This isn't cool. Received an email on an account that is only used for Swingular. In it, the spammer used the Swingular profile name that is not used on any other site. How could this be?
On another note, the site is not secure. Notice the URL in the browser. It shows a plain page in Chrome and not a padlock. So, all the information sent between you and the site is sent in plain text rather than an encrypted tunnel. Now scroll all the way to the bottom of the page. See that GoDaddy logo? What's up with that?
I think we need some explanations especially as most of us have paid for the service and certainly expected privacy.
Mav
On another note, the site is not secure. Notice the URL in the browser. It shows a plain page in Chrome and not a padlock. So, all the information sent between you and the site is sent in plain text rather than an encrypted tunnel. Now scroll all the way to the bottom of the page. See that GoDaddy logo? What's up with that?
I think we need some explanations especially as most of us have paid for the service and certainly expected privacy.
Mav
AZWETNWILD, nope, the handle is nowhere. Especially being associated to the email address. And the site is not secure, no SSL encryption. 
AZ: did a search for the profile name and email (with and without the domain), no results. Never saw Google say no results found! 
I have known this since day one. You can get here using https://swingular.com but then some things don't or didn't work when I last checked. However you do get a lock showing in chrome if you do use the https address. I have both secured and unsecured open at the same time in two different windows. The site should move you over to secure https but for what ever reason it does not and never has. If you want to go to the trouble you can test MAVENX and let the rest of us know if is still the case.
Very true Sugar. It is a simple scripting edit in the config file to force visitors over to SSL. Now, how many of us geeks actually know to visit https?
Mav
Mav
MAVENX wrote:
AZ: did a search for the profile name and email (with and without the domain), no results. Never saw Google say no results found!
I googled and found quite a few posting from your username, some including email addresses. Unfortunately this site does nothing to stop search engines (no robots.txt found, no 'no index' meta tags, text readable with out a valid password ect). All are simple to fix but I don't think the admin will get around to them. SSL should be forced BUT will do nothing about search engines! I wouldn't be so quick to claim a 'hacked site' just a easily searched one. for fun try : LMGTFY
Googled AZWETNWILD...came up with Real Swingers and LoveVoodoo profiles for them, but no MAVENX. No Swingular either...
I wouldn't worry too much at this point, although it does need to be fixed. If there's suddenly a GoDaddy logo at the bottom, that's just a company that registers domain names, part of the system that prevents different people, businesses, or whatever, from having identical web adressses. It could be that swingular is registered there, and showing the logo is part of the deal. I don't know what Chrome people are seeing, I don't use Chrome, I use Firefox. The logo I see is a godaddy "registered secured", which would seem to indicate that the site itself is secured. As for someone getting the email address you use to communicate with swingular, there are plenty of companies that will find someone's email for you, and they aren't necessarily getting them by breaking into some site or intercepting interned transmitted emails. Every email address, even one that goes through some specific site, is registered somewhere, and these companies seem to have access to email registrations, and some companies sell them to other companies who use them for marketing purposes. If I had a store that sold sex toys, I'd sure want to buy the email addresses for people who use sexually related sites. Other companies buy lists of email addresses that have been used to communicate with other sites that are in some way related to whatever the company is selling. And that's why there are companies finding and selling email addresses. Their source doesn't necessarily have to be the swingular site itself.
And unless or until this gets fixed, if it worries you, get the real email of anyone who you want to give things like your phone number to, and use that instead of swingular email to send that info.
But I wouldn't worry a lot at this point even if transmissions aren't entirely secure. Intercepting internet communications, and breaking even the normal (as opposed to "secure") encryption is not something that every hacker in the world has the ability to do. The people who can and do do that tend to be good sized operations that are looking for SSANs, credit card numbers, and other things that can be used to compromise one's financial security. They aren't interested in the sexual peccadilloes of ordinary folks. Now if you're some kind of celebrity, then you could have a problem, because there are people with the ability and desire to look at whatever you are doing.
And unless or until this gets fixed, if it worries you, get the real email of anyone who you want to give things like your phone number to, and use that instead of swingular email to send that info.
But I wouldn't worry a lot at this point even if transmissions aren't entirely secure. Intercepting internet communications, and breaking even the normal (as opposed to "secure") encryption is not something that every hacker in the world has the ability to do. The people who can and do do that tend to be good sized operations that are looking for SSANs, credit card numbers, and other things that can be used to compromise one's financial security. They aren't interested in the sexual peccadilloes of ordinary folks. Now if you're some kind of celebrity, then you could have a problem, because there are people with the ability and desire to look at whatever you are doing.
Swingular should change a few things:
1) robots.txt file to exclude search engines
2) SSL required
3) login required for access
4) removal from Google, Bing, etc.
Still say the site was hacked as the profile in question is not found in Google, MSN, Bing, Yahoo, etc.
1) robots.txt file to exclude search engines
2) SSL required
3) login required for access
4) removal from Google, Bing, etc.
Still say the site was hacked as the profile in question is not found in Google, MSN, Bing, Yahoo, etc.
Assuming the data wasn't sold by someone with access.
I look at like this..If you don't want to be found out .. Don't become a member on these sites...don't post pics ..like they say nothing ever goes away once it's on the web..just sayin
AZWETWILD To address your comment, it is not about my handle. It is about another handle I had with someone else on the site. We never posted in the forums. We didn't use the handle and email combo on any other website. A google search of the handle and email came up with NO RESULTS. So, how did they get it.
Everyone should be concerned about this. Swingular owes its members privacy rights. Plain and simple. It is scary that they don't embrace the fundamentals of Internet security and trust.
Everyone should be concerned about this. Swingular owes its members privacy rights. Plain and simple. It is scary that they don't embrace the fundamentals of Internet security and trust.
To all those concerned about security, we have not been hacked. Our system is secure and we constantly monitor it for any irregular activity. We also patch our system frequently, especially when new exploits are discovered, such as the recent bash bug.
In order for someone to get your information from us, they would have to crack into our separate, secure database servers that do not reside on the same servers as the website. These servers only allow access from one service user and one ip address.
As well, we do not ask you for any personal information that could identify you. The only time we do is when you make a payment and even then, we do not store that information, we only pass it on to the processor and that entire process is using an ssl secure link.
If someone has your information, or you are receiving spam emails, I can promise you 100%, it did not come directly from us. Maybe your systems have been compromised or you have given your information to someone else who has been compromised.
'Then why can we find our username, etc... by searching Google?' It's because we allow Google to index our forums so that we can get higher search rankings thus allowing us to get more members for you to interact with. We do not allow them to index your photos, your usernames or anything else that we hold in our database. The only thing we allow is that actual conversations that appear in the forums. We have always stated that you should never post anything in the forums that you do not want others to see such as email addresses or phone numbers, not because the forums are indexed by search engines, but because EVERY member has the ability to see your posts. The forums are a PUBLIC place so unless you want all those unknown members having this information, you shouldn't be posting it there.
SSL
We do not use SSL connections to secure the site other than for transmitting sensitive information like credit card numbers because we use a 3rd party instant messaging system that currently does not support SSL. Is this an issue, NO it is not. Unless you are sending emails with super sensitive information or details, which you shouldn't be doing on a dating site in the first place, there's nothing that can be used to hack you that you already aren't sending across the internet insecurely in the first place with your normal browsing behavior. 80% of your internet browsing does not use SSL secure transmissions because it's not necessary for normal use.
However, we are currently working to implement SSL across the entire site because it will allow us to take advantage of a new technology that will speed up web site browsing called SPDY developed by Google.
Look, security is as only as good as the users that use the system and it all starts from you. How can a big company like Home Depot or Target get hacked and a small company like ours not? Because of the employees and users. Those companies are so big, it's hard to control each user and make sure they are doing things safely and securely. With our company, there is only one person that has access to the secure systems. The chance that someone at a big company could accidentally expose their systems to a security flaw are greater with the more people that they employ vs our chances with just one.
And last, no, we do not share your personal information, which would basically only be your email address because we don't know anything else about you. It states it in our terms and conditions and privacy policy.
So, MavenX, if you are getting spam emails, I would look elsewhere because it isn't us. Plus, you'd be seeing this problem occur for more than just you if this was the case and it sounds like an isolated incident. If you would like, you can send me a copy of the email and I will help you look into it. You can send it to [email protected].
As for everyone else, I can personally assure you that we have not been hacked and that we are secure from all known exploits and that we have done and are doing everything in our power to make sure our site is secure and safe to use.
If you have any questions or concerns about this, you can contact me directly at [email protected] and I will get back to you as soon as possible.
Thanks for your time.
Robert
Owner/CEO
In order for someone to get your information from us, they would have to crack into our separate, secure database servers that do not reside on the same servers as the website. These servers only allow access from one service user and one ip address.
As well, we do not ask you for any personal information that could identify you. The only time we do is when you make a payment and even then, we do not store that information, we only pass it on to the processor and that entire process is using an ssl secure link.
If someone has your information, or you are receiving spam emails, I can promise you 100%, it did not come directly from us. Maybe your systems have been compromised or you have given your information to someone else who has been compromised.
'Then why can we find our username, etc... by searching Google?' It's because we allow Google to index our forums so that we can get higher search rankings thus allowing us to get more members for you to interact with. We do not allow them to index your photos, your usernames or anything else that we hold in our database. The only thing we allow is that actual conversations that appear in the forums. We have always stated that you should never post anything in the forums that you do not want others to see such as email addresses or phone numbers, not because the forums are indexed by search engines, but because EVERY member has the ability to see your posts. The forums are a PUBLIC place so unless you want all those unknown members having this information, you shouldn't be posting it there.
SSL
We do not use SSL connections to secure the site other than for transmitting sensitive information like credit card numbers because we use a 3rd party instant messaging system that currently does not support SSL. Is this an issue, NO it is not. Unless you are sending emails with super sensitive information or details, which you shouldn't be doing on a dating site in the first place, there's nothing that can be used to hack you that you already aren't sending across the internet insecurely in the first place with your normal browsing behavior. 80% of your internet browsing does not use SSL secure transmissions because it's not necessary for normal use.
However, we are currently working to implement SSL across the entire site because it will allow us to take advantage of a new technology that will speed up web site browsing called SPDY developed by Google.
Look, security is as only as good as the users that use the system and it all starts from you. How can a big company like Home Depot or Target get hacked and a small company like ours not? Because of the employees and users. Those companies are so big, it's hard to control each user and make sure they are doing things safely and securely. With our company, there is only one person that has access to the secure systems. The chance that someone at a big company could accidentally expose their systems to a security flaw are greater with the more people that they employ vs our chances with just one.
And last, no, we do not share your personal information, which would basically only be your email address because we don't know anything else about you. It states it in our terms and conditions and privacy policy.
So, MavenX, if you are getting spam emails, I would look elsewhere because it isn't us. Plus, you'd be seeing this problem occur for more than just you if this was the case and it sounds like an isolated incident. If you would like, you can send me a copy of the email and I will help you look into it. You can send it to [email protected].
As for everyone else, I can personally assure you that we have not been hacked and that we are secure from all known exploits and that we have done and are doing everything in our power to make sure our site is secure and safe to use.
If you have any questions or concerns about this, you can contact me directly at [email protected] and I will get back to you as soon as possible.
Thanks for your time.
Robert
Owner/CEO
We searched our username a couple years ago and it popped up To be fair, we have used it in other places. No personal info came up that concerned us. We have searched it regularly since then and haven't found anything that to worry us.
The last thing I want to do is get into a fight over the word hacked. Now I know profiles that have been hacked but it is usually by an ex. The only purpose of hacking an account is to give the owner grief and really does not make much sense since Admin can un-hack it for you.
Many people are confused as to what the term hacking really means. If someone wanted to hack into a single account it would be much easier than hacking into a financial server somewhere. The more you know about someone the easier it would be to hack their personal account anywhere in any business.
Let
Many people are confused as to what the term hacking really means. If someone wanted to hack into a single account it would be much easier than hacking into a financial server somewhere. The more you know about someone the easier it would be to hack their personal account anywhere in any business.
Let
I've been on this site a long time. I feel more secure on Swingular than I do on my email account. Could it be hacked? Sure, so what. I live an open life and most anyone wanting to know anything about me could learn more just by asking me. Someone on this site is seeing cyber-ghosts.
Anything can be hacked if you give someone sufficient time and resources to devote to it. I honestly don't see Swingular being high on anyone's list to hack though, just due to the more niche market it is in. Hackers that want data are going to go somewhere that they can use to cast a much wider net than they could with Swingular. The only reason I could see anyone hacking this site for presently would be if the site or someone incharge of it pissed off or wronged someone (in the hacker's mind), and the hack was done in revenge.
I Googled our Swingular handle a few years ago. It brought up a whole bunch of pics of Dubya. Should I be worried? 
Hmmmm. I got a lot of soft core and hard core porn when I Googled DELICIOUSLYWET. Oh wait. There's a pic of some food. Lot's of stuff about wet panties too. I'm not gonna go to the next page. Afraid I might get a bunch of pics of people micturating...possibly on rugs.
Wow if you're so freaked out about this then take yourself off of Swingular. If you are so concerned about hiding who you are then it really sounds like you're hiding from a spouse so you don't get caught looking for others behind their back. That's called cheating and it's people like that who give the lifestyle a bad name. We are here to explore a new way of enjoyment in our sexual lives so when someone throws up the red flag of alarm it normally means they got busted. Do us all a favor delete your account go back to Craig's list and find your cheap thrill and leave the rest of us alone. Trust is a two way line of communication learn it or leave..
Just googled our profile, webster told me I am a dumb ass and cant spell. How rude.
DELICIOUSLYWET wrote:EVILDOERS wrote:
Hmmmm. I got a lot of soft core and hard core porn when I Googled DELICIOUSLYWET. Oh wait. There's a pic of some food. Lot's of stuff about wet panties too. I'm not gonna go to the next page. Afraid I might get a bunch of pics of people micturating...possibly on rugs.
That is why, unlike Shatner, rather than go get a toupee I just started shaving my head when my hair got thin. Nothing worse than going to a swingers event and having ladies with a fetish micturating on your rug.
OMG, had no idea TBL was a thinly veiled reference to water sports and in particular water sports and toupees. Gonna have to watch it again to see what else I missed.
KRAZYGIRL wrote:
Just googled our profile, webster told me I am a dumb ass and cant spell. How rude.
Maybe. But still less rude than what jv666 wrote. HARSH, dude! And more than just a little presumptive. Who pooped in YOUR Cocoa Puffs this morning?!!?
Just googled our profile for real, not one thing from this website but several things from the other two lifestyle sites we are members to.
Shows profile pictures and a few things that has happened in our profile in the last while. Cant click on anything and see much but the main page of the site with our stuff on it is veiwable. So need to change profile picture there and then we are ok.
Just info for others to think about thier stuff.
Shows profile pictures and a few things that has happened in our profile in the last while. Cant click on anything and see much but the main page of the site with our stuff on it is veiwable. So need to change profile picture there and then we are ok.
Just info for others to think about thier stuff.
I just see a lot of snowboarders and snow bunnies when I google my profile.
As the original poster, I was not talking about Googling your profile. The profile that received an email only existed on Swingular. No where else yet an email was received. Being in IT, there was no other explanation.
The admins have made changes since the original post. It is now SSL. That doesn't guarantee a brute force attack against the Swingular database. It is definitely a step in the right direction.
Mav
The admins have made changes since the original post. It is now SSL. That doesn't guarantee a brute force attack against the Swingular database. It is definitely a step in the right direction.
Mav
I have an e-mail address that is only used here. I've never had any spam. No problems what so ever.