Blog

72 Comments

1. Dean
   August 19, 2009 8:00am

   If one of my clients doesn’t have access enabled why are you asking for an email address to reset a password that doesn’t exist?

   This presumably means that I will have to ask my client to tell me what their password is so that I can log in as them if I need to?

2. David Greiner
   August 19, 2009 9:01am

   

   Good catch Dean, that reminder in your account should only have highlighted any clients who have account access but no email address. We’ve since fixed that issue. Thanks for the heads up.

3. Eddie Johnson
   August 19, 2009 9:24am

   We have clients that have more than one account and they’re not sure as to which account the password change relates to as it only specifies our account name.

4. David Greiner
   August 19, 2009 9:26am

   

   Eddie, if the process is tricky for any of your clients, feel free to change their password on their behalf from your own account by heading into their Client Settings and updating it there.

5. Luc Pestille
   August 19, 2009 9:47am

   I’ve got a lot of accounts that I want to reset the password for (rather than them, who never log in), but I can’t have the same email address for multiple accounts in my account. Is this deliberate?

6. David Greiner
   August 19, 2009 9:57am

   

   Hey Luc, you can just jump in and make these changes on behalf of your clients by heading into their Client Settings. We’ve always required a unique email address for each of your clients that have any form of account access.

   Each client needs a unique email address so they can easily reset their own password via your login form any time in the future. If they have create/send access, it’s also the address we send invoices, campaign sent confirmations, etc.

7. Pete
   August 19, 2009 10:04am

   I just received an “Out of office” bounce from a client in response to the password change email that you sent.

   Pre-empting that he will no doubt ask me what it’s all about on his return it would be very useful to have a copy of the email that you have sent out on my behalf.

   I understand why you sent this, but to be honest I would have preferred to have the option of contacting my clients myself to handle this situation.

   Can you please post a copy of the email here or else send the same email to the “master” account owners.

8. Pete
   August 19, 2009 10:08am

   Actually, it’s becoming clearer now.

   The password change email is only sent if someone tries to log in to the account? Is that correct?

9. David Greiner
   August 19, 2009 10:08am

   

   Hi Pete, we only send your client a password update email when they attempt to login themselves. You can jump into your own account at any time and update their password on their behalf.

   The email we sent was almost identical to the one you received, the only difference being there was no reference to Campaign Monitor, and the email appears to come from you guys instead of us. This is to keep the process as private label as possible for those customers rebranding.

10. MWH
    August 19, 2009 10:17am

    Is there a way to provide a list of our accounts that have not yet updated their password so we can prompt them to do the process as soon as possible.  The list could then simply reduce until all affected accounts have gone through the process.  This way we can manage the transition now and not some time in the future for accounts that are not as active as others and as a result the security issues will be constrained to a shorter period.

11. MWH
    August 19, 2009 10:19am

    [Follow Up]

    I am hoping the list would be inside the main account, that we can revisit as often as is required.

12. Lisa Bailey
    August 19, 2009 10:21am

    What a complete nightmare.  Your links don’t work.  The codes don’t work.  My accounts are in a complete mess and I can’t get my old passwords back and can’t get into my accounts.  Your links become invalid within seconds. 
    Thanks for nothing.

13. Lisa Bailey
    August 19, 2009 10:24am

    I have 3 or 4 passwords that you want me to change.  For each and every one I have followed the instructions (several times) and then when I try to log in with the new details -every one is rejected. Every time.  I have wasted too much time on this now and am losing interest fast.
    Looks like this could be the straw that sends me elsewhere - my group and designer is nagging me to change over to YMLP.com and this is making it impossible to stay with you - I cannot get these new passwords to work and I have to make a decision real fast.

    I am asking you as a regular client to please just change these passwords back - I have 17 outlets and this is really causing me a problem.

14. David Greiner
    August 19, 2009 10:29am

    

    Lisa, my sincere apologies for the problem wit the supplied codes. I’v got our developers looking into this for you right now, and I’ll post a follow up as soon as it’s resolved. Shouldn’t be too long at all.

15. David Greiner
    August 19, 2009 10:30am

    

    MWH, we don’t have a list like that available I’m afraid. The reset process should be a very straightforward process for your clients (as soon as we fix the issue Lisa mentioned). Of course, you can pre-empt this by simply updating it on behalf of your clients by heading into their Client Settings from your own account.

16. Nick
    August 19, 2009 10:42am

    Hello,

    I thought these changes were made in order to strengthen your security but for some reason, all the links I have followed to change my password were not secure (no https anywhere in sight).

    Also, the pages I have visited did not supply identity information. If I had not read this blog post in advance, I would have discarded the whole process as a phishing attempt.

    Thank you

17. David Greiner
    August 19, 2009 10:54am

    

    Nick, the entire process is done at your site address, so I’m unsure how this looks like a phishing attempt. Thanks for your feedback about SSL.

18. Mark
    August 19, 2009 10:58am

    HI—the email I received (as account holder) had footer text mentioning Campaign Monitor and also the from address was .(JavaScript must be enabled to view this email address)—will my clients also receive these branded emails?

19. Mark
    August 19, 2009 10:59am

    Sorry—just read the ‘Don’t worry, the client version of this process will be branded to match your account.’ bit in the HTML version.

    The plain text alternative (which I read by default) doesn’t mention it though, so perhaps you could alter that if it’s easy.

    Thanks.

20. David Greiner
    August 19, 2009 11:00am

    

    Thanks Mark, that’s a good suggestion. Great to hear it’s all working fine for you.

21. David Greiner
    August 19, 2009 12:11pm

    

    Guys, we’ve just made some changes to the way your unique codes are generated to ensure you don’t get an expired code message. Thanks for the feedback and please let us know if you run into any further issues.

22. Rob
    August 19, 2009 12:14pm

    My default browser is Firefox 3.5 (on Vista).  Clicking the link from Outlook did not work multiple times.  In the end, I copied the link and pasted into Internet Explorer.

    I am not positive it was a browser problem, but just reporting in my details.

23. David Greiner
    August 19, 2009 12:16pm

    

    Thanks Rob, we just tried this with the same configuration on our end and it worked. very strange. Is anyone else experiencing this?

24. Chris
    August 19, 2009 2:30pm

    How long do the links last? I got a phone-call and the link expired when I got a chance to click the link.

    Also a little heads-up warning, so I could warn my customers (I just created an account yesterday for a client and now they have to redo their password, I look like a tool) and more thorough testing on your part would have been much appreciated.

    The hacking wasn’t (completely) your fault but this is a self-inflicted wound.

25. Marijke
    August 19, 2009 2:34pm

    The new link and password you sent me do not work and my emails to you are not being answered… Can you please get this problem fixed because we need to get in our account urgently…

    Thank you.

26. Diana Potter
    August 19, 2009 2:46pm

    @Chris the links are good for 30 minutes. Also, we are sorry about the lack of notice. Normally we would have notified you in advance of a change that would impact your clients so that you would have time to prepare a response for them, or let them know what to expect. As part of a recent security audit, it was concluded that a customer-wide password change was the best course of action to ensure the security of all accounts. In this case we decided that an early warning posed an unnecessary risk of alerting anyone who had passwords that did not belong to them.

    @Marijke I’m not seeing any emails from you to support currently. Is the email address you contacted us from at the same domain as your website?

27. Julia Moran Martz
    August 19, 2009 3:43pm

    Links sent in the emails are expired. I keep hitting reset on the error page and click on the new link within the email within seconds of getting it yet it’s always expired. Can’t get to the page to use the temp password.

28. Diana Potter
    August 19, 2009 3:49pm

    @Julia That’s not good. Have you sent an email in to support? We can take a look for you.

29. Julia Moran Martz
    August 19, 2009 3:49pm

    Tried sending help request using the form and getting no response. Tried twice.

30. Julia Moran Martz
    August 19, 2009 4:02pm

    6th reset worked after posting the issue here and there was a much longer delay in getting the email with the new link than with the first 5 resets. I had to view the email as html to get the code, pasted it into a text editor to eliminate the styling because Firefox kept retaining that.

31. Julia Moran Martz
    August 19, 2009 4:04pm

    Remind me again why I want my clients to be able to reset their own passwords if it’s such a bitch to do? I don’t want them going through this.

    Also, is there a good reason for them to have an email address assigned to their account other than this password issue? I think I’d rather use my own email address for client accounts in the event that this frustration happens again.

32. Diana Potter
    August 19, 2009 4:16pm

    @Julia We do sent the emails out right away, but perhaps they were being delayed somewhere before they could be delivered. Happy to hear you were able to reset it. Our apologies for all of the hassle and the delayed response.

    You can change your client’s passwords yourself under the client settings tab. The email address in their account is used to send receipts and such as well, if they’re set to pay for themselves, so you wouldn’t want to change it in that case.

33. Jay Ashton
    August 19, 2009 5:11pm

    Thanks to Diana. Your email response regarding my support centre query fixed it. Password reset and going again. This must be a nightmare time for you and your team. Your efforts are appreciated.

34. Emily
    August 19, 2009 8:43pm

    Still haven’t received email and link. If it will expire in 30 minutes I’ve got a feeling it will not work once I receive it. Sometimes emails get delayed on our end- due to our own filters/security. Is there anyway I can get access to our account or reset our password in another manner?

35. Diana Potter
    August 19, 2009 9:04pm

    Hi @Emily, if you email support we can send you the reset information as well. It’s possible our reply might get delayed as well but it’s worth a shot.

36. Emily Constantine
    August 19, 2009 9:22pm

    Hi Diana, thanks for your quick reply. I’ve already sent a request to support and haven’t heard back yet (not sure if that is due to filters or not- I’ve also contacted my IT dept to 2x check our side) We are trying to get a campaign out today and I can’t access our CM account. I did not see a phone number. Is there another way? thanks!

37. Diana Potter
    August 19, 2009 9:50pm

    Hey Emily, we actually just replied so you should be seeing a response soon.

38. Gabriel
    August 19, 2009 10:47pm

    I’m having a problem receiving the reset email as well. I would submit the particulars and private info via your contact form, but the form isn’t working for me—I get a webpage not available error when I try to submit, with the following details:

    Error 324 (net::ERR_EMPTY_RESPONSE): Unknown error.

    Please provide a direct email address that I can contact support on, or advise otherwise. Thanks!

39. David Greiner
    August 20, 2009 12:05am

    Hi Gabriel, you can email us directly any time on support [at] campaignmonitor.com. I just tested the contact form and all seemed to work fine. Very strange. get in touch and we’ll get you sorted ASAP.

40. Mia Judkins
    August 20, 2009 12:41am

    Hi David,

    Looks like we’re having the same problem as Lisa Bailey on all our accounts. (The codes and links don’t work and they say it is an invalid link).

    It’s really very frustrating - could you please let me know how long it’ll take to fix this? I’ve tried the contact form, but so far no reply.

    We have some tight deadlines around this, so if you can get back to me ASAP I’d appreciate it.

41. Mia Judkins
    August 20, 2009 12:53am

    Re: last post

    Just found a reply from support in my spam filter! Yay!

    Unfortunately it didn’t fix the problem, but thanks for getting back to me any way.

    Will continue to try to work this out with the support person.

42. Gabriel
    August 20, 2009 2:13am

    Thanks David, contact form ended up going through when I loaded it in Firefox. It wouldn’t succeed with Google Chrome, in case you guys want to check into it (note that I was actually using it with Chromium, beta linux version so the problem may very well be local to the browser).

43. David Greiner
    August 20, 2009 2:35am

    

    Thanks Gabriel,

    i’ve just tried with the Windows version of Chrome and it went through fine, so it’s likely the browser like you mentioned. Either way, thanks for the heads up.

44. Bryn
    August 20, 2009 2:45am

    It good to hear you are strengthening your security but it confuses me a little to see we are still signing in using an insecure connection. That is we aren’t sending our password information to your servers over SSL(https) but plain text. My understanding is these packets can be intercepted and read quite easily.

45. David Greiner
    August 20, 2009 6:50am

    

    Hi Bryn, thanks for the feedback. We’re actually working on an SSL version of the login form (and password reset form) that we plan on pushing across all accounts shortly.

    This first round is related to how we store passwords in the database, and we wanted to get that live as soon as possible. We’ll be rolling out SSL support across the app soon.

46. Stuart Ingram
    August 20, 2009 9:56am

    I do apologies for adding this comment, but I have been trying to contact the Support team via the website contact page and via numerous emails for over a week now without respose! I have an invoice credited to my account that I need to discuss. I have also been unable to login to our account since the password requests were issued &I need to check the credits on my account for my clients.

47. Mathew Patterson
    August 20, 2009 10:05am

    Hi Stuart,

    We definitely always reply to every support email, so it seems you are not getting our replies. Can you try from a different email address?

48. Matthew Harris
    August 20, 2009 10:05am

    massively annoying… now i have to look up the password when I want to use campaign monitor.

    time to integrate with openid or some other form of common login?

49. Marijke
    August 20, 2009 10:25am

    I stil cannot get into our account… The code you gave me does not work. I am getting desperate!

50. Mathew Patterson
    August 20, 2009 12:13pm

    @Marijke Sorry for your hassle. If you follow up with support, we can help. One thing to check is that you are entering the right username.

Comments for this entry are closed.