Security breach with team job postings (Staff: bug fixed) Автор темы: Mike (de Oliveira) Brady
|
|---|
I have just posted a job posting confidential to my team on Proz.com. When I posted this I was told it would go to 2 of the 4 team members. I'm investigating why postings do not go to all members.
However, I shortly after received a quote from someone who is not a team member, who clearly had access to the confidential information I had posted exclusively to my team.
The person who posted was kind enough to send me a screenshot of the listing that appeared in his job fe... See more I have just posted a job posting confidential to my team on Proz.com. When I posted this I was told it would go to 2 of the 4 team members. I'm investigating why postings do not go to all members.
However, I shortly after received a quote from someone who is not a team member, who clearly had access to the confidential information I had posted exclusively to my team.
The person who posted was kind enough to send me a screenshot of the listing that appeared in his job feed. This says it is a "Team Private" job posting, so why did it appear in his job feed and why was he able to view and quote on it?
Has anyone else using Proz.com team features experience such serious security breaches?
I am trying to get the job posting removed as closing it does not appear to be sufficient. ▲ Collapse
| | | | | Thanks for reporting | Jan 5, 2018 |
Hello Mike,
Thank you for reporting this. My colleague Alejandro is looking into the issue and will be in touch shortly.
Jared
| | | |
Hello, I can see the job posting in my job feeds too.
I hope you can get it sorted. Take care.
Kind Regards
Adelina Phillips
| | | | anitha gomathy 
Local time: 12:55
Член ProZ.com
английский => малаялам
+ ...
| I also see that | Jan 6, 2018 |
Hi Mike,
I also see that job post as an outsourcing person. So, I just replied as casual just to let you know about it. May I know if it was visible for those people too. I think it is coming automatically. Kindly recheck your settings and change it and repost it if possible. I hope next time it won't be appearing in the common page.
Kind regards,
Anitha
| | |
|
|
|
| Private team jobs can be viewed and quoted on by non-team members | Jan 7, 2018 |
I posted a second job private to my team as a test. When submitting the form Proz.com states:
---
Team private job
You are posting a job private to the members of the "Accredited Portuguese -> English translators" team.
Only members of the team will be able to view and quote on the job. Further restrictions on who within the team may view and quote may be defined below.
---
So far I've had 6 quotes on the job posting from non-team m... See more I posted a second job private to my team as a test. When submitting the form Proz.com states:
---
Team private job
You are posting a job private to the members of the "Accredited Portuguese -> English translators" team.
Only members of the team will be able to view and quote on the job. Further restrictions on who within the team may view and quote may be defined below.
---
So far I've had 6 quotes on the job posting from non-team members and a couple of posts on this thread confirming the post has appeared in the general jobs feed.
Here is the post that you should not be able to see unless you are member of the team.
https://www.proz.com/job/1394882
Post here if you can see it.
It is set for Portuguese->English language so you may not see it in any case if that is not your language pair. ▲ Collapse
| | | | Suzana Silva
Бразилия
Local time: 04:25
английский => португальский
+ ...
| I also see the post | Jan 8, 2018 |
Hello, as long as I know I'm not on the team, even though I also can see the job posting in the jobs feed, and when I hit the link I read the following on the top of the page:
"Team private" job posting
The outsourcer has chosen to make this a "team private" job posting, accessible only to members of the "Accredited Portuguese -> English translators" team, and possibly only to a subset of those team members. You can access it because you are a member of that team, and are on ... See more Hello, as long as I know I'm not on the team, even though I also can see the job posting in the jobs feed, and when I hit the link I read the following on the top of the page:
"Team private" job posting
The outsourcer has chosen to make this a "team private" job posting, accessible only to members of the "Accredited Portuguese -> English translators" team, and possibly only to a subset of those team members. You can access it because you are a member of that team, and are on that list. (FAQ)
Maybe it appears to me because I'm a Portuguese->English translator
Regards,
Suzana Silva ▲ Collapse
| | | | Jack Martin
Бразилия
Local time: 04:25
португальский => английский
I too can see the job.. It is in my language pairing, but I don't believe I am part of this team
| | | | Alejandro Cavalitto
Аргентина
Local time: 04:25
Член ProZ.com c 2008
английский => испанский
+ ...
| This bug has been fixed | Jan 8, 2018 |
Hello,
Thanks everyone for reporting and testing this bug. The bug has been fixed by now. "Team private" job postings will only be visible to members of the specific team it is aimed at, throughout the site. I apologize for the inconvenience.
By the way, I have now removed the job posting you made to test this bug.
Please let me know if you have any question or need anything else.
Best regards,
Alejandro
| | |
|
|
|
| Thanks - any progress on other team feature bugs? | Jan 11, 2018 |
Alejandro Cavalitto wrote:
Hello,
Thanks everyone for reporting and testing this bug. The bug has been fixed by now. "Team private" job postings will only be visible to members of the specific team it is aimed at, throughout the site. I apologize for the inconvenience.
By the way, I have now removed the job posting you made to test this bug.
Please let me know if you have any question or need anything else.
Best regards,
Alejandro
Thanks Alejandro.
I’ve made another job posting to the team and no non-team members have reported having seen it. I’m still not sure why notifications do not go to all team members.
The other bugs I have reported still seem to be there:
1. There is no link to upload files to the team. Has this function been removed?
2. I do not receive alerts when team members post to our private forum, despite setting to receive alerts.
Any updates appreciated.
| | | | Alejandro Cavalitto
Аргентина
Local time: 04:25
Член ProZ.com c 2008
английский => испанский
+ ...
| Progress so far | Jan 12, 2018 |
Hello Mike,
Thank you for bringing this up. After fixing another bug, notifications for your last job posting have been sent out. Notifications will be sent out to team members for future job postings, provided that the job posting requirements matches the information on their profile. Their notification settings also determine if they are sent notifications or not. You can see more information on how it is determined who is sent a n... See more Hello Mike,
Thank you for bringing this up. After fixing another bug, notifications for your last job posting have been sent out. Notifications will be sent out to team members for future job postings, provided that the job posting requirements matches the information on their profile. Their notification settings also determine if they are sent notifications or not. You can see more information on how it is determined who is sent a notification for a job posting here: https://www.proz.com/faq/8530#8530
Site developers are looking into the issue with forum notifications. I will post here once a solution has been found.
As for the feature to upload files to translation teams, I see that the feature is no longer shown in the "Team workspace" tab. I will explore if it is possible to have it restored.
Best regards,
Alejandro ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Security breach with team job postings (Staff: bug fixed) | TM-Town | Manage your TMs and Terms ... and boost your translation business
Are you ready for something fresh in the industry? TM-Town is a unique new site for you -- the freelance translator -- to store, manage and share translation memories (TMs) and glossaries...and potentially meet new clients on the basis of your prior work.
More info » |
| | Pastey | Your smart companion app
Pastey is an innovative desktop application that bridges the gap between human expertise and artificial intelligence. With intuitive keyboard shortcuts, Pastey transforms your source text into AI-powered draft translations.
Find out more » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
