Slingshot caching private pages!

August 13, 2008

Update: Our ISP Slingshot is caching private Gmail, Trademe, Facebook and Digg pages!!! I - and others on Slingshot - can see other people’s account info! We have had caching issues with them before, but never on private pages and this is RIDICULOUS! We rang Slingshot this afternoon and they admitted the problem!!!

Click to enlarge screenshots (blurred partially to protect privacy of other people’s accounts):

Three different Gmail accounts:

Three different Facebook accounts:

Trademe account:

Posted earlier:

This afternoon I tried logging into Gmail as I usually do to check my email and discovered that I was logged into someone else’s account! I got a real shock and tried a few more times, the same thing happened again.

I then tried using a different browser (IE7 instead of Firefox 2) and this time when I logged in I saw a different person’s Gmail account! In both cases I get a pop-up window appearing saying the following:

You have been signed out of this account.

This may have happened automatically because another user signed in from the same browser. To continue using this account, you will need to sign in again. This is done to protect your account and to ensure the privacy of your information.

What was interesting is that the email accounts all look to be those of other New Zealanders as there are TradeMe emails in both (New Zealand’s version of Ebay).

As of now I still can’t access my Gmail account and am seriously concerned about what is going on.

See also
Comments

  1. This is scary! I check the ‘last account activity’ on mine quite often to check it’s only my ip or my phone that’s accessed. I wonder if any other ISP’s do this?

    Peter J, August 14, 2008

  2. I’ve seen a personalised Google News page cache via TelstraClear before.

    –Phil.

    — Phil., August 14, 2008

  3. It is such a major breach of privacy, and it has happened on Slingshot before - in May it went on for almost a whole day for Slingshot users on Bebo.com.

    Jacob, August 14, 2008

  4. The Herald has the story up:

    http://www.nzherald.co.nz/section/1/story.cfm?c_id=1&objectid=10527172

    It went on for at least 2 hours, not 15 minutes as Slingshot claimed.

    — Rachel, August 14, 2008

  5. And Stuff has it too:

    http://www.stuff.co.nz/4657074a28.html

    — Rachel, August 14, 2008

  6. Hiya,

    I just found this through a link at stuff. Just wondering why you kept trying when you knew that peoples privacy was being abused. The comment also said about how you tried all these other sites.

    I dont really know what to think.. if it was me i would have waited until the problem was fixed. But then again, i dont use crappy ISP’s like slingshot.

    Its just a shame that so many people kept logging in almost constantly (on other news sites) and were looking at other peoples emails and other private information.

    Ash, August 14, 2008

  7. Hiya,

    As soon as we discovered the issue, we rang Slingshot.

    I kept trying because I rely on getting regular access to my emails and I was genuinely concerned initially that it was a Gmail issue and my emails were lost for good.

    Cheers
    Rachel

    — rachelcunliffe, August 14, 2008

  8. You could probably have accessed your gmail using https://www.gmail.com as that typically will prevent proxy servers from caching those pages. Not sure whether facebook would allow this

    Andy, August 14, 2008

  9. Rachel is right, people keep trying and refreshing pages because they are concerned about what is happening and want to see their own account.

    Slingshot said they received 20 complaints last night, however there would have been a lot more people effected. There are always those who don’t complain, but the fact is that the majority would have naturally assumed it was an error with the website and not their ISP’s fault.

    Jacob, August 14, 2008

  10. Yes same happened to me, for about 15minutes kept trying to log in to gmail but got someone elses gmail, in nz. I thought it was the fault of gmail, but see now its slingshot fault, not good

    — Linda, August 17, 2008

  11. Slingshot emailed me back and said that the 12 month minimun contract will not apply if I want to change to another provider after this incident, so if anybody else wants to as well now is the time.

    — Jacob, August 17, 2008

  12. Yes, I saw into others’ accounts too, and couldn’t get into mine.
    It is very concerning.
    I contacted one of the account holders by phone (googled his name) and on checking his account he found he was able to open someone else’s mail!
    I also saw people’s home addresses, details of their ‘dating’ site contacts, ect.

    Further - just rang slingshot, and the fellow on the phone denied it was them - but I am going to end my account with them (if they are responsible - and especially if they are trying to play it down or sweep it under the carpet…)

    scary stuff…

    — Rowan, August 21, 2008

  13. I read about this in the herald, very scary - especially for you Rachel!

    — TUi, August 22, 2008

  14. yes, I absolutely agree with you, I am working on it too, check out my site to learn more, thanks.

    Jonny Nguyen, September 1, 2008

  15. http://www.7de1.com is my site

    thanks all.

    kaman, October 30, 2008

  16. Very interesting.

    Acquiro Systems, November 12, 2008

RSS feed for comments on this post.

Leave a comment