dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2970
share rss forum feed


gwalk
Premium
join:2005-07-27
West Mich.
reply to Upset

Re: Other customers can see my infor

Amy, I see your thread on the Official Support Site is now closed.
Considering the tone of the replies over there, it could have been worse.
The "score" was 7 deletions (2 were mine), 1 title change.

And a whole lot of people that have a better understanding of Hughs.


compuguybna

join:2009-06-17
Nashville, TN
reply to Upset
bbbdc@hughes.net
executivecustomercare@hughes.net
William.Smouse@hns.com

I got out of my contract.


Karl Bode
News Guy
join:2000-03-02
kudos:39

1 recommendation

I'd like to write a story on this for the front page.

Can someone link me to the discussion over at the HughesNet forum?

I'm waiting on a response from the company.

Also, again, curious if anybody other than the original poster has been able to duplicate this bug.

nedriv

join:2006-08-07
Somerset, CA
Karl, here's the link you requested.

»community.myhughesnet.com/hughes···ot_fixed

Regards,
Ed V
--
HN9000 /


Karl Bode
News Guy
join:2000-03-02
kudos:39
Appreciate that...


gwalk
Premium
join:2005-07-27
West Mich.
If you write this up don't forget to view the change log to get a sense of the censorship by hughes.

Including another one of my replies that was removed:

This reply has been removed by Hughes:

You can remove my posts but you have some big problems and this is just WRONG. You need to reasure your customers that their private and financial data is secure. that steps amounting to more than "we will be reaching out to you" are being taken. This kind of stuff is important Read the post, understand the risk to your customer ! Forget the PR, just show Amy and the rest of your customers some substance beyond censorship !

Replies can be removed by community moderators if they contain inappropriate content or private information. This was the reason given in this case: Hughes: ""

Also, many of the people that contributed have been banned from the site, myself included.



gwalk
Premium
join:2005-07-27
West Mich.
reply to Upset
I went over and looked at the thread at hughes:

»community.myhughesnet.com/hughes···ot_fixed

The change log score has changed again.

10 deletes, 1 title change, a couple of lock/unlock cycles
If you look at it quick it is almost presentable.

chances14

join:2010-03-03
Michigan
reply to Upset
sara's latest reply

quote:
Thanks for your comments madhatter,
As I mentioned above, this is an isolated instance and it has been fully addressed. Credit card information was not compromised and there are no other customers in this situation. This was first brought up to our attention on January 15th, identifying the root of the problem and implementing a complete fix took the couple of weeks between then and now. Thanks, Sara

silbaco
Premium
join:2009-08-03
USA
reply to Upset
A single incident? That is hard to believe.


gwalk
Premium
join:2005-07-27
West Mich.
Have you ever known Hughes to be forthright and truthful ?


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
So annoying when Hughes locks the topic... Saw Madhatter somehow snuck a comment in there. When I tried it was locked.

Upset, Perhaps you could shed more light on the situation? Sara's last reply contradicts your statements in a number of ways:

- "Isolated instance". You mentioned that "They [tech support] keep telling us several customers have this issue".
- "Credit card information was not compromised" - You said "Our emails, address, credit card, past bills etc have been open for this other customer to see"
- "This was first brought up to our attention on January 15th" - vs "Hughes customers can view my private information for 3 months now"
- "identifying the root of the problem and implementing a complete fix took the couple of weeks" - vs it being strange that it got fixed one day after it was made public. May be coincidence but I doubt it knowing Hughes.

If you have any other information that Hughes may have told you but did not make public that would also be useful. I for one am not convinced that my info is secure.

Their previous statement about telling you to re-register make me think that they have just fixed the issue for your account but it may happen again to someone else.

The more information you can provide the better. Thanks for you help.


gwalk
Premium
join:2005-07-27
West Mich.
reply to Upset
Their previous statement about telling you to re-register make me think that they have just fixed the issue for your account but it may happen again to someone else

To say nothing of all the repeated issues that people had when they did the "Upgrade" to gen4.
It was one after the other after the other.
That was being "looked into", "fixed" "almost fixed" and post your latest 15 case #s

These changes are being keyed in by people that reside in 3rd world countrys, they are being paid by a company that holds its customers in contempt.

They simply don't care about you, your data or anything beyond the PR.
Censorship will more or less take care of that.


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
Just started another thread to keep the conversation going:
»community.myhughesnet.com/hughes···ore_info


gwalk
Premium
join:2005-07-27
West Mich.
I see a "POOF" in ewer future.
How do ewe like my new pic over there ?


Upset

@direcway.com
reply to notech

Okay. Great questions notech! Yes there does seem to be contradictions. I am waiting on confirmation from the person that saw my info...to make sure i understand his side....but...this is the info I received and how I understand it.

The other customer (call him concerned) emailed me on Jan 15 saying that he can see my account when they log on using their log on credentials. Concerned said he had contacted Hughes several times to get this fixed and they had not fixed the issue, so he notified Hughes (jan 15) that he was filing a complaint with the FBI if he did not get a call back from them by Saturday the 19th. In that same email he said he would send me pictures of what he could see. In that same email he said this had been going on since November. Hughes did not call him by that day.
I emailed Concerned back asking to see the pictures because we did not really believe this was true.
Concerned sent me pictures that CLEARLY showed our account information.
I let my husband take care of contacting Hughes to find out what was going on and honestly I am not exact about the date he did that. But most importantly.....hughes NEVER called us to let us know what was happening.
Okay the above info is how I got my dates of what length of time things happened.
Once I got involved with contacting Hughes....I was told by two different tier 4 tech guys that this problem was happening to several other customers too.
In regards to the amount of info Concerned could see....well log onto your customer care account on Hughes......that is what they could see of MY info. They had complete control over all aspects of my account. They could have done some serious damage to my email and account.

When Hughes said the problem was fixed and I should re register....I tried to and could not because the Hughes system was not recognizing my SAN and phone number together. I called them back and told them....they called 5 hours later and said to try again....later that night I tried again...same error....the next day they said try again....same error....then I got a call from a group of people and they asked me to try again while I was one the phone. THAT time they mentioned....make sure you put the beginning letters of your SAN in all caps. Well..........I had not been doing that. I now got re registered. But after I got registered they said.....well is everything fixed now? Can you surf the Internet. I reminded them I could surf before they 'fixed' everything. I told them that i don't know if it is fixed because i don't know if Concerned can still see my info. They told me that they 'decoupled' our account from Concerned's account. So everything is now fixed. But then in the next sentence they asked me for Concerned's name. How did they decouple my account when they did not know who's account it was coupled with in the first place? They proceeded to tell me that this was an isolated issue with only my account, which I do not think is true, but anyway.
Now the people on that call were VERY nice and helpful and respectful. I believe engineers and executives. I told them that my husband was going to ask me "what did you get for our troubles" (that is just how he is), so they gave me a credit of three months service.


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
Upset, Thanks for taking the time to keep us informed. Hughes tech support and moderators have a proven track record of lying through their teeth to me and I trust them about as far as I could thrown the whole company. All of the information you provided is very useful but what troubles me the most is how they "fixed" it.

They decoupled your account without knowing what the other account was? That is very suspicious in itself. I think it very wise to check with "Concerned" to make sure they do not see you info.

Another concern is that this "fix" is just for your account. Like I said before in the opening post on Hughes Net this is just a remedy for the symptom. It does not identify and fix the problem that caused the symptom. I do programming so I know that if a problem occurred once, and there is no code change, then it will happen again. It's just a matter of time.

said by Upset :

"they mentioned....make sure you put the beginning letters of your SAN in all caps"

If that was all it took to possibly trigger this situation then they have serious problems.

Hughes has a number of customer sites depending on modem technology used. I see you are using Gen4 so I assume it was »my.hughesnet.com
Could you confirm the URL of the site that was affected? I want to test a few things out.

Thanks again.


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
reply to notech
said by notech:

"Credit card information was not compromised" - You said "Our emails, address, credit card, past bills etc have been open for this other customer to see"

While I had Hughes service for many years I was never a Hughes customer, so a question to all of those who are: Are you able to see your OWN credit card info when you log in?

That is generally a no-no. Last 4 digits only would be max. If you can see it, they need to be told to reprogram their site. If you can't see it, likely nobody else could either even if two accounts became cross-wired.

Actually, beyond displaying it, the web server shouldn't even have access to the whole number. That should be one-way only, when you put in new information, transmitting to the database, but no way for the web server to read it back from the database in its entirety.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
dbirdman, I am on the old HN9000 and have a different support site. This site does not display any billing information beyond invoices that only say "paid with credit card". Gen4 customers have a different site. I totally agree on everything you say.

wkell

join:2013-02-06

1 edit
reply to Upset
Notech, there is partial card info displayed, its located under the account tab where you can change your credit/debit info...

I am on the HN9000 and under mine it does give you some card info... it does give the last 4 digits with the rest xxxxxxxx'd , gives the card exp. date, Gives the exact name on card, Card billing address info - Cardholder, Address, City, State and Zip Code..

There is still alot of personal information contained in one place and could be useful to a skilled clever scam artist..


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
Hey Upset, I was finally able to test the Gen4 customer care system. I looked at the information displayed and saw that the credit card info displayed the last 4 digits of the card. Can you confirm that was the same in the screenshots you received from "Concerned"? Like "wkell' said there is still a lot of personal info that is displayed that a scam artist could use but it does reduce the severity of the exposure.

Tried to test registration using lower case SAN but could not replicate the problem. When you were registering did you check the box next to "have customer ID' and provide it or did you just enter your phone number and SAN? Did you use a Hughes email to register or another service such as Yahoo?

These test were using accounts that were already registered successfully so will not replicate a first time registration.

Also tried providing valid/invalid SAN with different valid/invalid phone numbers but got errors each time that stopped registration. Maybe Hughes has fixed the issue with lower case SAN.

Did you get any response from "Concered'?

Wish Hughes would provide more info so I don't have to spend time debugging this and we can rest easy. Still no replies on the community board over there.


Upset

@direcway.com
I got confirmation from 'Concerned' that they can NO long see our info. Thank goodness!
Also, you are correct, only the last four digits on CC info was displayed.
No I did not check the box, have customer ID during my re registration, and I used my hughes.net email account.
Maybe they did get the upper case only for SAN number fixed. I don't know.....but it was crazy that no one pointed that out to me the FIRST time I got the error. Should they all be well versed in knowing that is a common issue.
Thank you and have a blessed day!


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
My follow up thread was recently marked "Not a problem". Today it was "closed" without reply from Hughes and shortly after it was "archived" so it is no longer visible in the lists of posts.

»community.myhughesnet.com/hughes···ore_info

Great way to reassure your customers that the problem was properly fixed.


notech

join:2013-02-03
Reviews:
·HughesNet Satell..
reply to Upset
Next follow up thread posted. Let's see if this gets any proper answers.
»community.myhughesnet.com/hughes···_answers


compuguybna

join:2009-06-17
Nashville, TN
Reviews:
·Millenicom
·HughesNet Satell..
·ooma
·Virgin Mobile Br..
·Charter

1 edit
reply to notech
is called censorship, and SARA is famous for it.

said by notech:

My follow up thread was recently marked "Not a problem". Today it was "closed" without reply from Hughes and shortly after it was "archived" so it is no longer visible in the lists of posts.

»community.myhughesnet.com/hughes···ore_info

Great way to reassure your customers that the problem was properly fixed.



gwalk
Premium
join:2005-07-27
West Mich.
reply to Upset
Speaking of censorship, here is another deleted post.
Other than the fact it doesn't wave the Hughes banner....where is the problem ?

This reply has been removed by Hughes:

OMG ! I just joined and this is what they call support ? My equipment is old and I was thinking of upgrading. What do I find ? Risk of my personal data with weak replies by a forum moderator.. wow, thanks but no thanks. In fact I called customer support to cancel my service and go with the "other guys" because I can pre-pay. The support number gave me something like "due to the overwellming response to Gen4 call back" I am a senior and am teriffied of ID theft !

Replies can be removed by community moderators if they contain inappropriate content or private information. This was the reason given in this case: Hughes: "In order to keep the community focused on resolutions, I have removed your comment. Suz"