(The quickest way to register)

Forum

  1. User picture
    • Jazspeak on Sun 19 Sep 2010
    • 11:40:48 PM UTC

    Badoo at it again

    It would seem that Badoo have recently been harvesting the address books of those with gmail and googlemail accounts, and then using the harvested e-mail addresses to send spam.

    This came to light when I received an e-mail purporting to have come from a friend but when I queried the e-mail it was confirmed that his address book had been harvested.

    I made some further checks and it looks as though the Badoo site is also involved in phishing. This phishing was confirmed when I went to the site and was repeatedly requested to enter credit card details in order to change some account settings (obviously I didn't give any real details).

    ~Music is not just for the Masses~

Comments:

  1. User picture
    • FBIG on Mon 20 Sep 2010
    • 02:49:24 AM UTC

    And just what does Badoo *do*?

    Jazspeak,

    What in the heck does Badoo do to earn your ire, and what do we, as savvy MyWot users need to do about it?

    • User picture
      • Jazspeak on Mon 20 Sep 2010
      • 10:14:37 AM UTC

      @ FBIG

      Badoo harvests e-mail addresses from gmail and googlemail address books. If you have an account with gmail or googlemail then you should take steps to protect the address books and/or contact lists to prevent spamming by Badoo.

      BTW - Badoo.co.uk and Badoo.com have previously been identified as a source of spam.

      ~Music is not just for the Masses~

      • User picture
        • Jazspeak on Mon 20 Sep 2010
        • 10:53:05 AM UTC

        Protecting Address Books

        Probably the best way to protect address books from harvesting by spammers is to keep all contact lists, details, and addresses in an address book on the local machine, preferably on a removable media such as a USB stick, and not use any online address books.

        ~Music is not just for the Masses~

      • User picture
        • tellonem on Sun 13 May 2012
        • 07:20:04 PM UTC

        RE: Badoo harvests e-mail addresses from gmail address books

        To be honest with you, I get over 100 spam in Gmail. Perhaps baddoo is behind it, but I haven't substantiated it. In Windows live emails I get as much as 50.

        "Bri" for short. Surf safely.

      • User picture
        • DennisC34 on Thu 07 Jun 2012
        • 06:17:06 PM UTC

        RE: @ FBIG

        EXACTLY

        One of the TRICKS they will pull on you : When you attempt to login they will redirect you to a page where it LOOKS LIKE A LOGIN
        Instead it's a place to enter your own email address and password for YOUR OWN EMAIL ACCOUNT.
        That way they can download your contacts and then email every other person you've ever contacted with a request to join you on a dating site.

  2. User picture
    • Dutch Mountain on Mon 20 Sep 2010
    • 11:30:04 AM UTC

    Rated

    @Jazspeak : Badoo.com seems innocent in first view.
    According to your info I gave RED. BUT I'm having doubts if you look in URLVoid and Robtex

    Robtex : Nothing suspicious and no blacklisting
    URL Void report :
    Report 2010-06-04 18:25:38 (GMT 1)
    Website badoo.com
    Domain Hash 5e18d0b685482584047a477c4213bc3c
    IP Address 87.245.192.38 [SCAN]
    IP Hostname badoo.com
    IP Country CY (Cyprus)
    AS Number 35545
    AS Name BADOO-AS BADOO AS
    Detections 0 / 19 (0 %)
    Status CLEAN

    Scanning site with: BrowserDefender CLEAN
    Scanning site with: Google Diagnostic CLEAN
    Scanning site with: hpHosts CLEAN
    Scanning site with: Malware Center CLEAN
    Scanning site with: Malware Patrol CLEAN
    Scanning site with: MalwareDomainList CLEAN
    Scanning site with: McAfee SiteAdvisor CLEAN
    Scanning site with: MyWOT CLEAN
    Scanning site with: Norton SafeWeb CLEAN
    Scanning site with: ParetoLogic URL Clearing House CLEAN
    Scanning site with: PhishTank CLEAN
    Scanning site with: Project Honey Pot CLEAN
    Scanning site with: SpamCop CLEAN
    Scanning site with: Spamhaus CLEAN
    Scanning site with: SURBL CLEAN
    Scanning site with: TrendMicro Web Reputation CLEAN
    Scanning site with: URIBL CLEAN
    Scanning site with: Web Security Guard CLEAN
    Scanning site with: ZeuS Tracker CLEAN

    I'll see if I get spammed after visiting the site

    BTW : I couldn't enter the co.uk extension it goes back to the .com

    Raise the dike ( aka "Dutch mountain" ) ! Or the internet gets flooded and ends up as a stinking swamp ! - The fight for a durable world wide web goes on. Read more at : http://peterswebsafety.com

    • User picture
      • Jazspeak on Mon 20 Sep 2010
      • 02:19:15 PM UTC

      @ peterbosch

      Yes, Badoo does look innocent at first glance but it has been confirmed that Badoo did harvest e-mails from gmail and googlemail accounts. Reproduced the relevant part of an e-mail that I received confirming the harvesting:

      "the badoo site harvested my email address book. I think I have sorted it now but let me know at once if you get any more from this bloody site.". (extract of e-mail received by me from a Senior Lecturer on 19/09/2010).

      My own further investigation of Badoo also revealed phishing attempts in that Badoo tried several times to get credit card details from me.

      The .co.uk address does redirect to the .com address, which is a ploy increasingly used by spam sites to lend credibility to those spam sites.

      Although the site is clean vis-a-vis malware, et al, the site should still be treated with caution for the spamming and phishing. The harvesting of address books for spamming purposes is a serious cause for concern.

      ~Music is not just for the Masses~

      • User picture
        • MagicDude4Eva on Mon 20 Sep 2010
        • 02:58:51 PM UTC

        Need some clarification

        How does Badoo harvest gmail/googlemail accounts? I would be surprised is that is a Gmail vulnerability and especially nowadays with the large Android handset coverage, literally every Android handset syncs data to Gmail.

        ---- Gerd Naschenweng, CTO - bidorbuy.co.za - Africa's largest online market-place

        • User picture
          • Jazspeak on Mon 20 Sep 2010
          • 04:11:24 PM UTC

          Re: "How does Badoo harvest...?"

          Perhaps you can let us know when you find out how it is done.

          Re: "literally every Android handset syncs data to Gmail." - A good reason to stick with Blackberry.

          ~Music is not just for the Masses~

          • User picture
            • MagicDude4Eva on Mon 20 Sep 2010
            • 05:40:36 PM UTC

            Not going to try it out

            but a quick Google search shows:
            At registration you are asked to enter your msn/gmail/yahoo username and password to find out if other friends are also on badoo.

            Sources: Badoo at Killerstartups and on Google Forum

            Quite scary if this is true and very surprising that Google does not do anything about it. (And that there are users out there who enter their userid/password on a social-networking site).

            ---- Gerd Naschenweng, CTO - bidorbuy.co.za - Africa's largest online market-place

            • User picture
              • Jazspeak on Mon 20 Sep 2010
              • 08:29:09 PM UTC

              Re: "Quite scary"

              Good couple of links, especially the Killerstartups clearly showing, "they import all your contacts and send them invitations in your name", which confirms in part the harvesting of contact details for spamming purposes.

              It does strike me as slightly alarming that Badoo is described as a social networking site when it is quite obviously an Internet dating site being used for spamming and phishing.

              ~Music is not just for the Masses~

  3. User picture
    • Dutch Mountain on Wed 22 Sep 2010
    • 07:09:56 PM UTC

    Background info

    I received a blog in Dutch about Badoo.
    It's real scum, they phish and spam by collecting all kinds of private info from their members.
    Even an ICT security manager of a Dutch university network stepped in the trap and lost his whole addressbook.

    I've left a message on that Dutch blog that WOT is busy putting Badoo in RED
    My red rating remains as it is , of course

    Raise the dike ( aka "Dutch mountain" ) ! Or the internet gets flooded and ends up as a stinking swamp ! - The fight for a durable world wide web goes on. Read more at : http://peterswebsafety.com

    • User picture
      • Jazspeak on Wed 22 Sep 2010
      • 08:23:58 PM UTC

      Re: "Background info"

      Thanks for the confirmation and information. It does seem as though the most recent efforts by Badoo have been aimed at Academics and Lecturers.

      ~Music is not just for the Masses~

  4. User picture
    • Jazspeak on Sat 25 Sep 2010
    • 12:46:20 PM UTC

    Badoo STILL at it

    Badoo are still sending spam using harvested contact details, and yet the site still has a light green rating, which should most definitely be red for spamming.

    If any WOT members reading this have not yet rated the site should do so as soon as possible and get Badoo the rating it deserves.

    ~Music is not just for the Masses~

    • User picture
      • BobJam (not verified) on Sat 25 Sep 2010
      • 10:19:46 PM UTC

      OK

      @ Jazspeak,

      I generally try to stay away from rating Social Networking sites, because I know I'm biased on them out-of-the-gate (as I'm sure you know, and share my view, they are not in my bookmarks!). . . but this beast deserves to be an exception to my rule.

  5. User picture
    • Jazspeak on Sat 25 Sep 2010
    • 11:18:22 PM UTC

    Best to block Badoo

    Since becoming a recipient of the Badoo spam through their harvesting of address books and contact lists, I have set up a mail rule specific to Badoo but instead of just deleting the e-mails on the server, the mail rule rejects any e-mails from Badoo and sends a 'postmaster' rejection to Badoo. If enough people do this then the Badoo system could quickly become inundated with the rejections of their own spam. Karma in action.

    ~Music is not just for the Masses~

  6. User picture
    • mentalist3d on Sun 26 Sep 2010
    • 12:13:57 AM UTC

    I do not use Badoo, but in

    I do not use Badoo, but in the past I was a user of tagged, which does the same with yahoo and hotmail accounts, and I recently discovered Facebook does the same thing after recieving several spam from Facebook because a user decided to give the Social Network access to their email accounts address books.

    This seems to be common practice with Social Networks and if they are based in the US it doesn't seem to be against the law, however in the UK it is, but if the company doesn't originate in the UK, then there is nothing that can be done.

    If users are rating Badoo for this unethical (IMO) practice then I also recommend rating the Tagged.com and facebook.com for the exact same reasons.

    • User picture
      • Jazspeak on Sun 26 Sep 2010
      • 09:24:21 AM UTC

      @ mentalist3d

      Whilst I don't disagree with your request to rate other social networking sites similarly to Badoo, the difference is that you state, "a user decided to give the Social Network access to their email accounts address books." whereas Badoo has harvested address books without the user's permission. To emphasise the difference please read the following extract of an e-mail that I received on 25 September 2010:

      "Dear friends and colleagues
      please delete anything you receive from Badoo.
      I have not sent any messages via this site but I tried to retrieve a message from a trusted source and it harvested my address book.
      Sorry if you are receiving this warning again.
      (name removed)

      It would also be pertinent to point out that Badoo calls itself a social networking site but is in fact nothing more than an Internet dating site.

      ~Music is not just for the Masses~

      • User picture
        • mentalist3d on Sun 26 Sep 2010
        • 12:57:05 PM UTC

        did they register an account?

        Having just registered a fake account with Badoo, there is a section to find friends on the site by giving Badoo access to your email account with password, just the same as tagged and facebook and other SN sites.

        Screenshot: http://lochgelly.org.uk/wp-content/uploads/2010/09...

        Like facebook and tagged, as soon as the user gives access to their email account, the sites will harvest the addresses and periodically send out spam to unregistered users without asking permission from the original user that gave access to their email accounts.

        Badoo harvested the email addresses because some user allowed them access to their email account. Just the same as with Facebook and Tagged.

        The person who sent you that email were they registered on Badoo?

        • User picture
          • Jazspeak on Sun 26 Sep 2010
          • 07:56:17 PM UTC

          Re: Did they register?

          As far as I can discover, he did not give any permission or passwords to his e-mail accounts. I am aware that he must have registered an account with Badoo in order to try an read the non-existent message from his "trusted source", and since he was using a googlemail e-mail address it looks like Badoo were able to access his address book on googlemail without his password.

          Like you, I set up a fake account to see how it works. Interestingly, I was required to upload a photo of myself in order to get at the non-existent message that Badoo claimed was from my friend, so I used an altered picture of the Mona Lisa, and the picture was moderated within four hours and deemed to be unsuitable. The only password I used on Badoo was the login password issued by Badoo, and I did not see any request for any other passwords. Closing the fake account was not so easy, either. It took me a number of attempts before the profile was deleted, and I suspect that Badoo deleted the account after the picture moderation revealed that the account was faked and of no use to Badoo. However, that didn't stop Badoo sending me another e-mail claiming that my friend had left a message (same as the first e-mail that I received) but I did not bother with having anything further to do with Badoo since I already knew that the message doesn't exist, and that Badoo are unscrupulous spammers.

          When I had set up the fake account on Badoo I had enough time before the moderation to discover that Badoo is not a social networking site but is an Internet dating site masquerading as a social networking site. There were several areas of concern beyond the spamming, particularly the repeated requests for me to enter my bank and credit card details. This constitutes phishing and is another reason to rate Badoo as dangerous.

          ~Music is not just for the Masses~

          • User picture
            • mentalist3d on Mon 27 Sep 2010
            • 08:17:53 AM UTC

            Agree on the red rating.

            I noticed the same with the uploaded photo, I was forced to upload images before I could see any messages, same with if you want to read anybodies info, you must supply your info first. So I reckon the site limits you completely and forces you to add personal info to unlock features and does this in stages, which I didn't like.

            I was able to delete the account quite easy through the settings page (much easier than FaceBook which is 5 deep for deletion), but I did get an email to say my account will be deactivated for the 30 days before being removed from their system, so I reckon I will get a lot of spam to try and encourage me to reactivate the account.

            I agree it is a dating site, I also noticed there was a section for your credit card details so a lot of the site must require a subscription fee which is common with dating sites.

            The only way I can think that they have harvested the addresses though is that if they automatically try your registered email address with the password you have provided as it is common for people just to use the same password over and over again. I'm going to set up another email address and Badoo account with both using the same passwords, and I'll keep one email address in the address book to see if that starts getting spammed.

            I will be rating red, but not for the same reasons but I might change my rating to similar as yours based on how much spam I receive. I'll be rating on the fact that you are forced to give up personal info to use the site, privacy policy designed to sell your personal details, etc.

            • User picture
              • Jazspeak on Mon 27 Sep 2010
              • 11:08:52 AM UTC

              Don't forget...

              Don't forget that Badoo are using two domain names. Badoo.co.uk is already in the red but Badoo.com has remained light green so far. The co.uk address redirects to the .com address, and although the co.uk scorecard shows the site is a dating agency, the .com scorecard claims that the site is a social network.

              I am not sure why but the comment voting has been disabled on the badoo.com scorecard, and so it has not been possible to vote down the green comments or agree with the red comments.

              ~Music is not just for the Masses~

              • User picture
                • mentalist3d on Mon 27 Sep 2010
                • 02:27:36 PM UTC

                .com rated

                I forgot about the .com extension, I'll rate that as well, thanks.

  7. User picture
    • shazza on Mon 27 Sep 2010
    • 12:39:26 PM UTC

    Re. Badoo.com has remained

    Re. Badoo.com has remained light green so far
    Have you pmed the 2 reviewers who abused the mrt and rated green based on the alexa list? There seem to be many sites that
    are kept green because of this.

    • User picture
      • Jazspeak on Mon 27 Sep 2010
      • 02:16:22 PM UTC

      Re: "Have you pmed the 2 reviewers"

      I have just PMed those two and found a third Platinum member who referenced the Alexa list. There are a few Rookies who have given the site green comments (and presumably green ratings) but I have not PMed those Rookies, and will only do so if it becomes necessary.

      If the Platinum members misused the mrt then it will be for WOT to deal with that.

      ~Music is not just for the Masses~

  8. User picture
    • Lance-Badoo on Fri 01 Oct 2010
    • 11:42:03 AM UTC

    Badoo spokesman here

    Hi everybody, name is Lance and I'm authorised to speak on behalf of Badoo. I spotted this conversation and wanted to give you our side of the story. I hope this will be accepted in the spirit of open and honest discussion.

    To be clear: Badoo gives users the option of inviting their friends to join the site, and if they choose to do so they must enter the login credentials of their email service. So this is an action which is only undertaken with the users' permission, and Badoo sends only one email to each of their contacts inviting them to join.

    It's worth pointing out that this is a practice that is employed by all of the leading social networks to help new users locate or add their friends on the site, so we don't feel that Badoo is doing anything unusual or underhand.

    I'm happy to answer questions either here or via PM.

    • User picture
      • tellonem on Fri 21 Jan 2011
      • 01:14:39 PM UTC

      RE: Badoo spokesman here

      By your own admission the site requires that you give your email login number. That is hardly any defense at all. Such requirements border on password stealing.

      "Bri" for short. Surf safely.

    • User picture
      • IssViews (not verified) on Fri 21 Jan 2011
      • 01:24:24 PM UTC

      RE: Badoo spokesman here

      @ Lance-Badoo

      To be clear: Badoo gives users the option of inviting their friends to join the site, and if they choose to do so they must enter the login credentials of their email service. So this is an action which is only undertaken with the users' permission, and Badoo sends only one email to each of their contacts inviting them to join.

      BS and you have not listened to what was previously pointed out to you nor have you done anything to change this!

      we don't feel that Badoo is doing anything unusual or underhand.

      There is none so deaf as those that do not wish to hear! YOUR company uses pathetic excuses and tries to pass the buck implying others do this as much as you when in fact they DON'T. Give me undeniable proof that other companies, and name them, that willfully encourage and etice users to part with email login details so they they can spam those on contact lists. We can then see what they have to say and how they feel about your accusations.

      YOU entice your customers to part with their email login information NOT to help them invite friends as they can do this quite easy of their own accord. IT is a marketing ploy by your scumbag service to spam, YES SPAM, those on that persons contact list.

      I'm happy to answer questions either here or via PM.

      No you are not because you would not answer nor accept anti-spam regulation in the UK that was pointed out to you. More BS your end to distance yourself from any wrongdoing and help evade critisism.

    • User picture
      • CatZeenat on Mon 23 Apr 2012
      • 04:45:46 AM UTC

      RE: Badoo spokesman here

      How the heck do I delete my profile on Badoo? I signed up on an invitation from a close and trusted friend just to discover that it was a dating network site. That's when I checked with her since it seemed completely out of character considering I'm happily married. I learned then that she never invited me - it had happened to me (and several others in her address book) completely without her knownledge.

      I then tried to un-register, but without success. This is a long time ago now, but I still get e-mails telling me that 103 (last time I got one) people have cheched my profile and wants to get in touch.

      I REALLyYwant to get OFF this network - I hate toimagine what my mate would think if he happened to see some of these e-mails from Badoo...

      What you're doing is nothing but falsification and spamming (and from what I hear from others also Phishing...)

      • User picture
        • Myxt on Tue 24 Apr 2012
        • 03:20:04 AM UTC

        RE: How to delete Badoo account / profile

        To be clear, I have no idea if this works. From the hXXp://badoo.com/help/ section titled "Settings":

        9. How do I delete my profile?
        If you really want to delete your Badoo profile, just log into your account and click on 'Settings'. Then select the 'Delete Profile' link from the left hand side of the page and follow the instructions given. If you want to know more, please see our Privacy Policy.