AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Problems with dashlane1/1/2023 ![]() ![]() It was an honest, but inexcusable mistake, and as you mentioned, a prime example for our Customer Support staff to exercise extra caution when handling any user personal information. Our support agent added a response to the wrong thread which results in your email address being posted publicly. One of these was via public Tweeting, the other was a private Direct Message. Our Customer Support team had 2 separate support threads open to assist you with the issue you were having with OSX. As the CEO of a company that prides itself on safeguarding its users’ data, online security, and privacy I am disappointed and understand your anger. ![]() I would like to apologize on behalf of Dashlane for the public posting of your email address. I am Emmanuel Schalit, the CEO of Dashlane. Email addresses might be easily tracked online, but at the end of the day, companies like Dashlane still have a responsibility to respect users’ privacy and strive to keep them confidential.įound this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post. I only hope that this serves as a lesson to support representatives everywhere to take extra caution when handling customers’ information. I intend to keep using Dashlane, and in the worst case, I’ll probably just need to keep an eye peeled for spam messages. PROBLEMS WITH DASHLANE FULLI am disappointed that Dashlane exposed my email address on Twitter and took so long to fix the problem, but that’s the full extent of it. ![]() In no scenario should a customer support representative be doing that for you, especially when you haven’t submitted to any prior agreement explicitly authorizing them to do so. And in particular if you want it to be made public. But it should still be your choice when or if you decide to share your email with someone else. In fact, as security expert Troy Hunt points out on his blog, they are not only readily discoverable but are also in most cases meant to be shared. Unlike financial data, email addresses are not inherently sensitive information. My case is not like that of Eric Springer, an Amazon user whose shipping address, phone number, and perhaps even credit card number were exposed after an attacker social engineered his way around Amazon customer support. I want to keep things in perspective here. I have since confirmed the tweet’s removal. PROBLEMS WITH DASHLANE PASSWORDThe password management company’s support center apologized for the disclosure and stated that it had removed the tweet. In fact, I didn’t hear from Dashlane again until some 20 hours later, by which time several individuals had noticed that Dashlane had tweeted out my email address. I immediately asked them to take down the offending the tweet, but there was no response. They told me this in a public tweet, and they fully disclosed my email address therein. It wasn’t until the next day, however, that Dashlane Support confirmed that they had sent me an email. So, I handed over my email address via a DM, expecting a confirmation soon thereafter. I described to them my problem, and after a few additional exchanges, they requested that I provide them with my email address in a direct message (DM). On Sunday, I contacted Dashline Support on Twitter. When this didn’t work, I decided to reach out to the password management company directly. PROBLEMS WITH DASHLANE SOFTWAREIf dashlane honored the setting and did not change the value of the control, then the error would not be happening.I tried uninstalling and reinstalling the software to no avail. The offending input control is hidden with CSS, but to avoid false positives it is marked with "autocomplete=off". ![]() disable dashlane and try to log in again - it works without dashlane. website detects automated form filling and refuses with an error code.ĥ. create an account (free) (need to receive email and click the activation link)Ĥ. It causes problems while logging on to some websites that use hidden fields for spambot detection.ġ. (tested on Windows/Chrome, I did not test other browsers). The following bug #52451 was filed with Dashlane:ĭashlane does not honor autocomplete=off attribute. The only workaround is to disable Dashlane. This is not Botcha issue and cannot be resolved in Botcha. The real culprit is that dashlane seems to be ignoring "autocomplete=off" setting for the honeypot field, and triggers Botcha every time. As of Dashlane v2.3.0, Botcha gets what looks like false positive. ![]()
0 Comments
Read More
Leave a Reply. |