{"id":54,"date":"2008-08-27T02:38:03","date_gmt":"2008-08-27T07:38:03","guid":{"rendered":"http:\/\/acro.net\/blog\/2008\/08\/27\/sedo-fixes-half-the-problem\/"},"modified":"2008-08-27T02:50:25","modified_gmt":"2008-08-27T07:50:25","slug":"sedo-fixes-half-the-problem","status":"publish","type":"post","link":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/","title":{"rendered":"Sedo.com scrambles to patch data breach but concerns still remain"},"content":{"rendered":"

Less than 24 hours after introducing a series of features that exposed seller data to anyone with the will to acquire it and basic scraper-scripting skills, Sedo.com changed the way the “Meet the seller” link functions.<\/p>\n

In a dry and short statement<\/strong><\/a> issued on DNForum, Sedo’s Customer Relations Associate Monica Ibrahim said:<\/p>\n

“As a quick FYI, our tech team has made sure to remove all personally identifiable member ID data from the Seller’s Activity Index. We apologize for the initial issue. Please note that member IDs are not present in the Seller Activity Index or on the Domain Portfolio Links (which can be deactivated if you wish as mentioned earlier)”<\/p><\/blockquote>\n

Prior to this statement, Sedo vehemently denied<\/strong> that any privacy breach had taken place while maintaining their position that the newly introduced features will benefit the sellers and buyers that use Sedo.com as their domain marketplace.<\/p>\n

Indeed, Sedo programmers scrambled to change the database interfacing from using an open sequential id to a hashed (encoded) string unique for the period of time the user clicks on the “Meet the seller” link. Upon my suggestion that Parked.com should offer assistance to the Sedo.com programming team, Donny Simonton exclaimed:<\/p>\n

“I wish we could offer some help. As a programmer I do understand what they are trying to do. They are being lazy, been there many times. I would think they could easily change it to a md5 hash of the id + the domain or something similar. Something that can not be reversed.”<\/p><\/blockquote>\n

Despite the fact that these changes were quickly implemented upon my public announcement of how exposed the seller info has been, Sedo has yet to fix the way their auctions are referenced, using the same non-hashed open id. Currently, all 39,000-something completed and on-going auction pages are exposed to scraping by data miners.<\/strong><\/p>\n

Most importantly, Sedo has not changed the way the new features are utilized under a user’s profile: the user’s country location, seniority at Sedo, arbitrary ratings (zero to five stars) as a seller and a buyer and how long a particular domain has been at Sedo – all these are openly available to any logged-in user, without permitting the account holder to turn these features off.<\/strong><\/p>\n

Sedo has so far kept a low profile on the matter, but the reaction of the serious, active traders has been sharp and full of negative criticism towards the way that Sedo has decided to shove down the throat of users these new features. With offices in the UK and Germany, Sedo is challenging a series of strict laws protecting the privacy of individuals and corporations; stricter than US regulations about personal data safekeeping. Meanwhile, Sedo has stated that if a user decides to leave the Sedo selling platform and delete their user profile, their data remains with Sedo indefinitely. This has serious implications for any potential data breach in the future: user accounts contain a lot of financial and other private information and Sedo’s programming methods reveal a lax approach to security.<\/p>\n

Keep contacting Sedo via the email support@sedo.com<\/strong><\/a> and their support hotline at (617) 499 – 7200<\/strong> (keypress 3) to voice your opposition to the lack of an ON\/OFF switch for the newly introduced features.<\/p>\n","protected":false},"excerpt":{"rendered":"

Less than 24 hours after introducing a series of features that exposed seller data to anyone with the will to acquire it and basic scraper-scripting skills, Sedo.com changed the way the “Meet the seller” link functions. In a dry and short statement issued on DNForum, Sedo’s Customer Relations Associate Monica Ibrahim said: “As a quick […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,3,4,25],"tags":[115,117,1189,29,114,116,118,113],"class_list":["post-54","post","type-post","status-publish","format-standard","hentry","category-business","category-domains","category-ppc-companies","category-social-issues","tag-data-exposed","tag-data-mining","tag-domains","tag-ppc","tag-privacy-breach","tag-scraping","tag-sedo-auctions","tag-sedocom","entry"],"yoast_head":"\nSedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas\" \/>\n<meta property=\"og:description\" content=\"Less than 24 hours after introducing a series of features that exposed seller data to anyone with the will to acquire it and basic scraper-scripting skills, Sedo.com changed the way the “Meet the seller” link functions. In a dry and short statement issued on DNForum, Sedo’s Customer Relations Associate Monica Ibrahim said: “As a quick […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/\" \/>\n<meta property=\"og:site_name\" content=\"Acro.net - A Domain Investing Blog by Theo Develegas\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-27T07:38:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2008-08-27T07:50:25+00:00\" \/>\n<meta name=\"author\" content=\"Theo Develegas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Theo Develegas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/\"},\"author\":{\"name\":\"Theo Develegas\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\"},\"headline\":\"Sedo.com scrambles to patch data breach but concerns still remain\",\"datePublished\":\"2008-08-27T07:38:03+00:00\",\"dateModified\":\"2008-08-27T07:50:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/\"},\"wordCount\":554,\"commentCount\":1,\"keywords\":[\"data exposed\",\"data mining\",\"Domains\",\"PPC\",\"Privacy breach\",\"scraping\",\"Sedo auctions\",\"Sedo.com\"],\"articleSection\":[\"Business\",\"Domains\",\"PPC Companies\",\"Social issues\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/\",\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/\",\"name\":\"Sedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#website\"},\"datePublished\":\"2008-08-27T07:38:03+00:00\",\"dateModified\":\"2008-08-27T07:50:25+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/sedo-fixes-half-the-problem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/acro.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sedo.com scrambles to patch data breach but concerns still remain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/\",\"name\":\"Acro.net - A Domain Investing Blog by Theo Develegas\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/acro.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/acro.net\\\/blog\\\/#\\\/schema\\\/person\\\/9c9625f061a0e603a87f5bf0f6f781fe\",\"name\":\"Theo Develegas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g\",\"caption\":\"Theo Develegas\"},\"description\":\"Theo Develegas - News and opinions on domain name investing, brand development, design, and the occasional rant or two about life's challenges. Founder of Acroplex LLC.\",\"sameAs\":[\"https:\\\/\\\/acro.net\",\"https:\\\/\\\/x.com\\\/acroplex\"],\"url\":\"https:\\\/\\\/acro.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/","og_locale":"en_US","og_type":"article","og_title":"Sedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas","og_description":"Less than 24 hours after introducing a series of features that exposed seller data to anyone with the will to acquire it and basic scraper-scripting skills, Sedo.com changed the way the “Meet the seller” link functions. In a dry and short statement issued on DNForum, Sedo’s Customer Relations Associate Monica Ibrahim said: “As a quick […]","og_url":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/","og_site_name":"Acro.net - A Domain Investing Blog by Theo Develegas","article_published_time":"2008-08-27T07:38:03+00:00","article_modified_time":"2008-08-27T07:50:25+00:00","author":"Theo Develegas","twitter_misc":{"Written by":"Theo Develegas","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/#article","isPartOf":{"@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/"},"author":{"name":"Theo Develegas","@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe"},"headline":"Sedo.com scrambles to patch data breach but concerns still remain","datePublished":"2008-08-27T07:38:03+00:00","dateModified":"2008-08-27T07:50:25+00:00","mainEntityOfPage":{"@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/"},"wordCount":554,"commentCount":1,"keywords":["data exposed","data mining","Domains","PPC","Privacy breach","scraping","Sedo auctions","Sedo.com"],"articleSection":["Business","Domains","PPC Companies","Social issues"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/","url":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/","name":"Sedo.com scrambles to patch data breach but concerns still remain - Acro.net - A Domain Investing Blog by Theo Develegas","isPartOf":{"@id":"https:\/\/acro.net\/blog\/#website"},"datePublished":"2008-08-27T07:38:03+00:00","dateModified":"2008-08-27T07:50:25+00:00","author":{"@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe"},"breadcrumb":{"@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/acro.net\/blog\/sedo-fixes-half-the-problem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/acro.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Sedo.com scrambles to patch data breach but concerns still remain"}]},{"@type":"WebSite","@id":"https:\/\/acro.net\/blog\/#website","url":"https:\/\/acro.net\/blog\/","name":"Acro.net - A Domain Investing Blog by Theo Develegas","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/acro.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/acro.net\/blog\/#\/schema\/person\/9c9625f061a0e603a87f5bf0f6f781fe","name":"Theo Develegas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6794630c371bee89f2b833c1f4b777d9ba75767b217c8fce2cfd6e6d7d90960d?s=96&d=mm&r=g","caption":"Theo Develegas"},"description":"Theo Develegas - News and opinions on domain name investing, brand development, design, and the occasional rant or two about life's challenges. Founder of Acroplex LLC.","sameAs":["https:\/\/acro.net","https:\/\/x.com\/acroplex"],"url":"https:\/\/acro.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts\/54","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/comments?post=54"}],"version-history":[{"count":0,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/posts\/54\/revisions"}],"wp:attachment":[{"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/media?parent=54"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/categories?post=54"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acro.net\/blog\/wp-json\/wp\/v2\/tags?post=54"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}