Ecademy, the business-focused social networking site, experienced a significant security breach this week, exposing the potential pitfalls of social networking. A programming error left supposedly private support emails publicly viewable, sending a cautionary message to its members.
Correspondence between the site and its members was left accessible through simple URL manipulation, a vulnerability that has affected several other websites in the past, occasionally revealing financially sensitive information. Ecademy’s founder, Penny Power, stated that the issue was quickly addressed and limited to support requests rather than private messages between members. However, a brief investigation revealed sensitive information, such as complaints about other users, was exposed.
This security lapse was initially disclosed by internet technology entrepreneur Paul Walsh on his blog, creating awareness among Business Matters’ followers through his tweet. Walsh, a pioneer in professional networking, commented, ‘I joined a few years ago but never used it – I still get connection requests from weirdo life coaches.’
An official statement from Ecademy clarified that the issue was detected on 16th December and resolved within 30 minutes. The company emphasised that the exposed communications were solely support-related and not private member messages. Ecademy refuted claims that hundreds of thousands of support records were visible, stating they have fewer than 19,000 support requests, mostly simple website help inquiries. Nevertheless, some members had used the support system to lodge complaints about other members, and it was these communications that were circulated.
Ecademy apologised for any inconvenience or distress caused by this fault and stressed its commitment to member privacy. The company expressed regret that some individuals were aware of the issue several days earlier but did not inform them. Ecademy thanked the members who reported the issue and encouraged all to promptly notify the support team of any problems to ensure swift resolution.
This incident serves as a stark reminder of the vulnerabilities inherent in digital platforms and the importance of robust security measures. The swift response by Ecademy highlights their commitment to resolving issues promptly, yet the breach underscores the need for ongoing vigilance in protecting user data.
