Credit Card Scare

3rdPlanetPhotography3rdPlanetPhotography Banned Posts: 920 Major grins
edited May 16, 2005 in SmugMug Support
Maybe someone can confirm what I'm seeing on this end. I logged into my smugmug and ordered some photos on a computer that was not mine. When I was done I clicked "Logout" and I was returned to my normal smugmug screen and not logged in.

Then another person on that computer clicked on one of my albums to order some photos of their own from my albums. Since I'm now logged out it shouldn't know who I am any longer. They put photos in their cart, clicked to checkout and the next screen showed all of my information and also had all my credit card info. They were able to order photos and use my information. We duplicated the same problem even after we closed and re-started our browser.

This scares the hell out of me. Will someone please look into this?

kc7dji

Comments

  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited May 15, 2005
    You will mostly get help based on your post, but I want to point out the sticky thread at the top of this forum, that this is not the official support page for smugmug, and that if you want help, it is best to go here or help@smugmug.com
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • mercphotomercphoto Registered Users Posts: 4,550 Major grins
    edited May 15, 2005
    kc7dji wrote:
    Maybe someone can confirm what I'm seeing on this end. I logged into my smugmug and ordered some photos on a computer that was not mine. When I was done I clicked "Logout" and I was returned to my normal smugmug screen and not logged in.

    Then another person on that computer clicked on one of my albums to order some photos of their own from my albums. Since I'm now logged out it shouldn't know who I am any longer. They put photos in their cart, clicked to checkout and the next screen showed all of my information and also had all my credit card info. They were able to order photos and use my information. We duplicated the same problem even after we closed and re-started our browser.

    This scares the hell out of me. Will someone please look into this?

    kc7dji

    You need to clear the browser cache. Its not a Smugmug issue.
    Bill Jurasz - Mercury Photography - Cedar Park, TX
    A former sports shooter
    Follow me at: https://www.flickr.com/photos/bjurasz/
    My Etsy store: https://www.etsy.com/shop/mercphoto?ref=hdr_shop_menu
  • 3rdPlanetPhotography3rdPlanetPhotography Banned Posts: 920 Major grins
    edited May 16, 2005
    mercphoto wrote:
    You need to clear the browser cache. Its not a Smugmug issue.
    Then it comes to a design issue. I'm a developer myself and never should I have to clear the cache everytime I place an order. In some cases like in a public library or any public machine you you may not have proper permissions to clear the cache or change any settings.

    kc7dji
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited May 16, 2005
    kc, i tried to recreate your problem and couldn't get the same result.

    sorry ne_nau.gif
    Andy

    PortfolioWorkshopsFacebookTwitter
  • flyingpylonflyingpylon Registered Users Posts: 260 Major grins
    edited May 16, 2005
    Whenever you use a computer other than your own, and think you have "logged out" of a site, you should also close the browser.
  • {JT}{JT} Registered Users Posts: 1,016 Major grins
    edited May 16, 2005
    Nope, you should not have to clear your cache. Not sure what is going on here - but when you logout, we destroy your session and all the information related to it. So when you hit any form page you should not see anything filled in. I tried to recreate this as well and can not. Can you provide more info: browser, os, version, plugins (google toolbar for instance remembers form values for you and fills them in, even AFTER you have logged out, look for yellow form fields).
    kc7dji wrote:
    Then it comes to a design issue. I'm a developer myself and never should I have to clear the cache everytime I place an order. In some cases like in a public library or any public machine you you may not have proper permissions to clear the cache or change any settings.

    kc7dji
  • mercphotomercphoto Registered Users Posts: 4,550 Major grins
    edited May 16, 2005
    {JT} wrote:
    Nope, you should not have to clear your cache. Not sure what is going on here - but when you logout, we destroy your session and all the information related to it.

    Did the guy, by any chance, tell his browser to remember data values filled in on a form?
    Bill Jurasz - Mercury Photography - Cedar Park, TX
    A former sports shooter
    Follow me at: https://www.flickr.com/photos/bjurasz/
    My Etsy store: https://www.etsy.com/shop/mercphoto?ref=hdr_shop_menu
  • {JT}{JT} Registered Users Posts: 1,016 Major grins
    edited May 16, 2005
    mercphoto wrote:
    Did the guy, by any chance, tell his browser to remember data values filled in on a form?

    That is what we are waiting to hear on. I mentioned third party plugins like google toolbar and their ability to do this, but I think that IE only has auto complete and will not fill things in automatically on it's own.
  • onethumbonethumb Administrators Posts: 1,269 Major grins
    edited May 16, 2005
    kc7dji wrote:
    Maybe someone can confirm what I'm seeing on this end. I logged into my smugmug and ordered some photos on a computer that was not mine. When I was done I clicked "Logout" and I was returned to my normal smugmug screen and not logged in.

    Then another person on that computer clicked on one of my albums to order some photos of their own from my albums. Since I'm now logged out it shouldn't know who I am any longer. They put photos in their cart, clicked to checkout and the next screen showed all of my information and also had all my credit card info. They were able to order photos and use my information. We duplicated the same problem even after we closed and re-started our browser.

    This scares the hell out of me. Will someone please look into this?

    kc7dji


    This is a bug. Sorry! We'll have a fix out "soon".

    I should note, though, that no credit card information is stored on your browser where anyone else can get to it. Additionally, they can't get it from any of the pages in the cart. So they can't take your card and use it elsewhere.

    We still take this seriously, and already have a fix ready to test. Our carts used to self-destruct as soon as you closed your browser, but now they persist for a month, and we overlooked this issue.

    Thanks for letting us know!

    Don
  • BodleyBodley Registered Users Posts: 766 Major grins
    edited May 16, 2005
    onethumb wrote:
    This is a bug. Sorry! We'll have a fix out "soon".

    Our carts used to self-destruct as soon as you closed your browser, but now they persist for a month, and we overlooked this issue.

    Thanks for letting us know!

    Don
    Will the shipping and card info still be filled in automatically if you are logged in? I really like not having to input this data.

    Greg
    Greg
    "Tis better keep your mouth shut and be thought of as an idiot than to open your mouth and remove all doubt"
  • onethumbonethumb Administrators Posts: 1,269 Major grins
    edited May 16, 2005
    Bodley wrote:
    Will the shipping and card info still be filled in automatically if you are logged in? I really like not having to input this data.

    Greg

    If you're logged in, yes, we pre-fill the data we can. (using the buttons on the shipping & billing pages).

    Don
  • 3rdPlanetPhotography3rdPlanetPhotography Banned Posts: 920 Major grins
    edited May 16, 2005
    onethumb wrote:
    If you're logged in, yes, we pre-fill the data we can. (using the buttons on the shipping & billing pages).

    Don
    Great! Thank you guys so much for looking into this. I really didn't mean to sound like I was b*tching but I too think it's a serious issue.

    Awesome work and fast response!!!!

    kc7dji
Sign In or Register to comment.