Sam Davyson

Univillage is the new social networking site on the scene standing as the only competitor for Facebook specifically for the college and university niche. A source has informed me that they received an email from Univillage when they hadn’t signed up, which gave them a password. Upon signing in with the details this student found a full account complete with someone else’s details.

This is clear incompetance on the part of Univillage. This is what must have happened:

• Andrea [the owner of the account whose details were exposed] signs up for a Univillage account.
• Univillage request a secondary email address on one of their forms.
• Andrea makes a mistake on the form and mistypes her address.
• Then Andrea forgets her password and triggers a lost password email to be sent to her email address (why it didn’t go to the primary I don’t know… perhaps it was sent to both).
• The result is that an Elsie [the real owner of the email address] gets an email from a company that she has never dealt with before revealing a password.

And when suspicious Elsie logs in with her email address and this password she finds all the details of Andrea. That is all the details… she is actually logged in as Andrea. I have contacted Andrea for comment on this story (at this time she is unaware of the issue) which will be published here when it is received.

Maybe Facebook wasn’t so bad after all?

For obvious reasons all names have been changed. This article is published with the permission of Elsie, and under the premise that it will help avoid more privacy exploits by the service in the future.