Start a new topic
Solved

Strange Moneywiz logo

Hi, I've raised a support ticket, but because of the potential seriousness of this, I'm writing here as well.


I noticed yesterday on my two Macs & my iPhones that the Moneywiz logo has changed within the app. A screenshot from the Mac is attached.


What's happened here? Hopefully, this is something as innocent as a planned backend change, but with an unexpected change like this, one must consider that the system has been hacked or compromised in some way.


An urgent response is required, I think.

jpg

Hello,


All is OK :) This is just Gravatar logo - the service that we use to display your avatar there. This service has no access to your data.


You seem to have picked the default Gravatar avatar for your e-mail therefore please go to http://gravatar.com, sign in and change your photo there.

Thanks for the reassurance. However, I still don't understand what it's doing there. I've never heard of that service before this & I certainly didn't sign up for it. Even if I did sign up, I would have signed up under a different email address as I create a different email address at my domain for each service that I subscribe to, so they shouldn't be linked. Why should I now have to sign up for Gravatar?


How did Gravatar get my information? Isn't this in breach of your own privacy policy, which states "MoneyWiz is integrated with the following external systems: SYNCbits, Google Analytics, FreshDesk and SaltEdge" and in another section "We use the information you provide to us, only if you request help from us, with your permission. We do not share this information with outside parties, under any circumstances. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties."

Gravatar is a very popular service and many other apps, platforms and services use it. Do you perhaps have a WordPress account? Gravatar service is provided by people who work on WordPress and I think you automatically have an account there if you have a WordPress account.


I don't know how you might have signed up for that service but if we returned anything else than our standard silhouette of a person, then we got this data from Gravatar.


Gravatar only could have got your data with your consent. We do not create an account for you at Gravatar service if you don't have it already. Gravatar does not have access to your data therefore it is not a breach of our Privacy Policy.

We query Gravatar service with a md5 hash of your e-mail (it looks like this: a1167f5be2df7113beb69c95ebcdb2fd for example@domain.com) to check if you have an account there. If Gravatar tells us that there is no account there, we display our own image. If there is an account under that e-mail, we display whatever image Gravatar returns to us (and what you see is the default icon when you add an e-mail to Gravatar but not assign any avatar to it).


There is no privacy violation here as what we send to Gravatar (the md5 hash) cannot be decrypted to reveal your e-mail.


In summary: please check if you are absolutely sure that you don't have a Gravatar account. Perhaps you did not have it previously but you seem to have it now. We - MoneyWiz - certainly did not create it for you. Gravatar service never sees your MoneyWiz data and does not see your exact e-mail address - just the md5 hash of it (a1167f5be2df7113beb69c95ebcdb2fd instead of example@domain.com). md5 hash cannot be decrypted to reveal your e-mail address again.

Login or Signup to post a comment