dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3565

notech
join:2013-02-03

notech to Upset

Member

to Upset

Re: Other customers can see my infor

So annoying when Hughes locks the topic... Saw Madhatter somehow snuck a comment in there. When I tried it was locked.

Upset, Perhaps you could shed more light on the situation? Sara's last reply contradicts your statements in a number of ways:

- "Isolated instance". You mentioned that "They [tech support] keep telling us several customers have this issue".
- "Credit card information was not compromised" - You said "Our emails, address, credit card, past bills etc have been open for this other customer to see"
- "This was first brought up to our attention on January 15th" - vs "Hughes customers can view my private information for 3 months now"
- "identifying the root of the problem and implementing a complete fix took the couple of weeks" - vs it being strange that it got fixed one day after it was made public. May be coincidence but I doubt it knowing Hughes.

If you have any other information that Hughes may have told you but did not make public that would also be useful. I for one am not convinced that my info is secure.

Their previous statement about telling you to re-register make me think that they have just fixed the issue for your account but it may happen again to someone else.

The more information you can provide the better. Thanks for you help.

gwalk
Premium Member
join:2005-07-27
West Mich.

gwalk to Upset

Premium Member

to Upset
Their previous statement about telling you to re-register make me think that they have just fixed the issue for your account but it may happen again to someone else

To say nothing of all the repeated issues that people had when they did the "Upgrade" to gen4.
It was one after the other after the other.
That was being "looked into", "fixed" "almost fixed" and post your latest 15 case #s

These changes are being keyed in by people that reside in 3rd world countrys, they are being paid by a company that holds its customers in contempt.

They simply don't care about you, your data or anything beyond the PR.
Censorship will more or less take care of that.

notech
join:2013-02-03

notech to Upset

Member

to Upset
Just started another thread to keep the conversation going:
»community.myhughesnet.co ··· ore_info

gwalk
Premium Member
join:2005-07-27
West Mich.

gwalk

Premium Member

I see a "POOF" in ewer future.
How do ewe like my new pic over there ?

Upset
@direcway.com

Upset to notech

Anon

to notech

Okay. Great questions notech! Yes there does seem to be contradictions. I am waiting on confirmation from the person that saw my info...to make sure i understand his side....but...this is the info I received and how I understand it.

The other customer (call him concerned) emailed me on Jan 15 saying that he can see my account when they log on using their log on credentials. Concerned said he had contacted Hughes several times to get this fixed and they had not fixed the issue, so he notified Hughes (jan 15) that he was filing a complaint with the FBI if he did not get a call back from them by Saturday the 19th. In that same email he said he would send me pictures of what he could see. In that same email he said this had been going on since November. Hughes did not call him by that day.
I emailed Concerned back asking to see the pictures because we did not really believe this was true.
Concerned sent me pictures that CLEARLY showed our account information.
I let my husband take care of contacting Hughes to find out what was going on and honestly I am not exact about the date he did that. But most importantly.....hughes NEVER called us to let us know what was happening.
Okay the above info is how I got my dates of what length of time things happened.
Once I got involved with contacting Hughes....I was told by two different tier 4 tech guys that this problem was happening to several other customers too.
In regards to the amount of info Concerned could see....well log onto your customer care account on Hughes......that is what they could see of MY info. They had complete control over all aspects of my account. They could have done some serious damage to my email and account.

When Hughes said the problem was fixed and I should re register....I tried to and could not because the Hughes system was not recognizing my SAN and phone number together. I called them back and told them....they called 5 hours later and said to try again....later that night I tried again...same error....the next day they said try again....same error....then I got a call from a group of people and they asked me to try again while I was one the phone. THAT time they mentioned....make sure you put the beginning letters of your SAN in all caps. Well..........I had not been doing that. I now got re registered. But after I got registered they said.....well is everything fixed now? Can you surf the Internet. I reminded them I could surf before they 'fixed' everything. I told them that i don't know if it is fixed because i don't know if Concerned can still see my info. They told me that they 'decoupled' our account from Concerned's account. So everything is now fixed. But then in the next sentence they asked me for Concerned's name. How did they decouple my account when they did not know who's account it was coupled with in the first place? They proceeded to tell me that this was an isolated issue with only my account, which I do not think is true, but anyway.
Now the people on that call were VERY nice and helpful and respectful. I believe engineers and executives. I told them that my husband was going to ask me "what did you get for our troubles" (that is just how he is), so they gave me a credit of three months service.

notech
join:2013-02-03

notech to Upset

Member

to Upset
Upset, Thanks for taking the time to keep us informed. Hughes tech support and moderators have a proven track record of lying through their teeth to me and I trust them about as far as I could thrown the whole company. All of the information you provided is very useful but what troubles me the most is how they "fixed" it.

They decoupled your account without knowing what the other account was? That is very suspicious in itself. I think it very wise to check with "Concerned" to make sure they do not see you info.

Another concern is that this "fix" is just for your account. Like I said before in the opening post on Hughes Net this is just a remedy for the symptom. It does not identify and fix the problem that caused the symptom. I do programming so I know that if a problem occurred once, and there is no code change, then it will happen again. It's just a matter of time.
said by Upset :

"they mentioned....make sure you put the beginning letters of your SAN in all caps"

If that was all it took to possibly trigger this situation then they have serious problems.

Hughes has a number of customer sites depending on modem technology used. I see you are using Gen4 so I assume it was »my.hughesnet.com
Could you confirm the URL of the site that was affected? I want to test a few things out.

Thanks again.

dbirdman
MVM
join:2003-07-07
usa

dbirdman to notech

MVM

to notech
said by notech:

"Credit card information was not compromised" - You said "Our emails, address, credit card, past bills etc have been open for this other customer to see"

While I had Hughes service for many years I was never a Hughes customer, so a question to all of those who are: Are you able to see your OWN credit card info when you log in?

That is generally a no-no. Last 4 digits only would be max. If you can see it, they need to be told to reprogram their site. If you can't see it, likely nobody else could either even if two accounts became cross-wired.

Actually, beyond displaying it, the web server shouldn't even have access to the whole number. That should be one-way only, when you put in new information, transmitting to the database, but no way for the web server to read it back from the database in its entirety.

notech
join:2013-02-03

notech

Member

dbirdman, I am on the old HN9000 and have a different support site. This site does not display any billing information beyond invoices that only say "paid with credit card". Gen4 customers have a different site. I totally agree on everything you say.
wkell
join:2013-02-06

1 edit

wkell to Upset

Member

to Upset
Notech, there is partial card info displayed, its located under the account tab where you can change your credit/debit info...

I am on the HN9000 and under mine it does give you some card info... it does give the last 4 digits with the rest xxxxxxxx'd , gives the card exp. date, Gives the exact name on card, Card billing address info - Cardholder, Address, City, State and Zip Code..

There is still alot of personal information contained in one place and could be useful to a skilled clever scam artist..

notech
join:2013-02-03

notech to Upset

Member

to Upset
Hey Upset, I was finally able to test the Gen4 customer care system. I looked at the information displayed and saw that the credit card info displayed the last 4 digits of the card. Can you confirm that was the same in the screenshots you received from "Concerned"? Like "wkell' said there is still a lot of personal info that is displayed that a scam artist could use but it does reduce the severity of the exposure.

Tried to test registration using lower case SAN but could not replicate the problem. When you were registering did you check the box next to "have customer ID' and provide it or did you just enter your phone number and SAN? Did you use a Hughes email to register or another service such as Yahoo?

These test were using accounts that were already registered successfully so will not replicate a first time registration.

Also tried providing valid/invalid SAN with different valid/invalid phone numbers but got errors each time that stopped registration. Maybe Hughes has fixed the issue with lower case SAN.

Did you get any response from "Concered'?

Wish Hughes would provide more info so I don't have to spend time debugging this and we can rest easy. Still no replies on the community board over there.

Upset
@direcway.com

Upset

Anon

I got confirmation from 'Concerned' that they can NO long see our info. Thank goodness!
Also, you are correct, only the last four digits on CC info was displayed.
No I did not check the box, have customer ID during my re registration, and I used my hughes.net email account.
Maybe they did get the upper case only for SAN number fixed. I don't know.....but it was crazy that no one pointed that out to me the FIRST time I got the error. Should they all be well versed in knowing that is a common issue.
Thank you and have a blessed day!

notech
join:2013-02-03

notech to Upset

Member

to Upset
My follow up thread was recently marked "Not a problem". Today it was "closed" without reply from Hughes and shortly after it was "archived" so it is no longer visible in the lists of posts.

»community.myhughesnet.co ··· ore_info

Great way to reassure your customers that the problem was properly fixed.
notech

notech to Upset

Member

to Upset
Next follow up thread posted. Let's see if this gets any proper answers.
»community.myhughesnet.co ··· _answers

compuguybna
join:2009-06-17
Nashville, TN

1 edit

compuguybna to notech

Member

to notech
is called censorship, and SARA is famous for it.
said by notech:

My follow up thread was recently marked "Not a problem". Today it was "closed" without reply from Hughes and shortly after it was "archived" so it is no longer visible in the lists of posts.

»community.myhughesnet.co ··· ore_info

Great way to reassure your customers that the problem was properly fixed.


gwalk
Premium Member
join:2005-07-27
West Mich.

gwalk to Upset

Premium Member

to Upset
Speaking of censorship, here is another deleted post.
Other than the fact it doesn't wave the Hughes banner....where is the problem ?

This reply has been removed by Hughes:

OMG ! I just joined and this is what they call support ? My equipment is old and I was thinking of upgrading. What do I find ? Risk of my personal data with weak replies by a forum moderator.. wow, thanks but no thanks. In fact I called customer support to cancel my service and go with the "other guys" because I can pre-pay. The support number gave me something like "due to the overwellming response to Gen4 call back" I am a senior and am teriffied of ID theft !

Replies can be removed by community moderators if they contain inappropriate content or private information. This was the reason given in this case: Hughes: "In order to keep the community focused on resolutions, I have removed your comment. Suz"