Why are they sending out user names and passwords in the same email? That's amateurish. Do the details log you in to your account? Have the club confirmed they're sending them out or is it a scam to get your bank details?
I've just received 4 emails advertising the Football for a Fiver match.
2 are for me & Mr F & 1 each for our grandkids who had £50 season tickets a couple of years ago.
Each email quotes our correct CON numbers stating they are our user names & a further 8 letter/number code stating they are our passwords.
The only one of us that has requested & used a password from the Club to purchase tickets is yours truly.
And the passcode quoted for me is NOT the one I successfully use .
So, it appears that every Red Card holder, or whatever the club now calls them, has been allocated a password whether they want one/not or already have one in use.
Not sure if that helps to clarify things but should we be concerned ?
Blimey. What a shambles. It would seem their customer database is still wildly inaccurate, full of duplicate and transposed information. The fact that they have deliberately composed an email containing usernames and passwords shows that they have absolutely no clue about data protection. Even if the info was correct, sending out that sort of detail in an unsolicited marketing email is a breach of data protection regulations - somebody needs to report this. Its not the first time they've included personal info in marketing emails that were sent to the wrong people. They really need to be slapped (hard!) and put straight over their cavalier and incompetent handling of their customer's personal info.
I have sent an an email to the ticket office query address complaining.
I will see if I get a reply.
Considering there were tweets directed at the account, and retweeted with a few frustrated comments, I wouldn't hold your breath.
The media team were active posting about other things too. Pretty disappointed that not only did they not acknowledge the issue... But they continued sending the emails out!
This is surely worthy of a complaint to the Information Commissioners Office.
I haven't received an email but is there anyone on here that received one, who knows about data protection, who is prepared to put a complaint in?
Edit: On their own behalf and that of other fans.
The first thing the ICO will do is ask if you have raised it with the organisation and received a full and final reply. If yes to both and you are not satisfied then complete and return this form:
This explains some of my dismay at the fact the emails contain passwords - http://plaintextoffenders.com/about/ - without even beginning to question how the hell they're being sent to the wrong email addresses.
I'm wondering if someones messed up tying in some mail service to the site?
But how have they gotten it both spouting off random emails and including UN/PWD in them? And since when do you include BOTH a UN and PWD in an email? Surely you segregate them.
And yeah the plain text storage of UN/PWD...I mean I get it, they don't think it matters but we're seeing time and again that in the internet of things era you have to secure and salt everything. Sigh.
That's what's confusing me, and makes me think someone has buggered up integrating a mass mailing service. I presume the CMS (which the media team apparently hate) doesn't support mass mailing, but it's essential to the marketing department at CAFC - so they've got some form of integration going on.
Purely speculation, but this is what I'd kinda expect if there was an issue with an integration. If it was somehow it's pulling in account details from the DB in the CMS... but of course, the ID's don't match in both the systems. So the email address belonging to #123 in the marketing app, is retrieving the UN/PWD belonging to #123 in the CMS: which is totes different. Once again, pure speculation.
The plain-text UN/PWD is a real bugger though, even if the UN is simply a 6 digit number - I'm sure when you log in you'll find more information. Potentially even email addresses which share the same password and.. woila; you've got their emails you've probably got everything.
I think if you tried harder you could squeeze a little more jargon in there LR...
(I genuinely have not got a clue what on earth you are talking about)
This is surely worthy of a complaint to the Information Commissioners Office.
I haven't received an email but is there anyone on here that received one, who knows about data protection, who is prepared to put a complaint in?
Edit: On their own behalf and that of other fans.
The first thing the ICO will do is ask if you have raised it with the organisation and received a full and final reply. If yes to both and you are not satisfied then complete and return this form:
Anyone had an offer of free tickets for their birthday though?
They clearly haven't got a clue how to manage their data. I really don't trust them.
I always tick any "don't contact me" box, and never had any marketing emails from the club, but after they emailed about the netting farrago they then sent me a mail trying to sell me carvery tickets for Father's Day. I sent them a sharply-worded response telling them to take me off their marketing lists and to let me know they had done this; no response came, but nothing has come since (including this balls-up).
'We have emailed a unique email that included your username and password in order for you to log into your online account. We have noticed that many Charlton fans have created duplicate accounts as they did not know their online log in details.
Please be aware that only accounts set up to your email address would receive these log in details.
If you have any other questions please feel free to contact me.'
'We have emailed a unique email that included your username and password in order for you to log into your online account. We have noticed that many Charlton fans have created duplicate accounts as they did not know their online log in details.
Please be aware that only accounts set up to your email address would receive these log in details.
If you have any other questions please feel free to contact me.'
So why would they get the names wrong and send multiple different emails?
'We have emailed a unique email that included your username and password in order for you to log into your online account. We have noticed that many Charlton fans have created duplicate accounts as they did not know their online log in details.
Please be aware that only accounts set up to your email address would receive these log in details.
If you have any other questions please feel free to contact me.'
The reason many Charlton fans have duplicate accounts is because their online ticketing system is iredeemably shite. I tried to buy two tickets to a game online. It didn't recognise my password. It refused to send me an email when I requested a password reminder. I finally had to set up a new account using a different email address. I'm sure I'm not the only one that's had to put up with this runaround.
I suspect I didn't receive this particular marketing email because I set up the password on this new account as 'rolandblowsgoats'
'We have emailed a unique email that included your username and password in order for you to log into your online account. We have noticed that many Charlton fans have created duplicate accounts as they did not know their online log in details.
Please be aware that only accounts set up to your email address would receive these log in details.
If you have any other questions please feel free to contact me.'
Ok, so that would be a major step forward: apparently the credentials are correct for the user who received them. If that's true then, why the hell are people receiving emails to incorrect names?
It does suggest a peculiarity with their system though, why can you register multiple accounts to one email address anyway?
In short, I suspect there's a little bit of a bullshit going on here - combined with a horrendous pile of shit that's storing our data.
This explains some of my dismay at the fact the emails contain passwords - http://plaintextoffenders.com/about/ - without even beginning to question how the hell they're being sent to the wrong email addresses.
I'm wondering if someones messed up tying in some mail service to the site?
But how have they gotten it both spouting off random emails and including UN/PWD in them? And since when do you include BOTH a UN and PWD in an email? Surely you segregate them.
And yeah the plain text storage of UN/PWD...I mean I get it, they don't think it matters but we're seeing time and again that in the internet of things era you have to secure and salt everything. Sigh.
That's what's confusing me, and makes me think someone has buggered up integrating a mass mailing service. I presume the CMS (which the media team apparently hate) doesn't support mass mailing, but it's essential to the marketing department at CAFC - so they've got some form of integration going on.
Purely speculation, but this is what I'd kinda expect if there was an issue with an integration. If it was somehow it's pulling in account details from the DB in the CMS... but of course, the ID's don't match in both the systems. So the email address belonging to #123 in the marketing app, is retrieving the UN/PWD belonging to #123 in the CMS: which is totes different. Once again, pure speculation.
The plain-text UN/PWD is a real bugger though, even if the UN is simply a 6 digit number - I'm sure when you log in you'll find more information. Potentially even email addresses which share the same password and.. woila; you've got their emails you've probably got everything.
I think if you tried harder you could squeeze a little more jargon in there LR...
(I genuinely have not got a clue what on earth you are talking about)
Rather sadly I enjoy speculating on stuff like this a bit too much.
The non-technical explanation would be "it's fucked", whilst a slightly more in-depth one would be this analogy:
A database generally has a unique way of identifying a particular record of data, most often a number. Like CharltonLife seems to think I'm "4773". To all intents and purposes this number is like a name.
Now imagine I met up with you in a pub, and I bought a work colleague with me. When you refer to me as "LuckyReds" he doesn't have a clue who you're on about, whilst when he refers to me as "Insufferable Asshole" you don't know who he's talking about either! You do know an insufferable asshole though, so you presume he's actually talking about your friend instead.
My colleague then says to you, "Oh, have you got Insufferable Asshole's number?" - so you give him the number for your friend and not me.
In that analogy you're both databases that have different ways of identifying me, so when you try and talk about me you end up talking about different people - and ultimately you give him the wrong info. So if my speculation was correct, the email app asks for someone identified by "123" (actually called "James") whilst the ticket app responds with "Oh, 123? Yeah that's David.. here's his username and password!".
My analogy sucks, and the club are now claiming they sent the correct username and passwords. However they haven't said this publicly, and it doesn't explain the incorrect names that were in the emails either.
I'm feeling a bit left out. I have not had an email even with the wrong name. I am beginning to wonder if I have been banned after carrying a black and white umbrella at one of the protests.
Comments
Do the details log you in to your account? Have the club confirmed they're sending them out or is it a scam to get your bank details?
2 are for me & Mr F & 1 each for our grandkids who had £50 season tickets a couple of years ago.
Each email quotes our correct CON numbers stating they are our user names & a further 8 letter/number code stating they are our passwords.
The only one of us that has requested & used a password from the Club to purchase tickets is yours truly.
And the passcode quoted for me is NOT the one I successfully use .
So, it appears that every Red Card holder, or whatever the club now calls them, has been allocated a password whether they want one/not or already have one in use.
Not sure if that helps to clarify things but should we be concerned ?
Could be worth it just in case
The Club that keeps on giving.
I will see if I get a reply.
Anyone had an offer of free tickets for their birthday though?
A2TR
Password:
R1ch1sATw@t
The media team were active posting about other things too. Pretty disappointed that not only did they not acknowledge the issue... But they continued sending the emails out! Free tickets for your birthday?!
FFS, I'll be having words with my mum about the fact I was born in July during the middle of the summer break.
I haven't received an email but is there anyone on here that received one, who knows about data protection, who is prepared to put a complaint in?
Edit: On their own behalf and that of other fans.
https://ico.org.uk/media/report-a-concern/forms/1523/information-handling-form.pdf
(I genuinely have not got a clue what on earth you are talking about)
@Alwaysneil - if the club don't respond satisfactorily, maybe something to follow up with?
I always tick any "don't contact me" box, and never had any marketing emails from the club, but after they emailed about the netting farrago they then sent me a mail trying to sell me carvery tickets for Father's Day. I sent them a sharply-worded response telling them to take me off their marketing lists and to let me know they had done this; no response came, but nothing has come since (including this balls-up).
'We have emailed a unique email that included your username and password in order for you to log into your online account. We have noticed that many Charlton fans have created duplicate accounts as they did not know their online log in details.
Please be aware that only accounts set up to your email address would receive these log in details.
If you have any other questions please feel free to contact me.'
The reason many Charlton fans have duplicate accounts is because their online ticketing system is iredeemably shite. I tried to buy two tickets to a game online. It didn't recognise my password. It refused to send me an email when I requested a password reminder. I finally had to set up a new account using a different email address. I'm sure I'm not the only one that's had to put up with this runaround.
I suspect I didn't receive this particular marketing email because I set up the password on this new account as 'rolandblowsgoats'
It does suggest a peculiarity with their system though, why can you register multiple accounts to one email address anyway?
In short, I suspect there's a little bit of a bullshit going on here - combined with a horrendous pile of shit that's storing our data.
Data Controller details
Registration Number: Z6640867
Date Registered: 15 April 2002 Registration Expires: 14 April 2017
Data Controller: CHARLTON ATHLETIC FOOTBALL COMPANY LIMITED
The non-technical explanation would be "it's fucked", whilst a slightly more in-depth one would be this analogy: My analogy sucks, and the club are now claiming they sent the correct username and passwords. However they haven't said this publicly, and it doesn't explain the incorrect names that were in the emails either.
edit: ok well I am a bit - as in 1947.
I received 2 e-mails from the club with two different passwords and numbers
presumably from previous ticket applications.