WordPress.org

Ready to get started?Download WordPress

Forums

6Scan Security
[resolved] 6scan stole my private info without me even registering (8 posts)

  1. help
    Member
    Posted 1 year ago #

    I installed and activated the 6scan plugin from the WordPress Repository. When I went to the setting page for 6scan I saw it wanted me to "Confirm my email to continue" and stated "By clicking Agree, I agree to 6Scan's Terms of use." (I did NOT click "Agree".
    I deactivated the plugin and a few days later I got an unsolicited email from no-reply@6scanalerts.com with the subject "6Scan cannot contact your plugin at http://mydomain.com". I was shocked and upset that they had forcibly taken my email address from my WP Database without my permission.

    This Clearly violates the WordPress Plugin Repository Plugin Guidelines:

    No unauthorized collection of user data. For example, sending the admin's email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user's doing, not automatically done by the plugin.

    This I am writing this to warn all prospective users about this immoral (if not illegal) abuse of private information and also in the hopes that I get the attention of the developers of this plugin so that they may change their tactics.

    I would also hope that a WP Plugin Moderator would see this as a breach of the Plugin Guidelines and suspend distribution of this plugin until they stop stealing user's private data.

    http://wordpress.org/extend/plugins/6scan-protection/

  2. 6Scan
    Member
    Plugin Author

    Posted 1 year ago #

    Hello,

    It is very strange that this happened to you. Are you 100% sure you did not click Agree by accident? Had you clicked Agree the system would have behaved exactly as you mention, which is why I ask.

    We are definitely not interested in collecting your data without your explicit consent, and do not want to violate the WP plugin guidelines - that's why that dialog is there in the first place. I ask your help to figure out how this happened and make sure it does not happen to anyone else in the future.

    If you could kindly send us the URL of the site you installed the plugin on (either by reply here or privately to support@6scan.com), we would like to review the logs on our end and see what they show. Please also tell us your operating system (Windows/Linux/Mac) and the browser you are using, in case this is a browser quirk we might have missed during our testing.

    Thanks for your help, and I apologize for the system's misbehavior. With your help we'll get to the root of the issue and fix it.

  3. help
    Member
    Posted 1 year ago #

    I am 100% sure I did not click "Agree". In fact, when I went back to the 6scan page in my admin (before deactivated it) and it was still on that screen wanting me to accept the terms and click "Agree" and all the scan info behind that box was grayed out.

  4. 6Scan
    Member
    Plugin Author

    Posted 1 year ago #

    I understand. Could you then send us your site's URL, as well as the operating system and browser you were using when this happened? You are welcome to reply here or privately to support@6scan.com. We'd very much like to take a closer look.

  5. help
    Member
    Posted 1 year ago #

    the domain is <edited out for privacy> and the I use FireFox on Ubuntu.

  6. 6Scan
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks. We'll check this and get back to you.

  7. tzeldin88
    Member
    Posted 12 months ago #

    so what happened?

  8. 6Scan
    Member
    Plugin Author

    Posted 12 months ago #

    Hey tzeldin88,

    To address this issue, we made a change to the plugin to ensure it complies with the applicable WordPress.org policy in all circumstances, not sending any user information to any external server without the user's explicit consent. The change was made in version 2.3.0 (see our Changelog for details).

    Let us know if you have any further questions.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic