“Grouply” service and the Yahoo Groups nightmare

Really, there are people who will give their passwords to some random site? Really? You’d think everyone would know better than that, but I guess not. Here’s the warnings I’ve gotten from a couple of different Yahoo Groups moderators. (They didn’t all send the same thing, I just picked the best written one.)

You may have recently become aware of a new site which advertises they can make accessing your groups faster and easier. This is posted as a warning.

Over the past few days I’ve researched the Grouply service from both the pro and con perspectives, poured through numerous posts on the various Yahoo Groups technical and management lists, and examined comments from Grouply advisory board members as well as the CEO and co-founder and all have helped me to the conclusion I hold regarding the service. While Grouply is the only service mentioned by name, as other services are developed that offer similar services the policy explained below will be expanded to encompass the new companies. When you join Grouply.com, several things will occur which you may not be aware will happen:

First, when a member joins, it automatically changes their primary email address for the groups, giving them a @grouply.com extension. This is being done to those who are joining and is changed on the Yahoo ID so all mail received from the lists will now be sent to the grouply.com address. The only place this is mentioned is deep in one of the FAQs and not up front and in plain view of the new subscriber.

Second, members who join the Grouply website have to give their member ID and password. This opens up a security issue for those members as now a third party has complete access to their Yahoo account. This includes not just the Yahoo Groups, but also personal mail and any other services accessed via the Yahoo ID.

Third, once a member joins Grouply, it opens access to the files and posts of each group to the Grouply website. Grouply staff can then access these files. If they get hacked, then it opens the doors to the groups getting hacked as well. Additionally, Grouply will pull the list’s archives onto their servers, generally a violation of Yahoo’s TOS.

Fourth, it opens the risk of spam. Not only is there an enticement to send a message to all the new grouply.com subscriber’s groups announcing the Grouply service, but any other advertising or announcements as well. This is spam and few lists tolerate such solicitations. In other words, information from a group can be made accessible to everyone, and massive amounts of spam with your email address may be generated.

Now that we are aware of this issue, all members with an email address that includes grouply.com will be removed from this list effective February 15th. Removing their access is the only way to protect all members of this list. This is one way how identity theft gets going. They now have your real email, your yahoo emails, any emails listed in your yahoo group and can mail as you in and out of the yahoo groups.

If you have joined Grouply and are using them to read this list, you will need to either leave Grouply, or cease having Grouply collect your mail for this group. By joining Grouply you have exposed all your groups, group members, moderators, and owners to unauthorized use of their emails and group information.

I hope you understand what is happening and will take precautions to protect your Yahoo ID.

Comments are disabled for this post