Page 2 of 2
Re: Bug causes inadvertent security notification emails
Posted: Sun Jun 10, 2018 7:44 am
by Steve Sokolowski
qosmio wrote:1st this happened to my was in april 2018, I had not 2fa enabled and got back into my account after 3 days and I lost one payout because the address was changed, I fixed all back and enabled 2fa, yesterday 8jun18 it happened again and I could not get back into my account since 2fa did not send me the code to login. so I have to move my miners to another pool since I cannot use my account anymore and not want to mine and someone else get my payout. Can you fix my account so I can use it again? account: qosmio
Did you see what I posted in the chat yesterday? This site doesn't send two-factor authentication codes, over SMS or through any other method. To view a two-factor authentication code, you need to open the Authy app.
Is it possible that you are confusing this site with another one?
Re: Bug causes inadvertent security notification emails
Posted: Sun Jun 10, 2018 7:49 am
by Steve Sokolowski
bachel wrote:Steve Sokolowski wrote:bachel wrote:
So the 20 others in the chat this morning with the same problem all got fished ?
fished?
If you mean "phished," as in someone stealing information, then the answer is no. There were no systemwide hacks.
So why did so many payout addresses get changed ?
Miracle Hack or Devs who develop on a live system without testing anything before hand ?
Again, there was no "hack." No payout addresses were changed by anyone else than by the owners of the accounts. As the description indicates, the scope of the issue is solely limited to a delay in notifications.
Testing was performed just like it is with all other changes and no known bugs were present at release time. I don't believe there has ever been a release issued where a bug was discovered in something that underwent testing.
Bugs occur upon release because it is impossible to foresee all the things that need to be tested. In this case, nobody considered that an invalid E-Mail address would be entered. Unfortunately, there is no logic or procedure that can be applied to come up with ideas of how the system might be used once deployed.