How did I get logged in on to another person´s account?
October 10, 2008 5:23 PM   Subscribe

How did I get logged in on to another person´s account?

I was looking at (that´s why the anon), trying to see if there were any promising MOTAS so I can know if I should bother signing up. I can´t do much not being a member, can´t see much on searches, free membership is offered to me. At the same time I´m also using other firefox tabs. I tab back to the site and see that I´m logged in as a paid ´gold member´, a man at a city far from mine. I can see his private messages to and from members, when his membership expires, the last four digits of his credit card number, all the things that a man should only see if he logs in himself.

How could this have happened? No one else has had access to this computer, bought new at a reputable store.

Is there a security problem with my computer I need to fix? I´m running linux off the shelf on an Eee PC, encrypted wirelesss network to my own DSL connection.

What should I do, if anything? I know I can delete cookies and this account won´t come up, but is it a symptom of a bigger problem?
posted by anonymous to Computers & Internet (8 answers total)
My speculation would be that it's a serious flaw in fastcupid's session management an that they assigned you the session id of an existing session.

If I had the experience you describe, I would have no worries that it represented a problem with my own computer (I say this is a moderately paranoid web programmer.)
posted by Zed_Lopez at 5:46 PM on October 10, 2008

Seconding Zed_Lopez. And in all likelihood they were scrambling to fix the problem as you experienced so you're unlikely to see it recur.

Having said that it would be kind of you to report it as they _may_ not know it's happening and it's just possible your report will reach the ears of someone who understands the significance of what you're telling them.
posted by southof40 at 5:58 PM on October 10, 2008

How are you connecting to the Web? At work? Your company might have some weird caching going on. At my last company, everyone suddenly found themselves with access to my account.
posted by Cool Papa Bell at 6:16 PM on October 10, 2008

How could this have happened? No one else has had access to this computer, bought new at a reputable store.

Hm. How recently? "New" doesn't mean someone didn't log in to check their fastcupid mail or whatever, once?

Without deleting the cookie, check the date it was last set/changed. That will help.

CPB's guess is also good if this was done from work (or an internet cafe). Is this an HTTPS connection?
posted by rokusan at 6:22 PM on October 10, 2008

This could very easily have been the result of poorly-configured ISP caching. Using HTTPS should in theory eliminate the possibility of it recurring.
posted by dhartung at 2:13 AM on October 11, 2008

I have seen the same thing as Z_L is describing, that their session managemnet is awry. Imagine you went to a deli, and you had to take a ticket and wait in a queue. But, their ticket machine is not programmed right, and sometimes it gives 2 people the same number. Well, then when they call your number, you might get another man's meat.

Which is what is happening here, no?
posted by mjg123 at 10:46 AM on October 11, 2008

And, as southof40 says - if I were responsible for this site, I'd appreciate an email...
posted by mjg123 at 10:48 AM on October 11, 2008

As both a member of a fastcupid site and a web devloper, it doesn't shock me to hear that. The site barely works as on good days. It's most likely the result of sloppy session handling.
posted by specialfriend at 11:01 AM on October 11, 2008

« Older Can you find Night Owl, by Bobby Loveless?   |   Horseback riding for big kids Newer »
This thread is closed to new comments.