No announcement yet.

vBulletin Account Info Change Request Insecure!

  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin Account Info Change Request Insecure!

    This is the most ridiculous process I've ever seen to change an email address. I have had to answer 3 emails so far and the process is not complete.

    Now I'm being asked for all my personal information via email which is insecure and a security risk.

    This process is not safe nor is it convienient!

    But, you took my money without running me in circles!

    Also for added security, please respond with the following information from when you ordered vBulletin so that we can verify this request:

    - Your name
    - Email address
    - Billing address
    - Telephone number
    - Approximate date of purchase
    - Type of license (owned or leased)
    - The answer to the security question
    - URL of forums
    - Order Method (CC, Paypal, etc)
    Best regards,
    Martin Erwin
    Support Team, vBulletin
    Have you not heard of Identity theft? This is absurd!
    Last edited by noppid; Thu 5 Jan '06, 5:28am.
    Computer Help Forum
    An informed rider makes their first destination the motorcycle forum at rider info.

  • #2
    Well what do you suggest they do?


    • #3
      We already have all these details on file and we've had cases where someone gains access to an email address and steals licenses etc. What better way to confirm than with the details you purchased it with.
      Scott MacVicar

      My Blog | Twitter


      • #4
        If you'd like, they can set it up so you only need your e-mail address and someone can steal your license...


        • #5
          We first allowed people to change their own details, this led to huge amounts of fraud.

          People would buy with person X's credit card and then sell it to someone via paypal on Webhosting Talk or a similar place for a smaller amount, the end result was we got a chargeback and someone else lost some money.

          We then required you to email to have your license changed, we then had cases of people emailing us through either a hijacked email account or fake email headers to get it changed.

          The final step we had to do was to verify as many details as possible though reading over the list it does some a bit excessive. I shall point Steve in this direction.
          Scott MacVicar

          My Blog | Twitter


          • #6
            Well in a way I agree with noppid. Lets say you change your email often since I wouldn't feel safe with say a email such as hotmail. I'd probably go with my ISP however, people change here and there with tons of ISP's out there. Therefore identifying yourself over and over again with all that private info above can be annoying at times. I'd say mabye vB should setup a legal document where the customer has an option to signup and either say if my email is hijacked it's not vB's fault and another vice versa.

            I agree though I've changed my email twice due to ISP reasons I have changed from 56K twice and now DSL finally. In the end it's vB's decision as either way is good and bad. It just depends on what people think and prefer because you are protected a little better this way.
            Last edited by FreshFroot_; Sat 7 Jan '06, 5:54pm.


            • #7
              noppid: The money you pay to Jelsoft is to get a license to run the product on your web site. I do not see why you use it as argument in your first post.


              • #8
                By the way.... If you ask for support via the member's area or your registered email address and we need to verify for some reason, the email you get is below:
                In order to locate and/or change the contact info for your license, I first need to verify that you are the proper license holder. Please respond to this ticket with the following info:

                - Your current customer number
                - The first 4 characters of your password
                - The answer to the security question:

                <question here>

                If you do not know your customer number and password, you can request it be sent to your email address using this form:

                The requirements listed above, in Noppid's post, are if you access from an outside and non-registered email address and we have no connection to an account. The information required of companies is no less than what would be required if you called up your utility companies to change your service. Not only is it to verify your identity but to make sure we are working on the correct account.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.


                • #9
                  The longer list is used when the request comes from an email address that is not on file for this license. We do understand and appreciate that this can present an added burden, but frankly if you knew how often people unwisely share their license info with 'friends' who then try to steal the license, you'd be amazed. One or more fraudulent requests per day is not uncommon.

                  In the end we decided that we need to do everything reasonable to protect our customer's rights and property. And asking for verification info only they should have is the best way to do this.
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography

                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.