I needed some art work for a current project – so I decided to give fiverr a try. And – of course – every new website is looked at with the eye of an IT security professional. I am no longer a fiverr member. Why?
After registering I started to browse the categories, listened to a few voice impersonators and contacted a number of sellers. Suddenly I realized that my password was displayed in the top menu line. Bummer.
I immediately tried to file a bug report – but the form refused to complete the post because I didn’t have an “order number”. So – I posted a screen shot to @fiverr on Twitter. No need to panic. After all my password was only displayed to me. Not nice but also not a panic mode error. Case closed? Not so fast. I received a reply from one of the sellers – addressed to “Dear my password” . I am not kidding you. Fiverr confused a user name with my password.
Now *that* is what I call a panic mode error. The username / password was most likely displayed to all contacted sellers and maybe even in lists. I deleted my account and again posted a screen shot to @fiverr. They answered and asked to file a bug report on the above mentioned page. On my question in regard to the “order number” they replied:
So – I tried again. No luck.
I don’t know if fiverr contracts his support on a $5 basis. Obviously they don’t know what they are talking about.My suggestion: Hire a security professional. Until then I won’t use this service any more.
Thank you very much.
Update -1- : I received an email from Mark(Fiverr Customer Support). He wrote “I assume that you have made the same mistake as I have when opening your account (I can see you are a new user). You as well as I did not notice when to switch to password so your password is displayed as your username 🙂” ..
If you don’t understand – well – you’re not alone.
What I Do understand is that: I am to blame. Always good to blame the user. But anyway. There seems to be a very clever functionality within Fiverr that uses your password as your default user name. And even Mark from Fiverr Customer Support tapped into that very clever function and had his password distributed widely.
“And I regret to inform you that you cannot change your username. You can, however, close your account and create a new one.“
That is soooo cool. Though I can’t change my password generated user name, I actually can close my account. But ..
“You can open a new Fiverr account after that using a new username but you’ll need to use a different email address upon signing up.“
So – they keep my email-address after I closed my account? Why? Closing an account means: I don’t want to have anything to do with you any more. Delete my stuff. But again – I am probably to blame.
Because I signed up with them in the first place.