Back in... again

[GraphicDisorder]

Imagine what could be done with this info.

[mk162]

Imagine what could be done with this info.

You aren't kidding, it's like a cold calling list.  You know what they get, what they pay and all of the contact info.

It's insane.

[rusty]

though some stuff comes up it looks like most of the info has been cleared from the breach.

[Raw Paw]

We got our first auto just over a year ago and it's a ROQ You 10/8.  It's a great machine.  Great tech support as well. 

PRU (pre registration) takes some dialing in and is really difficult to get to work as advertised if you are using film, if you're using DTS I've heard it is a game changer.  For film, it is advertised as you don't touch a micro 9/10 times, but should be advertised as it gets you 95% of the way there with registration.  We switched to getting all our screens from GSF so the frames would be identical (for the tri lock) and tension would be uniform, which has helped a lot.

We developed our own system before hearing about Printavo, all sales are processed through Quickbooks, and everything else is on Trello with Google Drive to hold files.  From people we've talked to running Printavo, our system works a lot better (and we're a tiny shop compared to most, 1 manual 1 auto).  It's also free

[GraphicDisorder]

Imagine what could be done with this info.

You aren't kidding, it's like a cold calling list.  You know what they get, what they pay and all of the contact info.

It's insane.

You could grab all the invoices, cold call, install some doubt about the other shop and under cut the price. Even better you could ignore the invoices of customers you see that wouldn't be worth it just cherry picking the good stuff. Hell you could offer them a free order just to get them to move over. Assuming your as good or better you just yanked a customer over.

[CBCB]

though some stuff comes up it looks like most of the info has been cleared from the breach.

ONLY if the Printavo user enabled the new feature that requires the user to put in their email.

But when they announced that feature they didn’t say a peep about why they built it.

So very few people realize that it will remove their results from Bing because they don’t even know their data is on Bing because Printavo refuses to notify users.

[CBCB]

How did you remove your info from the Bing search?

The problem is they don’t think they had a security breach, even though it was originally their code (or lack thereof) that allowed the pages to be scraped in the first place.

They seem solid on blaming Bing.

Despite me showing that I removed my own info from the results in minutes. So they could do the same for users in bulk.

Or at least tell them about it and let us figure it out.

But no their attitude about it has been really sketchy. They don’t take it seriously enough at all.

Imagine you had a client with 1mil followers and your company just put their home address on search engines. True story about a Printavo user. You can even pull printavo staff personal info off the searches.

I would much rather they get my 3% than someone else too but not giving the choice was a huge issue with the first announcement. Especially since they will still support and maintain it but won’t let everyone use it. That’s what makes it feel shady.

Ask Printavo for my solution, I’d be interested to hear what they say. I shared my method on the Printavo group on Facebook.

Basically I duplicated the orders and deleted the old ones.

The point is Printavo could change/break the links and it gets wiped from Bing almost instantly. They know this and haven’t offered it a solution.

Hell, my thread was deleted from the Facebook group.

They want security through obscurity, rather than to notify users or actually take care of it.

If you can’t tell, I’m pissed about it still.

[Lizard]

I'm not a fan of cloud anything.  Accounting, data, scheduling system, anything that can disrupt our work flow is internal.  Except e-mail.  And, well, Rackspace got hit yesterday.  So until they pay the ransom or rebuild the system we have to switch to a different email.  We can function but still a disruption.

[Admiral]

It’s not a rumour. Full invoices with customer data are still sitting online for all to see.

Also for many, the ‘grandfathered’ plans that would be honoured ‘indefinitely’ went from $99 to $399. Way more than an extra $50.

Plus the price acquisition by a venture capital firm.

Not to mention the new payment processor announcement forcing people to use their system.

They’ve got plenty of resources so hopefully we see some positive progress.

This isn't just that they are viewable by anyone with the link, to possibly approve invoices from the customer? Seems like that should be a temporary publicly viewable link, not permanently...
https://support.printavo.com/hc/en-us/articles/1260804484490-Quotes-Invoices

Being able to find random ones online is definitely wrong either way though!

[GoWestRob]

I looked up some invoices on Bing to see what you guys were talking about - there it is in plain sight, a competitor's pricing, customer contact info, payment status, mockup approval...way too much info to have out in the open for anyone to see.  Completely unacceptable for that to still be viewable for however long it has been.  I'm shocked it wasn't an 'all hands on deck' situation at Printavo, like set up a team to focus on it until it's done.  I love the Podcasts, they seem like good guys, but wow that's a huge deal to just sweep under the rug.

[CBCB]

I looked up some invoices on Bing to see what you guys were talking about - there it is in plain sight, a competitor's pricing, customer contact info, payment status, mockup approval...way too much info to have out in the open for anyone to see.  Completely unacceptable for that to still be viewable for however long it has been.  I'm shocked it wasn't an 'all hands on deck' situation at Printavo, like set up a team to focus on it until it's done.  I love the Podcasts, they seem like good guys, but wow that's a huge deal to just sweep under the rug.

It was all hands on deck to remove the posts from Facebook and defend themselves. I’m surprised they haven’t chimed in here yet to say it’s all Bing’s fault.

[mk162]

I looked up some invoices on Bing to see what you guys were talking about - there it is in plain sight, a competitor's pricing, customer contact info, payment status, mockup approval...way too much info to have out in the open for anyone to see.  Completely unacceptable for that to still be viewable for however long it has been.  I'm shocked it wasn't an 'all hands on deck' situation at Printavo, like set up a team to focus on it until it's done.  I love the Podcasts, they seem like good guys, but wow that's a huge deal to just sweep under the rug.

It was all hands on deck to remove the posts from Facebook and defend themselves. I’m surprised they haven’t chimed in here yet to say it’s all Bing’s fault.

So put all the effort into removing bad press vs. fixing the problem. Makes sense

[CBCB]

So put all the effort into removing bad press vs. fixing the problem. Makes sense

Haha, yes. I believe it’s called ‘security through obscurity’. Not the most effective stance to take but I’m just an ink slammer, what do I know?

[ebscreen]

For anyone in a similar situation you have to disallow directory access in your .htaccess. Very simple.
Relying on a noindex/nofollow is mega dumb dumb. You think Yandex cares about noindex? Yandex doesn't care.
And neither does Bing apparently.

[CBCB]

For anyone in a similar situation you have to disallow directory access in your .htaccess. Very simple.
Relying on a noindex/nofollow is mega dumb dumb. You think Yandex cares about noindex? Yandex doesn't care.
And neither does Bing apparently.

Yeah I tried to explain this to Printavo and they kept going back to blame Bing and Google in regards to no index.

Forget that crap, you can block the crawlers completely as you just suggested.

Their engineer guy did say it stemmed from improper/missing code. So it is even more annoying that they know they’re responsible but aren’t scrambling to fix it.

I broke all my links. Surely they can do it too.