Security breach with team job postings (Staff: bug fixed) Thread poster: Mike (de Oliveira) Brady
|
|---|
I have just posted a job posting confidential to my team on Proz.com. When I posted this I was told it would go to 2 of the 4 team members. I'm investigating why postings do not go to all members.
However, I shortly after received a quote from someone who is not a team member, who clearly had access to the confidential information I had posted exclusively to my team.
The person who posted was kind enough to send me a screenshot of the listing that appeared in his job fe... See more I have just posted a job posting confidential to my team on Proz.com. When I posted this I was told it would go to 2 of the 4 team members. I'm investigating why postings do not go to all members.
However, I shortly after received a quote from someone who is not a team member, who clearly had access to the confidential information I had posted exclusively to my team.
The person who posted was kind enough to send me a screenshot of the listing that appeared in his job feed. This says it is a "Team Private" job posting, so why did it appear in his job feed and why was he able to view and quote on it?
Has anyone else using Proz.com team features experience such serious security breaches?
I am trying to get the job posting removed as closing it does not appear to be sufficient. ▲ Collapse
| | | | | Thanks for reporting | Jan 5, 2018 |
Hello Mike,
Thank you for reporting this. My colleague Alejandro is looking into the issue and will be in touch shortly.
Jared
| | | |
Hello, I can see the job posting in my job feeds too.
I hope you can get it sorted. Take care.
Kind Regards
Adelina Phillips
| | | | | I also see that | Jan 6, 2018 |
Hi Mike,
I also see that job post as an outsourcing person. So, I just replied as casual just to let you know about it. May I know if it was visible for those people too. I think it is coming automatically. Kindly recheck your settings and change it and repost it if possible. I hope next time it won't be appearing in the common page.
Kind regards,
Anitha
| | |
|
|
|
| Private team jobs can be viewed and quoted on by non-team members | Jan 7, 2018 |
I posted a second job private to my team as a test. When submitting the form Proz.com states:
---
Team private job
You are posting a job private to the members of the "Accredited Portuguese -> English translators" team.
Only members of the team will be able to view and quote on the job. Further restrictions on who within the team may view and quote may be defined below.
---
So far I've had 6 quotes on the job posting from non-team m... See more I posted a second job private to my team as a test. When submitting the form Proz.com states:
---
Team private job
You are posting a job private to the members of the "Accredited Portuguese -> English translators" team.
Only members of the team will be able to view and quote on the job. Further restrictions on who within the team may view and quote may be defined below.
---
So far I've had 6 quotes on the job posting from non-team members and a couple of posts on this thread confirming the post has appeared in the general jobs feed.
Here is the post that you should not be able to see unless you are member of the team.
https://www.proz.com/job/1394882
Post here if you can see it.
It is set for Portuguese->English language so you may not see it in any case if that is not your language pair. ▲ Collapse
| | | | Suzana Silva
Brazil
Local time: 17:02
Ingiriisi to Portuguese
+ ...
| I also see the post | Jan 8, 2018 |
Hello, as long as I know I'm not on the team, even though I also can see the job posting in the jobs feed, and when I hit the link I read the following on the top of the page:
"Team private" job posting
The outsourcer has chosen to make this a "team private" job posting, accessible only to members of the "Accredited Portuguese -> English translators" team, and possibly only to a subset of those team members. You can access it because you are a member of that team, and are on ... See more Hello, as long as I know I'm not on the team, even though I also can see the job posting in the jobs feed, and when I hit the link I read the following on the top of the page:
"Team private" job posting
The outsourcer has chosen to make this a "team private" job posting, accessible only to members of the "Accredited Portuguese -> English translators" team, and possibly only to a subset of those team members. You can access it because you are a member of that team, and are on that list. (FAQ)
Maybe it appears to me because I'm a Portuguese->English translator
Regards,
Suzana Silva ▲ Collapse
| | | | Jack Martin 
Brazil
Local time: 17:02
Portuguese to Ingiriisi
I too can see the job.. It is in my language pairing, but I don't believe I am part of this team
| | | | | This bug has been fixed | Jan 8, 2018 |
Hello,
Thanks everyone for reporting and testing this bug. The bug has been fixed by now. "Team private" job postings will only be visible to members of the specific team it is aimed at, throughout the site. I apologize for the inconvenience.
By the way, I have now removed the job posting you made to test this bug.
Please let me know if you have any question or need anything else.
Best regards,
Alejandro
| | |
|
|
|
| Thanks - any progress on other team feature bugs? | Jan 11, 2018 |
Alejandro Cavalitto wrote:
Hello,
Thanks everyone for reporting and testing this bug. The bug has been fixed by now. "Team private" job postings will only be visible to members of the specific team it is aimed at, throughout the site. I apologize for the inconvenience.
By the way, I have now removed the job posting you made to test this bug.
Please let me know if you have any question or need anything else.
Best regards,
Alejandro
Thanks Alejandro.
I’ve made another job posting to the team and no non-team members have reported having seen it. I’m still not sure why notifications do not go to all team members.
The other bugs I have reported still seem to be there:
1. There is no link to upload files to the team. Has this function been removed?
2. I do not receive alerts when team members post to our private forum, despite setting to receive alerts.
Any updates appreciated.
| | | | | Progress so far | Jan 12, 2018 |
Hello Mike,
Thank you for bringing this up. After fixing another bug, notifications for your last job posting have been sent out. Notifications will be sent out to team members for future job postings, provided that the job posting requirements matches the information on their profile. Their notification settings also determine if they are sent notifications or not. You can see more information on how it is determined who is sent a n... See more Hello Mike,
Thank you for bringing this up. After fixing another bug, notifications for your last job posting have been sent out. Notifications will be sent out to team members for future job postings, provided that the job posting requirements matches the information on their profile. Their notification settings also determine if they are sent notifications or not. You can see more information on how it is determined who is sent a notification for a job posting here: https://www.proz.com/faq/8530#8530
Site developers are looking into the issue with forum notifications. I will post here once a solution has been found.
As for the feature to upload files to translation teams, I see that the feature is no longer shown in the "Team workspace" tab. I will explore if it is possible to have it restored.
Best regards,
Alejandro ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Security breach with team job postings (Staff: bug fixed) | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
| | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
