Invites
-
How did someone gain access to my username (or email) to send an invitation to follow? This seems like a breach of security that someone could access part of my login credentials. Frankly, it is a disturbing violation of privacy. On top of that, the invite was from one of those annoying marketing blogs, Social Artist.
It seems that most of the followers on my other blog are all internet marketers. They only ‘like’ and ‘follow’ other people in order to promote their own blog. I am tired of these vultures.
I clicked ‘Unsubscribe’ on the invitation, but that doesn’t secure my username from prying eyes. This feature should be removed permanently.
WP.com: Yes
Correct account: YesThe blog I need help with is: (visible only to logged in users)
-
As your site is publicly accessible, anyone can follow it: https://wordpress.com/support/following/
They don’t need access to your account to do so, and I see no suspicious activity under your account.
-
I may have been misunderstood. My specific problem was not with Social Artist following me as I can simply delete them.
My problem was receiving an invitation via email from WordPress to follow them. They can only do this by having access to my username or email which, I thought, were private.
Through “dashboard>users>invite” they sent the invitation with my username or email. My display name is different than my username so I don’t understand how this happened. They shouldn’t have access to my username or email.
In the email from WP was a message from the sender:
“Following me could help you save hundreds of dollars as I post about discounts for best-selling products, as well as Coupons and Cash backs on products and brands otherwise unique products. In addition to that, as a bonus you would know news about books.”
WP has been taken over by these parasites.
-
Hi there,
Thanks for clarifying with regard to the invite. I’m able to see email activity on your account, but only the title of the email that was sent out, not the contents.
You are referring to the email message “Monis invited you to follow Social Artist” yes?
Can you take a screenshot of what you got for that email? To share a screenshot with us, you can upload it to the Media Library on your site and let us know to take a look (we can see images there) so you don’t have to share it on this public posting.
Thanks for the additional info!
-
-
Hmm… this is a different account from the OP. Can you clarify which site you have uploaded your screenshot to?
Also please stay logged in to the account that got the invite.. it helps us to keep things straight during our investigation, thanks!
-
File name: aaa314.png screenshot uploaded.
I’m also soarusa27, but I sent the reply from another browser.
But it does answer my question. I notice that my usernames appear in the forum.
I bet that the internet marketers are harvesting usernames from this forum. Now I’m really mad!
-
-
Correct, true usernames are shown here in the forums as we need to know what that is to be able to look up your account correctly. A “public display name” here would only create confusion and make helping you more difficult.
Also thank you for your screenshot. I’m not able to determine from the screenshot but can you share what the URL is for the site “Social Artist?”
We don’t have a way to search a site by it’s common name (title) but if you can share the URL we’re happy to investigate and report to our Terms of Service team. Thanks for the additional info!
-
I appreciate that you understand the sensitive nature of this issue. People often use the same username and passwords on different sites so something like this could be a breach of security if known by hackers.
-
Hi there,
Thanks for the link. Using the invite feature to spam people is against our policies, so I’m reporting this site internally to our Terms of Service team to review.
In future if you receive spammy invites like this, you can also report the site directly as explained at https://wordpress.com/support/report-blogs/
I notice that my usernames appear in the forum.
…
I appreciate that you understand the sensitive nature of this issue. People often use the same username and passwords on different sites so something like this could be a breach of security if known by hackers.
Just to clarify, WordPress.com usernames are public. This is how the open source WordPress software is designed – on any WordPress site, whether it’s hosted here on WordPress.com, or hosted elsewhere, the username is visible in various places in the source code and in the author archive URL of a site. WordPress.com usernames are also visible on your public profile page on Gravatar.com.
This is not unusual. Many other sites, including Instagram, Twitter, Reddit and LinkedIn also publicly expose usernames of individual profiles on their service, as does any kind of public forum on the web. Basically any service that allows you to have a public profile that other people can directly view does this, as the username is the unique identifier used in the URL for your profile.
I understand why you might find this alarming, but it’s how the web works and not considered a security issue. This is why it’s important to 1) not re-use passwords across multiple accounts, and 2) make sure that the email address tied to your username is secured by a strong password and two-factor authentication. Your username is completely useless to a hacker if they don’t have access to the email address, or in some cases the phone number, needed to receive a password reset link.
- The topic ‘Invites’ is closed to new replies.
WordPress.com Forums 