Quote
Old 13 Apr 2018, 09:24 PM   #8
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,696

Representative of:
Fastmail.fm
https://www.surveygizmo.com/privacy/ is their privacy policy. "ferrety" did the right thing in contacting us per that policy:

Quote:
We acknowledge that Survey Respondents have the right to access their Personal Information. If you are a Survey Respondent and have any questions or concerns regarding our customers’ privacy practices, or if you seek access to or wish to correct, amend or delete inaccurate data, you should contact the entity from whom you received a survey.
And we have now done the right thing by requesting that all data for that user be deleted from our account.
brong is offline   Reply With Quote
Old 14 Apr 2018, 04:01 AM   #9
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
This situation has not been resolved & the last I heard from fastmail was this morning.
ferrety is offline   Reply With Quote
Old 14 Apr 2018, 04:06 AM   #10
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
Quote:
Originally Posted by BritTim View Post
Bear in mind that malware on one of your devices could be harvesting your data
From this other company?
Quote:
Originally Posted by pjroutledge View Post
Just change it.

https://www.fastmail.com/help/accoun...eusername.html

Happened to me a while back. Because the login username is a secret, changing it is no big deal. Just have to update any clients etc.

They gave out your email too? My login name isn't secret anymore thanks to fastmail. If Experian can get hacked so can their survey company

Last edited by ferrety : 14 Apr 2018 at 04:13 AM.
ferrety is offline   Reply With Quote
Old 14 Apr 2018, 05:34 AM   #11
17pm
Cornerstone of the Community
 
Join Date: Sep 2013
Posts: 536
I absolutely agree with ferrety here.

You shouldn't have to contact support in order to get a third party to delete our personal email address. Giving your costumers email address to a third party is something that I would never expect FM to do. I'm honestly very sadened by this.

Hopefully a lesson is learned here and all exchanges of information with third parties will require an opt-in in the future.


Also, was this really necessary? If so, you could've easily created a blog post asking users to answer a brief questionair. I am sure you'd have more than enough answers.
17pm is offline   Reply With Quote
Old 14 Apr 2018, 07:05 AM   #12
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,679
Two things. A blog post questionnaire would not be accurate and is easily gamed. A professional survey company will choose a sample that more closely represents the users of Fastmail or whatever subgroup they wish to know more about. Second. There are so many ways to prevent problems with an email address, such as just blocking all incoming email to that address or creating another one since you don't use it for anything except logging in. Just as an experiment, keep this "compromised" address to see if it attracts any email for some reason. In any case, it seems like a mountain made out of a mole hill. I regularly use a Gmail address that has been in the wild since 2004 and has been used on literally thousands of different sites and services, and I have never had a problem. Use a strong password and 2FA and you are good to go.
TenFour is offline   Reply With Quote
Old 14 Apr 2018, 09:33 AM   #13
ragnar
Junior Member
 
Join Date: Apr 2018
Posts: 2
I'm a longtime lurker who never really intended to ever reply to a post here, but this made me angry enough to register for an account.

Those of you trying to trivialize ferrety's concerns and just telling him to block any new spam resulting from this screw-up by Fastmail are missing the point. As I suspect ferrety does, I have my own domain that I use for email addresses that I give out. My actual Fastmail username, i.e. the email with an @fastmail.com address, is NEVER given out to anyone. It is kept strictly confidential and used only as my login username. Fastmail has now bypassed that extra bit of security by giving out that closely guarded secret to a third party without asking permission to do so.

That's outrageous. Fortunately I haven't received a survey request so I don't appear to be a victim of this debacle, but if I had, I would close my Fastmail account and move my domain over to my Runbox account. I may still do it anyway, I'm that angry about reading that Fastmail would do something stupid like that.
ragnar is offline   Reply With Quote
Old 14 Apr 2018, 10:23 AM   #14
pjroutledge
Senior Member
 
Join Date: Jan 2010
Location: Melbourne, Oz
Posts: 126
Quote:
Originally Posted by ferrety View Post

They gave out your email too? My login name isn't secret anymore thanks to fastmail. If Experian can get hacked so can their survey company
Not intentionally. There is a quirk with Fastmail Calendar invitations that reveals your login when you use a client rather than the Fastmail website, (confirmed by Fastmail when queried).

As mentioned, if your login was a secret that has been revealed, and that has reduced its value to you, it's simple to change it.
pjroutledge is offline   Reply With Quote
Old 14 Apr 2018, 02:35 PM   #15
ferrety
Member
 
Join Date: Mar 2018
Posts: 53
The last contact that this Communications Manager made to me was at 07.33hrs UK time yesterday (16.30hrs Melbourne Australia time). They thought to tell me what I was feeling, apparently I would "be pleased to know" (I wasn't). Also I was told that it was fine because they had told the survey company not to contact me. They seemed to think that made it all ok.

Bron's post here was written nearly five hours later at 12.16hrs UK time (21.16hrs Melbourne time). Making it look like they were talking to me. Yet the CM had ignored me for five hours at that point, it is now over 22hrs since she emailed me. I've barely slept, it wouldn't have killed her to respond to my email were I answered her questions before they left for the weekend.

It is the forum members that have answered one of my questions about changing the primary email now Fastmail have given it out. Thank you to the forum members for that. I had asked the CM this but she hasn't answered.

I had no idea that this person was a CM I assumed from the way she was saying that it was fine because they told the survey company not to contact me that she was a normal support person. Another support person told me it was a phishing email. They said that I had to put the survey email a special folder so Fastmail could see it.
I pointed out that I had already forwarded the email to them with my initial complaint & that another support person had already said Fastmail was responsible.

What bothers me most is the initial response telling me just unsubscribe. I've just told you that you have compromised my account & that is the response.
ferrety is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:36 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy