Chowhound down evening of Jan 21 - returns giving me access to another user's profile
Around 8pm yesterday evening (EST) I started experience issues accessing CH. My Profile page wasn't loading and then when it did load, I'd been logged out. When I attempted to login again I rec'd a message on the login page advising of an "unexpected error" Finally, the site went down all together and I wasn't able to access any area of Chowhound, pages wouldn't load, the screen was white.
I could access the chow.com home page (the page would load) however clicking on any link took me to a blank (white screen) page.
The "Trending Now" info on the chow.com home page was static.
Later in the evening when I clicked on my own bookmark for my Profile page, the profile of another user loaded.
I find it disconcerting that I was given access to someone else's profile and would like to understand why this happened and what is being done to protect the information that we provide on this site.
We did have a site outage yesterday from 4:30pm to 7:40pm PST.
During a site outage like that, chowhound becomes inaccessible. For chow.com pages, we use a service that caches copies of the pages throughout the day, and serves those pages if our server is not responding. So you are able to visit chow.com pages that someone else has visited recently.
When this happens, the cached image of a page includes the username in the upper right-hand corner. This unfortunately creates the false appearance that you are logged in as someone else. In fact, that is not the case, and you are not reaching our servers at all in such a case as they are down. I agree with you 100% that this is disconcerting, and it's something I do want to improve. I want to assure you that you are not actually logged in as another user in this case and nobody else is logged in as you.
The bottom line however, is that we take multiple steps to protect your data. We take this very seriously. We believe that your data is appropriately secured, and we are rolling out additional security measures as extra protections later this week.
I should also note that the only personal data we save is your e-mail address and password. You e-mail address is never revealed to other users. Your password is never visible to anyone, including our top engineers. We can give you the opportunity to reset your password, but even we could not read your password if we wanted to.
I hope this helps clarify a bit.
Well you received your answer it seems you were not privy to anyone's information. Not to dismiss your concerns I just don't share in them this isn't my online banking what ever information or changes someone could make could all be repaired. I have nothing of vital importance and even have my email open to the public on my profile. But as said no need to worry nothing was breached.
I found the site down earlier than you. I couldn't log in, but could get access to one of the CHOW pages.
Later when I tried to log in again, I was shocked to see that I was logged in with another member's name and could access all of their posts.
I quickly logged out as to not invade privacy. I wonder if I could have actually posted under their member ID.
Later in the evening, things returned to normal.