Mailing to VKontakte @ post.vk.com postal addresses lead to breach of confidentiality of personal data
Studying the issue in the search on Yandex blogs, I discovered that the company's mailings are indexed and fall out in search through the wall of VKontakte.
Each message had a unique link that was automatically authorized on the site. Absolutely anyone could access the profile.
In the settings of VKontakte, you can enable the function of sending photos and records via E-mail. Within 10 minutes, a message arrived with the format address *** @ post.vk.com. Any email sent to this email is displayed on the user’s page. But not everyone understood that the address does not need to advertise
The location of the functionality in the settings:
SMS example:
')
An example of sending a message to a random soap from the list:
We decided to stop sending messages to "@ post.vk.com" and destroy the old links.
After examining the issue , you can find many large resources, for example:
Topface.com - automatic login to the site, access to personal correspondence
Facebook.com - the possibility of profile theft
Biglion.ru - automatic login
Kupikupon.ru - automatic login
worldoftanks.ru - the possibility of password theft
Fotos.ua - home address, order history
I advise everyone to suspend template distribution to VK addresses.
Naturally, the entire responsibility for the placement of letters lies with the user, but there are no warnings or “foolproof” on the social network either.
PS Most likely, search engines rate these messages from the walls as spam, which will affect search engine promotion of the resource.
06/05/2013 UPDATE:
Author: Sergey Gridchin, SEO KupiVIP
Each message had a unique link that was automatically authorized on the site. Absolutely anyone could access the profile.
In the settings of VKontakte, you can enable the function of sending photos and records via E-mail. Within 10 minutes, a message arrived with the format address *** @ post.vk.com. Any email sent to this email is displayed on the user’s page. But not everyone understood that the address does not need to advertise
The location of the functionality in the settings:
SMS example:
')
An example of sending a message to a random soap from the list:
We decided to stop sending messages to "@ post.vk.com" and destroy the old links.
After examining the issue , you can find many large resources, for example:
Topface.com - automatic login to the site, access to personal correspondence
Facebook.com - the possibility of profile theft
Biglion.ru - automatic login
Kupikupon.ru - automatic login
worldoftanks.ru - the possibility of password theft
Fotos.ua - home address, order history
I advise everyone to suspend template distribution to VK addresses.
Naturally, the entire responsibility for the placement of letters lies with the user, but there are no warnings or “foolproof” on the social network either.
PS Most likely, search engines rate these messages from the walls as spam, which will affect search engine promotion of the resource.
06/05/2013 UPDATE:
1337
The topic did not pass by - today this feature has been disabled.
Proof: vk.com/wall-32295218_144485
Author: Sergey Gridchin, SEO KupiVIP
Source: https://habr.com/ru/post/181313/
All Articles