aag

Wow! It’s like something from a movie where a list of undercover agents is stolen by bad guys!

It’s easy for me to say don’t worry about it, since my secret identity is relatively safe and exposure wouldn’t really have a negative effect on my life - but I’m still glad that this was discovered and taken care of.

Have you heard anything from those foolish employees?

This is exactly why companies should hire competent computer security people. That same no-security mind-set may very well result in “password” as the administrators password and open the company up to all sorts of security/financial risks via easy accessibility from penetration.

You = Great writer, attractively designed blog, very smart and full of common sense. Also, honest and hard worker.

Them = Website developers, designers, IT guys/gals, well versed -professionally- in internet security.

My point is this - If you make useful bars of lead that are later turned into (in seemingly unskilled and less cautious hands) bullets, no one in their right mind would haul you in for shooting someone. Don’t lose sleep over it - this is not a “your bad” kind of situation.

In no way do I hold you responsible.

As a matter of fact, I am sure this would have never happened IF you were still with them.

I have made my views known to EF. I still can’t believe they haven’t paid you. You brought more credibility to that organization then they will ever be able to build with me–especially after this incident.

And besides…who would school me in glass dildoes??

or is that dildos?

So confusing…see!

I have emailed the company in question and made it very clear that I have no desire to have anything to do with them in the future, why that is so, and that I want as much of my profile and review information removed from the site as is possible.

AAG, none of the blame for this rests with you. At all! But I do surely appreciate hearing things from your formerly-inside position. *hugs*

xx Dee

Thank you for posting this. Please don’t feel bad. You have been super responsible about this.

Doll, this was not your fault. I don’t think anyone will or should be upset at you. Quite frankly, I’m furious with EF. I have still not gotten a reply from anyone I emailed about this. A forum post with blatant lies is and unacceptable form of communication. I have emailed them again, and I’m hoping to get a response, and have them take all my information off their site, and delete my affiliate account in a reasonable time period. (read, tomorrow by the end of the work day.)

Also, I think their misspelled name is stupid anyway. WTF? Fantasys?

Honey, I don’t think anyone holds you responsible. I know I certainly do not. The blame here lies with EdensFantasys, pure and simple.

And I can’t believe they still haven’t paid you. What fucking stupid ass morons.

Well, given the recently realized issues in that company, is it really such a surprise that they weren’t responsible with the information? This is just another level of suckiness to the sorry tale of you trusting an employer to act professionally. It’s sweet of you to apologize to those who THEY exposed, but I hope you won’t wallow in it.

Stand up thing to do letting your readers know. Others may have just walked away playing dumb.

-C4rnal

Don’t be their scapegoat again….

Kisses
B

This certainly isn’t YOUR fault. I kind of take the attitude of most things on the internet don’t stay anonymous forever, but that said, I don’t want a bunch of people having my home address and THAT squarely falls on the company’s shoulders, not yours.

My question to EF was, how long was it public? Hours? Days? That will have a lot to do with the amount of damage done.

Again, not your fault.

This is not your fault, but there is a lesson to be learned.

I’m not the MOST internet-savvy person on earth, but I believe the problem lies with using a Google product. They are an on-line service and they are in the business of information-gathering. If the spreadsheet had been created in a program like Excel and stored on a hard-drive on a company computer, it could have been protected by a firewall.

I had a very interesting conversation once with someone who worked for Google. He told me “Google is NOT your friend”. If you are using a Google calendar or any of the other handy services that company provides, do not put anything in there you wouldn’t want made public.

I will agree with everyone else here and say it is not your fault…… :(

You’ve gone above and beyond in your concern for your friends and readers when others might have done nothing. Thank you. :)

Oh shit. Well I’m glad I used a P.O. Box for my Eden address, but my real name exposed! That’s really bad for me.

I know, and I feel dreadful. Email them. They have promised that they will contact everyone who was on the list. –aag

I am sorry, AAG; you do bear some culpability for the breach. Not so much for the information you compiled, but the medium you used to compile it; Google Docs.

Google Docs is a great tool for COLLABORATIVE EFFORT, not so much for information that you need to keep secure. Anybody who can see a Google Doc can edit and/or disseminate it. it lives “in the cloud”, where nobody has complete responsibility to keep the data secure. Google Docs are for spreading information around, If you don’t want to have the info spread around, then DON’T PUT IT IN THE CLOUD!

To keep something confidential, then put it in a location that YOU control. On your PC, for example, on on a flash disk that you wear on a chain around your neck.

You collected private data. You stored it insecurely. You didn’t know that someone would sneak in or hack in or just wander in and see the secrets, but the secrets are out because they were never properly locked away.

I’m sorry, but the truth must be said lest others among us not learn the lesson; DON’T PUT SECRETS IN GOOGLE DOCS.

How do we know if our own information was compromised? I used to write reviews for them, so I am worried that my information was on that sheet.

You can email and ask them. But unless you agreed to do reviews on your own blog — and if you provided that information through me — then you almost certainly were NOT on the list. –aag

You have naturally put a benign interpretation on your former employer’s actions, but I think we all know that a more cynical one is also tenable.

Who’d have thought that one man could do so much potential damage to his company’s reputation? Mind you, over here in the UK one man virtually ruined his own major company though similar hubris - just look on Wikipedia for Gerald Ratner.

This whole thing is just ridiculous. How can a company survive when flanked with such stupidity??

Can you recommend a new site or two that you like for online shopping? I just don’t feel right going back to Eden after all of this and I don’t really know any other companies.

Babeland would be my top recommendation.

Yeah well I am sure I am on the list, and want to be off the list. They promised they would contact everyone but they should have done that rather than write a collective warning on a forum post. We do deserve better than that. And now if we ask to be off the list, and removed from the site, who knows if the information will actually be removed?

And sorry, I have to agree, google docs is not the smartest medium but then like you said, lesson learned.

Thank you for your apology. I think I deserve it. I _did_ trust you to safeguard my privacy, and I think your lapse was equivalent to EF’s, in this instance, if not greater.

Whatever your boss asked of you, you should have declined to compile this information for him in this way. Information about RL identities and cyber contact information should not have been in the same document, period. It shows incredibly poor judgment to turn over that information to _any_ organization. Certainly, it was a bad idea to hand it over in such an obviously insecure format.

I gave my information to you because I have seen how scrupulous you are in protecting your own identity. I wish you had been as careful in protecting others’.

Perhaps now, “lesson learned”, one thing you could do for the good of your readers and fellow bloggers is to share the knowledge. How about writing a big fat post about the risks of keeping private information on GoogleDocs? That would be a genuine public service.

Good idea. And again, my most sincere apologies. I’m emailing you now… –aag

That stinks, but all of your behavior seems to be above board here!
On that note, report this to Google because unless someone actively made the document public no one but the listed people should have access to the document. Google would definitely have an interest in correcting a problem (if there is one, not just human error) to keep all of our data private! Google has simple settings that allow others to view the document without making changes, or without being able to share the document. I have never had any problems with leaking private information, even while sharing work documents with 10+ people.

To be a devil’s advocate: The problem may well not be with google docs, but with how much we trust people with whom we share our docs. A boss SHOULD by any reckoning, be someone we can trust with private data. In fact, Google docs may have been the best format for this private info. After all, if you had sent him a hard copy he would still have it and could disseminate it any way he liked. With cloud computing you retained the ability to delete the information.

don’t be so hard on yourself… How could you have known this would happen?

I disagree with Sera on this one. It’s not your fault that your boss chose Google Documents to store spreadsheets with sensitive information. Password protection would have been appropriate, though. I don’t think that most people assume that the information stored on Google Docs is available to anyone but the people who are specifically designated and given access. Please don’t blame yourself; this was not your fault.

Yikes!

I agree, AAG; you were “caught between a rock and a hard place”, and you had no reason to suspect that the info would be leaked or abused.

That said, however, the very fact that information is compiled into an easily-accessible form seems to make the information, like Sauron’s Ring of Power, try to escape. How else to explain the dozens of examples of databases that seem to leap out of cars, briefcases and handbags to escape? The British National Health Service compiled databases of every child in the UK who is enrolled in the NHS (that is to say, ALL of them), burned it to CD and mailed the disks to… god knows where, because the NHS doesn’t. Several American health care companies have lost or “misplaced” data files. A TSA laptop containing all of the security protocols for most US airports is “missing”. Major department store chains have “inadvertently” posted their customer files, sometimes with credit card numbers, on public FTP sites. A major mail-order pharmacy is fighting a million-dollar blackmail threat to release names, credit card numbers AND prescription info for some huge number of users. Imagine how embarrassing THAT would be.

The purpose of this litany is to assure you that you are neither the first person nor the last to contribute, however slightly, to a security breach. Forgive yourself, and try not to let it happen again.

Personally, I think almost no digital information is private these days. Lord only knows what’s out there about me through my on-line purchases and charity donations, blog reading/writing, email servers, debit-card purchases, on-demand cable TV purchases, and interactive websites.

Google yourself — real name. You’ll find out only a little of your life that’s held publically. There’s lots more stored in Federal/State/insurance/medical/banking/commerce computers.

You want it private? Use your own computer, but store the data on something removable (CD, flash drive, etc) that your can physical detach from the omnipresent internet.

Honestly, I think that everyone who’s been less than supportive of AAG through this and has chastised her in their replies needs a big ol’ kick in the bottom.

I can’t say I’d be too thrilled if my name and address and other personal info was aired on the internet for anyone to see, but those of you who are worried that this leak might affect your ultra conservative lifestyle (work, or family) really need to stop a second and think…

You’re reviewing sex toys for an online company, you’re writing about your sex habits/practices/whatever in an unsafe medium. Not in some little diary that’s sitting on a back shelf in your room… but on the internet. If you were that worried about your privacy and the safety of your identity, perhaps YOU should not have put it at risk in the first place if you couldn’t deal with the possibility that you might be “exposed” at some point.

AAG, you’re a wonderful person for stepping up like you did, and I think the blame doesn’t rest anywhere near your shoulders the way some have implied, it rests firmly on your former employers. Be well!