Mysterious Monday Email Explained
Dear Think Tank Community:
Thank you all for displaying your protective instincts of the Think Tank this week with your quick responses, analysis, suggestions and even your complaints.
Many of us received an ominous email on Monday directing us to change our passwords as part of signing up for a new forum. Since PMQ did not create a new forum, we knew that this email was unauthorized and highly suspicious so we immediately asked our community to ignore or delete the email until we could understand its origin.
Now that we have been able to discuss the problem with the sender (Website Toolbox) and they have been able to investigate the problem we know what happened.
Website ToolBox conducted an internal test which ended up sending an email to all Think Tankers who were active during December of 2013. The email was not part of a phishing scam as we had first worried nor was
PMQ.com or
WebsiteToolbox.com ever hacked. It was however, very unnerving for everyone.
In the enclosed letter at the bottom of this post, WebsiteToolbox admits that it made an inadvertent error, that it will delete any email information from PMQ ThinkTankers and we not be getting any more emails from them. At 8PM tonight, Daddio will also post his chat conversation with a member of the Website Toolbox team that he had with them last night.
So how did WebsiteToolBox get my email address?
In December PMQ began converting our old Think Tank to a new BBS developed by a highly regarded company called WebsiteToolbox. Since the Think Tank has been in existence since 1998, it had a very large and lumbering database which had already been reimported a few times. It was necessary to test to see if the Think Tank actually could be imported into the new system and we agreed to have Website Toolbox test the process. Although the test was successful we ended up going with XenForo because we thought it would be a better fit for our users. The data at this point should have been deleted but obviously was not.
Here is an explanation according to Website Toolbox>
Letter from Austin Walker of WebsiteToolbox. Friday October 3, 2014.
Hello Steve,
I have gone through the emails send by you and was able to find out that these emails were sent out to you while our testing team was trying to upload the data provided by you to the forum. I would request you to please ignore these emails and be rest assured that this will not happen again. We have also instructed our testing team not use the data send by you for any testing purpose again and delete all the data.
We understand that how sensitive it can be to your clients who are receiving such emails. I would like to let you know that the Website Toolbox will not rent or sell potentially personally-identifying and personally-identifying information to anyone. The information provided by you is only disclosed to the employees of the organization.
We apologize for all the inconvenience caused to you. Please contact us if you need any further clarification on this.
–
Regards,
Austin Walker
Team Leader - Customer Support
Website Toolbox, Inc.
Website Toolbox makes it easily to build an online home for your community. Effortlessly create, grow, and monetize your community with your own community platform. Engage in secure, private, organized discussions under your brand. Own your data and audience. Start your free 14-day trial of...
www.websitetoolbox.com
1-800-921-7803 extn: 104
09:30 AM to 6:00 PM EST, Mon-Fri
Thank you all once again for your concerns and comments about the security of the Think Tank.
How did PMQ respond to this situation?
Our first concern was to be alert our users of a possible scam and to ignore or delete the email. I then contacted Website Toolbox and got hold of our former representative there who finally put me in touch with Austin Walker. I sent the email to Austin Walker so that he could track down the problem and he provided us with an explanation and promise to not do this again. I do apologize that it took me an extra 24 hours to bring you this news as I had made an error in using a wrong email address.