Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 I think ridiculing someone for ridiculing someone is pathetic. Yeah, I agree. Beat it! Away and ridicule someone yer' own size. But thanks for sticking up for me before you ridiculed him.... Link to comment Share on other sites More sharing options...
Rawrrrrrrr Posted December 11, 2008 Share Posted December 11, 2008 Have checked my email and the source code and can confirm the emails are sent from Ticketmaster NOT Hearts. Complaints should be made to Ticketmaster, however the club should be made aware of this also. Sending out unencrypted passwords can be deemed a breach of security. There are hundreds of possible ways a 3rd party can obtain these details either direct from the source or from a users pc. I wont bore you all with the hows and means to do it, but it is incredibly easy. My advice to everyone who has recieved this email is to log on immediately and change your password. Hearts employ ticketmaster to act as agents, this information was given to Hearts to use and not ticketmaster in many cases, therefore, hearts have as much responsibility for it as ticketmaster. The chances of someone actually doing anything from the email is minimal, but,as said it is a breach of DPA and is utter incompetence. Why should fans trust the club with their information when they have such shoddy practices or agents in place. The OP had every right to post this. Link to comment Share on other sites More sharing options...
ChemicalJambo Posted December 11, 2008 Share Posted December 11, 2008 If someone could intercept your emails they could see your email address and see all your mailshots from Hearts, Amazon etc So not too difficult to go to the websites, put in the email address and ask for a password reset. Intercept that email and log on So this is not a security breach at all IMO Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 just pointing out you were happy to comment earlier in the thread, then suddenly you felt this apparent obligation to not say anything cause you hadn't received the email. And it was a light hearted point - did you not see the smiley. :xmasgrin: Beep Beep Beep Beep (just in case you were not spotted reversing!) Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 If someone could intercept your emails they could see your email address and see all your mailshots from Hearts, Amazon etcSo not too difficult to go to the websites, put in the email address and ask for a password reset. Intercept that email and log on So this is not a security breach at all IMO lol. you should get a job as a spokesperson at the mod mate. :xmasgrin: Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 Beep Beep Beep Beep (just in case you were not spotted reversing!) Just to be clear, the fact you didn't get the email doesn't prevent you from commenting that giving out the last 4 digits of a credit card is acceptable? But does preclude you from commenting on whether giving out names, phone numbers and addresses is acceptable? :xmasgrin: Link to comment Share on other sites More sharing options...
ChemicalJambo Posted December 11, 2008 Share Posted December 11, 2008 lol. you should get a job as a spokesperson at the mod mate. :xmasgrin: :xmasgrin: Or maybe I should be a hacker! Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 :xmasgrin: Or maybe I should be a hacker! or maybe you are a hacker, and you're post is a double bluff........:xmasgrin: Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 If someone could intercept your emails they could see your email address and see all your mailshots from Hearts, Amazon etcSo not too difficult to go to the websites, put in the email address and ask for a password reset. Intercept that email and log on So this is not a security breach at all IMO That depends of course on what security questions are asked for a password reset. :xmascrazy: Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 lol. you should get a job as a spokesperson at the mod mate. :xmasgrin: What does a festival of Gaelic culture have to do with it? :xmasbabe: Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 Just to be clear, the fact you didn't get the email doesn't prevent you from commenting that giving out the last 4 digits of a credit card is acceptable? But does preclude you from commenting on whether giving out names, phone numbers and addresses is acceptable? :xmasgrin: JUST to be clear what kind of mathematical genius would it take to extrapolate backwards the remaining 12-15 digits of a number from the last 4? I am assuming you are last throws of an enhanced PhD in theoretical maths and just waste time on here to give you something else to distract you from your proper job? I was , as I have had to point out, querying the usefulness of 4 digits in creating a number. Serious question :- do you have a real job as you seem to do nothing but post on here? Link to comment Share on other sites More sharing options...
ChemicalJambo Posted December 11, 2008 Share Posted December 11, 2008 That depends of course on what security questions are asked for a password reset. :xmascrazy: They don't ask any :xmasoh: Link to comment Share on other sites More sharing options...
Rawrrrrrrr Posted December 11, 2008 Share Posted December 11, 2008 JUST to be clear what kind of mathematical genius would it take to extrapolate backwards the remaining 12-15 digits of a number from the last 4? I am assuming you are last throws of an enhanced PhD in theoretical maths and just waste time on here to give you something else to distract you from your proper job? I was , as I have had to point out, querying the usefulness of 4 digits in creating a number. Serious question :- do you have a real job as you seem to do nothing but post on here? Did I miss the post were it said only 4 numbers were listed? I think the OP's comment was that the email gave opportunity if intercepted to access the online account and see the full number. Therefore your squabble with Jamborobbo is irrelevent and pointless from both sides. Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 They don't ask any :xmasoh: Nice one. I sometimes wonder about the quality of some of the people who work in IT. :xmaswoot: Link to comment Share on other sites More sharing options...
makateer Posted December 11, 2008 Share Posted December 11, 2008 Did I miss the post were it said only 4 numbers were listed? I think the OP's comment was that the email gave opportunity if intercepted to access the online account and see the full number. Therefore your squabble with Jamborobbo is irrelevent and pointless from both sides. The full number is not stored on the ticketmaster site. The only thing you can see is the last 4 digits. Link to comment Share on other sites More sharing options...
Dazo Posted December 11, 2008 Share Posted December 11, 2008 Did I miss the post were it said only 4 numbers were listed? I think the OP's comment was that the email gave opportunity if intercepted to access the online account and see the full number. Therefore your squabble with Jamborobbo is irrelevent and pointless from both sides. Like this and oh so many of your posts. :xmasgrin: Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 The full number is not stored on the ticketmaster site. The only thing you can see is the last 4 digits. Beep Beep Beep prancer joins the reversing team:xmasgrin: engage smug mode Link to comment Share on other sites More sharing options...
Cow Posted December 11, 2008 Share Posted December 11, 2008 No need to be concerned, we have used this method since June 2007. When we send promotional mail we include for ease of use the reference and login details of that particular customer. The details we hold there are last 4 digits of card number and this cannot be used to buy, any transaction needs a 16 digit card number keyed in. Thanks Derek. This is the response from hearts, seems acceptable to me. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 No need to be concerned, we have used this method since June 2007. When we send promotional mail we include for ease of use the reference and login details of that particular customer. The details we hold there are last 4 digits of card number and this cannot be used to buy, any transaction needs a 16 digit card number keyed in. Thanks Derek. This is the response from hearts, seems acceptable to me. Thanks for posting. No one's returned to me yet unfortunately. The Card details would appear to be less of an issue. What does concern me though is that your personal details are available and your password is on display to anyone who can view your email. Sight of the password wasn't requested. For someone less au fait with online security, they may have copied from passwords they used elsewhere that could allow a fraudster access to something more of a concern/risk for the individual. That's all. Don't want to start a fight. I see it as a weak point and i'm concerned. Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 Thanks for posting. No one's returned to me yet unfortunately. The Card details would appear to be less of an issue. What does concern me though is that your personal details are available and your password is on display to anyone who can view your email. Sight of the password wasn't requested. For someone less au fait with online security, they may have copied from passwords they used elsewhere that could allow a fraudster access to something more of a concern/risk for the individual. That's all. Don't want to start a fight. I see it as a weak point and i'm concerned. It is a weak point. Passwords should never be transmitted or stored in clear text, nor should auto login links be used. It should be up to an individual user to manually enter their password when accessing any site which contains sensitive personal information. They need to get their act sorted out. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.