OT: Match.com's Message System Exposes Private "Outside" Email Addresses - SlashDot Submission
Lisa Kachold
lisakachold at obnosis.com
Thu Jun 25 11:06:28 MST 2009
http://slashdot.org/~obnosis/
On 6/25/09, Lisa Kachold <lisakachold at obnosis.com> wrote:
> <p>
> Match.com, the popular paid online "secure" dating site, was found to
> reveal private email addresses during messaging.</p>
> <p>
> Email Reply headers in the Messages reading pane reveal the "outside"
> email of the dating parties to each other. So my reading pane shows
> clearly at the top of an email Match.com "Message" thread:</p>
> <p>
> Date: Wed, 24 Jun 2009 23:18:23 -0500</p><p>
> From: obnosis at talkmatch.com</p><p>
> To: pairaway at hotmail.com</p><p>
> Subject: Match.com Message: RE: Itsadate</p><p>
> </p>
> <p>
> So, I "obnosis at talkmatch" (obfuscated email Match.com only email
> address) would immediately know that a man identified only by his
> Match.com screen name, was really "pairaway at hotmail.com". And
> alternately he would also be able to see my outside email address in
> his Messages reading pane.</p>
> <p>
> While at the same time, the bottom of the email Match.com "Message"
> thread their application tacks on a nice DISCLAIMER:</p>
> <pre>
> ------start------
> Important tips: Protect your privacy
>
> Our email system strips away your real email address so that the
> recipient will NOT see it in the
> From: line; however, you must...
> • Remove any mention of your email address from the body of your message.
> • Remove or turn off any automatic signature at the end of your email.
> • Avoid using Cc: or Bcc: to help protect your identity.
> If you receive an email that you find offensive or contains
> advertisements for products or services other than Match.com, please
> forward the message immediately to abuse at cc.match.com.
> If you no longer wish to receive communication from this person you
> can block this user from further contact here.
>
>
> DISCLAIMER
> Match.com does not screen private email between members, nor are we
> liable for the content of these messages. All members are bound by the
> Match.com Service Agreement.
>
> ---end----
> </pre>
> <p>
> Match.com was informed on June 25, 2009 with screenshots. They have
> yet to respond to this serious security application layer issue.</p>
>
> Screenshot:
> http://www.obnosis.com/motivatebytruth/match_shows_outside_email.jpg
> --
> (503)754-4452 tribe.obnosis.com
> scientology.obnosis.com
> plug.obnosis.com
>
--
(503)754-4452 tribe.obnosis.com
scientology.obnosis.com
plug.obnosis.com
More information about the PLUG-discuss
mailing list