Update: Our ISP Slingshot is caching private Gmail, Trademe, Facebook and Digg pages!!! I - and others on Slingshot - can see other people’s account info! We have had caching issues with them before, but never on private pages and this is RIDICULOUS! We rang Slingshot this afternoon and they admitted the problem!!!
Click to enlarge screenshots (blurred partially to protect privacy of other people’s accounts):
Three different Gmail accounts:
Three different Facebook accounts:
Trademe account:
Posted earlier:
This afternoon I tried logging into Gmail as I usually do to check my email and discovered that I was logged into someone else’s account! I got a real shock and tried a few more times, the same thing happened again.
I then tried using a different browser (IE7 instead of Firefox 2) and this time when I logged in I saw a different person’s Gmail account! In both cases I get a pop-up window appearing saying the following:
You have been signed out of this account.
This may have happened automatically because another user signed in from the same browser. To continue using this account, you will need to sign in again. This is done to protect your account and to ensure the privacy of your information.
What was interesting is that the email accounts all look to be those of other New Zealanders as there are TradeMe emails in both (New Zealand’s version of Ebay).
As of now I still can’t access my Gmail account and am seriously concerned about what is going on.
your thoughts
Peter J
This is scary! I check the ‘last account activity’ on mine quite often to check it’s only my ip or my phone that’s accessed. I wonder if any other ISP’s do this?
Phil.
I’ve seen a personalised Google News page cache via TelstraClear before.
–Phil.
Jacob
It is such a major breach of privacy, and it has happened on Slingshot before - in May it went on for almost a whole day for Slingshot users on Bebo.com.
Rachel
The Herald has the story up:
http://www.nzherald.co.nz/section/1/story.cfm?c_id=1&objectid=10527172
It went on for at least 2 hours, not 15 minutes as Slingshot claimed.
Rachel
And Stuff has it too:
http://www.stuff.co.nz/4657074a28.html
Ash
Hiya,
I just found this through a link at stuff. Just wondering why you kept trying when you knew that peoples privacy was being abused. The comment also said about how you tried all these other sites.
I dont really know what to think.. if it was me i would have waited until the problem was fixed. But then again, i dont use crappy ISP’s like slingshot.
Its just a shame that so many people kept logging in almost constantly (on other news sites) and were looking at other peoples emails and other private information.
rachelcunliffe
Hiya,
As soon as we discovered the issue, we rang Slingshot.
I kept trying because I rely on getting regular access to my emails and I was genuinely concerned initially that it was a Gmail issue and my emails were lost for good.
Cheers
Rachel
Andy
You could probably have accessed your gmail using https://www.gmail.com as that typically will prevent proxy servers from caching those pages. Not sure whether facebook would allow this
Jacob
Rachel is right, people keep trying and refreshing pages because they are concerned about what is happening and want to see their own account.
Slingshot said they received 20 complaints last night, however there would have been a lot more people effected. There are always those who don’t complain, but the fact is that the majority would have naturally assumed it was an error with the website and not their ISP’s fault.
Linda
Yes same happened to me, for about 15minutes kept trying to log in to gmail but got someone elses gmail, in nz. I thought it was the fault of gmail, but see now its slingshot fault, not good
Jacob
Slingshot emailed me back and said that the 12 month minimun contract will not apply if I want to change to another provider after this incident, so if anybody else wants to as well now is the time.
Rowan
Yes, I saw into others’ accounts too, and couldn’t get into mine.
It is very concerning.
I contacted one of the account holders by phone (googled his name) and on checking his account he found he was able to open someone else’s mail!
I also saw people’s home addresses, details of their ‘dating’ site contacts, ect.
Further - just rang slingshot, and the fellow on the phone denied it was them - but I am going to end my account with them (if they are responsible - and especially if they are trying to play it down or sweep it under the carpet…)
scary stuff…
TUi
I read about this in the herald, very scary - especially for you Rachel!
Jonny Nguyen
yes, I absolutely agree with you, I am working on it too, check out my site to learn more, thanks.