Hi, I've raised a support ticket, but because of the potential seriousness of this, I'm writing here as well.
I noticed yesterday on my two Macs & my iPhones that the Moneywiz logo has changed within the app. A screenshot from the Mac is attached.
What's happened here? Hopefully, this is something as innocent as a planned backend change, but with an unexpected change like this, one must consider that the system has been hacked or compromised in some way.
An urgent response is required, I think.
All is OK :) This is just Gravatar logo - the service that we use to display your avatar there. This service has no access to your data.
You seem to have picked the default Gravatar avatar for your e-mail therefore please go to http://gravatar.com, sign in and change your photo there.
Thanks for the reassurance. However, I still don't understand what it's doing there. I've never heard of that service before this & I certainly didn't sign up for it. Even if I did sign up, I would have signed up under a different email address as I create a different email address at my domain for each service that I subscribe to, so they shouldn't be linked. Why should I now have to sign up for Gravatar?
Gravatar is a very popular service and many other apps, platforms and services use it. Do you perhaps have a WordPress account? Gravatar service is provided by people who work on WordPress and I think you automatically have an account there if you have a WordPress account.
I don't know how you might have signed up for that service but if we returned anything else than our standard silhouette of a person, then we got this data from Gravatar.
We query Gravatar service with a md5 hash of your e-mail (it looks like this: a1167f5be2df7113beb69c95ebcdb2fd for firstname.lastname@example.org) to check if you have an account there. If Gravatar tells us that there is no account there, we display our own image. If there is an account under that e-mail, we display whatever image Gravatar returns to us (and what you see is the default icon when you add an e-mail to Gravatar but not assign any avatar to it).
There is no privacy violation here as what we send to Gravatar (the md5 hash) cannot be decrypted to reveal your e-mail.
In summary: please check if you are absolutely sure that you don't have a Gravatar account. Perhaps you did not have it previously but you seem to have it now. We - MoneyWiz - certainly did not create it for you. Gravatar service never sees your MoneyWiz data and does not see your exact e-mail address - just the md5 hash of it (a1167f5be2df7113beb69c95ebcdb2fd instead of email@example.com). md5 hash cannot be decrypted to reveal your e-mail address again.