Correspondence between the site and its members was left viewable by simple URL manipulation. This type of vulnerability has hit several other websites in the past, occasionally exposing financially sensitive billing information.
We spoke to Penny Power, ecademy founder who said that the issue was quickly resolved and limited to support requests, rather than private messages between members. However from a five minute look at the problem ourselves we did uncover some messages which contained sensitive information, such as complaints about other users, and have received messages from a number of ecademy members who are also subscribers to Business Matters voicing their concern over the problem and highlighting the fact that the problem had in fact been discussed over a week previously.
The issue was exposed by internet technology entrepreneur Paul Walsh on Monday in a blog posting HERE and as a twitter follower of Business Matters we became aware of his discovery after receiving his tweet directing us to his blog.
Walsh joined ecademy in its early days as a pioneer in professional networking but quickly grew disillusioned. “I joined a few years ago but never used it – I still get connection requests from weirdo life coaches,” he added.
We have subsequently received an official statement from academy on this issue:
Ecademy became aware of an issue with external visibility some if its support communications on Saturday 16th December and within 30 minutes had resolved the issue. Ecademy would like to stress that the visible communications were of a support nature only and were categorically not private messages between members.
Contrary to claims that hundreds of thousands of support records were visible, Ecademy has less than 19,000 support requests currently in the system, most of which are simple requests for help with the website.
However, from time to time, some members used the support system to record a complaint about another member. Ecademy operates a separate procedure for members wishing to provide member feedback and on this particular occasion a member had used the support system to lodge feedback about another member and it was this communication which has been circulated.
Ecademy treats the privacy of its members as a top priority and apologises for any inconvenience or distress caused by this fault. It is also unfortunate the it appears some individuals were aware of this issue several days earlier, but did not to alert the business at that time. Ecademy would like to thank the members that did bring this issue to their attention and encourages all members to continue to report issues directly to the support team as soon as possible to ensure a quick resolve.