Glitch at iVillage exposes members' emails

IVillage.com, a website geared toward women, shut down its free email service after some members complained that they were able to access other users' personal email messages.

          IVillage.com, a website geared toward women, shut down its free email service after some members complained that they were able to access other users' personal email messages.

          Carl Fischer, a spokesman for New York-based iVillage, confirmed the email problem Friday (US time).

          "We first found out about this early yesterday morning about 6.45 or 7 when we started to receive messages from people saying they were able to see other people's emails, so we pulled it down immediately," he says.

          Fischer says the company has been working since then to figure out what caused the glitch, which affected 2.6% of iVillage's members.

          However, at 10.34am yesterday, an iVillage member says she was still able to view other people's emails.

          "My email is still working (I happened to land in my account after over 30 different other member accounts) and it is still up and running," reports someone who identifies herself on the site as Catherina.

          And, according to messages on iVillage's technical support board, several members first alerted the company to the problem as early as August 22.

          "I am getting into other people's email," said a member identified as Yacht67, on the afternoon of August 22. "I am trying to sign into my email and am getting into other people's mailboxes. I got into [three] different inboxes after I tried to get into my own."

          Several minutes later, another member, Ladycelt, said: "I just had the same problem. I double checked my member name and password to make sure I didn't type it incorrectly. They were fine, but I was still accessing someone else's email."

          At 4.22pm that same day, someone from the iVillage technical support staff called Hobbit responded with this message: "This isn't email that's messing up, it's the new [authorisation] system implemented this morning. We are working on it right now, thanks for letting us know, please refrain from logging in today if possible."

          Apparently the problems continued, because on August 26, several more members said they were still able to access other users' personal emails.

          "It's still happening. I know I'm immediately logging out [without] reading their mail, but I'm quite uncomfortable knowing that someone can be reading my mail [without] my knowledge or consent if they happen to log into my account," said Purple31.

          "This is happening to me too," another member, Caitriona75, said that day. "I also tried it three times and got [three] different people's mailboxes, one being a [community leader]. As a CL of a board, I also feel very uneasy knowing that someone could just happen upon my CL mail. I emailed my CL supervisor so she was aware of the issue as well."

          "I was shocked when I opened someone else's email -- this is a HUGE violation of Ivillage's own Privacy Policy," said Stowevt on August 26. "Heaven forbid you've ever given Ivillage your credit card number -- it's bad enough that strangers now have access to our emails and our account information.

          "I couldn't help but notice that the first email about this problem was posted on 8/22 -- it's now four days later," Stowevt said. "Why hasn't Ivillage sent out an email to everyone advising them of this issue? I would like to have known about it."

          Initially, Fischer said he wasn't aware of any problems on August 22. But later in an email message to Computerworld, he said, "As for the problem on [August 22], I know that we were aware of isolated incidents and believed the problem to be fixed. We continued to closely monitor for future problems. When it was officially reported to tech support again on [August 29] we immediately took action, pulled the email system offline and will keep it off until such time that we believe it to be fixed for good."

          Chris Hoofnagle, legislative counsel for the Washington-based Electronic Privacy Information Center, says this privacy issue has come at a bad time for iVIllage.

          "The Federal Trade Commission and state attorneys general have begun to pursue companies for negligent violations of their privacy policies rather than just intentional violations," he says. "The user now finds he has recourse [against these companies]."

Join the newsletter!

Error: Please check your email address.

Tags iVillage

More about Electronic Privacy Information CenterFederal Trade CommissioniVillage

Show Comments

Market Place

[]