Re: serious security issue #login


Chris Jones
 

On Sun, May 17, 2020 at 03:57 PM, Peter Cook wrote:
In response to replying to a group post, one of my members received this.
I may have overlooked something that someone has posted but IMHO the oddity in this case is that it was sent out when it neither needed to have been or should have been. As the link was applicable to the account of the person to whom it was originally sent  - albeit for reasons unknown and not obviously explicable - then there was no immediate risk to a member's security.

There is an argument that in forwarding the message with the link to an Owner or Moderator the member did risk compromising their own security, but that is not the same as Groups.io compromising it, but that forwarding is understandable if the member in question was genuinely puzzled by its arrival, which I think I would have been as well.

If the sequence of events was indeed as described in the opening post in this topic then surely the question is why did Groups.io send a log-in link to someone who had simply responded to a group message and had (we must assume) not requested such a link?

As far as I can see nobody has raised this point in their responses.

Chris

Join GroupManagersForum@groups.io to automatically receive all group messages.