Except this company DOESN'T USE THEM. Holy Batmobile, Robin. They then sent me confirmation of having purchased a new domain.
Ok, so money's involved, and this is where I step in - it is not fair to the rightful owner (Jessica M) that she paid for something and can't get into her account. I politely emailed the company to let them know that Jessica had put in the wrong email address and would they please take mine off her account. I shouldn't have access to her private info or her web hosting account. It's not mine and I didn't pay for it.
No reply.
I used the "reset password", had it sent to me, and logged into her account, hoping to find contact info. Unfortunately her name is far too common and a Facebook search turned up dozens with the same name, and none of them in the matching location. I tried, I really did. But I don't think it should be my problem to solve... I figured that since the password had been changed, and she couldn't get the reset email (they come to me), she would call their support people and they'd sort out why she isn't receiving emails. Right? Right? No.
I then received an email addressed to her, apologising for having lost her call, and asking about website colours and setup. I replied that I'm not Jessica, asking them to take my email off the account. No reply from setup support. Jessica has been waiting days and her website is still not working... the host is not listening to me... ok, maybe I can get JESSICA'S attention. I made a free 2-minute website and pointed her domain there. I figured that surely on the website she paid for, she would notice that it says "IT'S NOT YOUR EMAIL JESSICA, CONTACT 1AND1 SUPPORT" and has a huge photo of a coffee cup.
I figured wrong.
Next I received more info about configuring the new domain, and a bill. I made a third request, this time to Billing.
The reply from someone named Quirino was "Dear Jessica" followed by telling ME to contact Jessica to fix the problem. They supplied a login link to her account. Let's get this straight: a total stranger has told this company that they have access to one of their client's personal information. The total stranger should not have this access. The total stranger is luckily not an online creep or thief, but what if I were??? Not only do they not immediately lock me out, but they TELL me to log into SOMEONE ELSE'S ACCOUNT.
If you are considering signing up with them and giving out your credit card information, that should chill you to the bone.
I reply AGAIN saying I'm not Jessica, and asking them clearly to remove my email address from her account.
I get a reply of "Dear Jessica" (wtf!) apologising and telling me to disregard the bill if it's not mine. Um yes. But...
(hits "password reset" and enters ONLY her account number, not my email address)
(receives new password link)
(yes boys and girls they didn't do what I asked, and my email is still in her account.)
I have finally had enough... I came close to just deleting her entire account and domain, to FORCE them to fix the problem. Not just for me but for the poor woman whose private information gets given out to whoever. But I didn't. Instead, I have edited Jessica's personal information and replaced my email address with the main email address for support. Maybe they'll do something when they start getting a bunch of her emails arriving in their support box and Jessica phones to abuse them.
I wrote them a curt reply to tell them what I had done. Probably useless, but there you go. In a rare moment of indecision, I saved the email without sending. And what do you know? Another email from the company.
Dear Jessica M*,Oh really? Why yes. Yes, I will give you feedback. Honest feedback. I don't think you really wanted to hear what I wrote, but you got it.
Thank you again for choosing 1&1 web services. We are writing to follow up on your recent contact with Quirino xxxxx. As 1&1 is constantly striving to improve service performance and provide greater value to our customers, we ask that you please take a moment to follow the link below and answer a few survey questions.
And then I sent that reply. And I'm posting it on the internet, because really, when this is what you consider "customer service", you deserve the world to see it. And your customers deserve to be warned.
Dear Margaret, Quirino, the CEO of 1and1 Internet Inc., the cleaner, the lady in the lunch room, or anyone really,PS. Her domain is still showing my pic of a coffee cup. I even put some ads on the page. I might earn a couple of cents.
Despite me asking four times, you have been incapable of carrying out a simple task, (that is, to not share a total stranger's personal information with me) otherwise known as removing my email address from her account. And you are still addressing me as Jessica despite being told repeatedly that I am not Jessica, you are emailing the wrong person, and you still need to fix Jessica's account.I know you have not corrected this after four requests because the "forgot password" link still sends login access to me.I have taken care of it by logging into her account (yuck - it feels horrible to invade someone's paid account) and putting YOUR email address in as her contact info. You will now receive all her emails. Perhaps you will be interested in fixing the issue now. Oh and do something about your terrible security policy which allowed this to happen in the first place. People should be able to expect that a reputable company does not send their private information to strangers. It's called "requiring an email confirmation link to be clicked before granting that address access rights to personal information".Elisa in Finland (not Jessica - no really - I'm not Jessica. Really. Please don't reply to this with "Dear Jessica".)
UPDATE
Another staff member from billing has replied to the above email explaining that they can't really delete email addresses based on a request via email. (So they intend to intentionally continue spamming me. Ain't there laws against refusing to remove someone from a mailing list they didn't sign up to?) But anyway, why do you suppose they have this policy? Maybe they think... that email is insecure. (!?)
She added this awesome line: "If this account isn't yours, please disregard"
IF? IF? Seriously, IF? Perhaps she's still unsure. All I can do is laugh.
UPDATE #2
After contacting them six times, I have received another email addressed to Dear Jessica. I've politely asked them to remove me. From everywhere. No reply.
Unrelated: someone from 1&1 has found this page and left a comment asking me to send him everything. I'm a bit hesitant... his profile has a grand total of 1 post to Google+ and no indication of who he is and whether he can do more than anyone else who has seen my previous requests. And really, after six failed requests, can anyone really fix this? And will anything actually happen to fix the cause (ie. I think they need a security policy)? Shouldn't my honest & scathing feedback through their questionnaire have gone somewhere and fixed the problem? It didn't - what's the point of asking for feedback and not doing anything with it?
UPDATE #3
Googling has led me to discover who it is, and it was the Director of Customer Relations. I have communicated with him via email and passed on the information on Jessica's account. He kindly offered to take ownership of the issue and sort it out, and he was good enough to hear my thoughts on the issue. The management team has now reviewed this case and acknowledged that errors were made, and they will continue to use such cases to improve. They are continuing to focus on making sure employees take ownership of issues through to resolution.
+10 for customer relations done right. Thank you, Aaron.
I expect that this is probably the last update I will have on this, but I welcome comments from people who have opened accounts with 1&1. I would especially like to hear from people whose problems were successfully resolved. You can leave comments anonymously (if you wish).
Hilarious story. Went thorough something similar myself. However mine had a happy ending and required only 1 hour of elevator music on the phone.
ReplyDeleteSounds to me like Jessica is the issue here not the host. It seems she didn't put the right contact information in when she signed up. As the email address is clearly a vital part of Jessica's account security, maybe she should have double checked? From the hosts side it actually seems quite secure not to change the email address based soley at the request of someone who has made it abundantly clear they are not the account holder. Also - sender addresses in emails are very easily spoofed. Would you blame a car company if someone mistakenly gave you the key to thier car?
ReplyDeleteYes - the mistake was clearly Jessica's. The issue is not who made the mistake, but the fact that my email address grants me access rights, and nothing safeguards to make sure it's correct. And no, you absolutely cannot spoof to RECEIVE an email. When I am replying to an email with access codes in it, it is quite clear to the host that I have those access codes. Someone should have cared. It's fine not to change the address just because some stranger asked, but as far as I can tell nobody bothered to call her and check, despite a lot of evidence that there was a problem.
DeleteIn answer to your question, I would not blame a car company who accidentally posted me a car key. But I would be very concerned if they continued to post more keys when I have repeatedly told them the car isn't mine - they should be contacting the owner to get the right address and they should change the locks, not tell me to get into the car and drive it over the the owner's place. :)