Skip to Content
sitenum=27
What's new with the Web Action Team
Survey Email Issue
  • Author: Dave Krause
Published on: December 16, 2013

On Friday, December 13, 2013, the ANR Survey and Registration tool was spammed by an outside entity. The page they targeted includes a routine that sends confirmation emails to people who complete the credit card payment process embedded in the survey tool.

The outside entity was blocked, and additional layers of security have been added to this page to prevent it from happening in the future.

No credit card information is accessible from this page, or our database. This information is processed separately by UC Davis, and our application merely receives confirmation when a payment is successfully made. No credit card information was compromised.

We apologize for any concern or confusion caused by this incident. If you experience any anomalies with the survey tool, please let us know immediately by filing a ticket in the ANR Tracker at https://ucanr.edu/tracker

Tags: survey (4), surveys (4)
Comments: 7
Comments:
by Emily Ngo
on December 16, 2013 at 1:04 PM
Do you know if the spammer was able to collect any survey information? Our survey includes e-mail addresses and phone numbers.
Reply by Karl Krist
on December 16, 2013 at 2:12 PM
Yes, some of the information may have been accessible to this attack. This would have been limited to any fields that were identified in the ‘Post Survey’ page.  
 
Please check your post survey page to see the information that may have gone out. At this point we have blocked the attack, but please let us know if you have a survey that would respond with sensitive information via the post survey page.  
 
Again, it is important to note that no credit card information was made available.  
 
Karl
by Peggy Ruud
on December 16, 2013 at 3:53 PM
don't know if it's relevant…but I received the payment by credit card (May) notification.  
was confusing as this was 7 months ago….
Reply by Dave Krause
on December 16, 2013 at 3:57 PM
Hi Peggy. This is related to the issue; however, your card was not charged again.
by Virginia Peeples
on December 16, 2013 at 4:49 PM
so, do we know the extent or pattern of the invasion ?  
e.g. were certain dates or lists targeted ?  
 
can we find out which users recd these erroneous spam e-mails ? basically, who should be notified.
Reply by Dave Krause
on December 17, 2013 at 11:12 AM
We're working on getting this information together and will notify survey administrators after compiling and reviewing the data.
by Penny Leff
on December 17, 2013 at 12:23 PM
Thank you for this information. I received a strange message from a survey participant - from a survey that did not include payment by credit card, and was deactivated several months ago. I deleted the message, but the survey respondent had received the "post-survey" email confirmation message from that survey, along with a line saying something like "your credit card has been charged". She was just notifying me of the error.
 
Leave a Reply:

You are currently not signed in. If you have an account, then sign in now!
Anonymous users messages may be delayed.
 

Security Code:
ZADVXS