I just stole something and it wasn’t (entirely) my fault

When I was checking through my daily-use-nothing-sensitive gmail inbox I noticed that I had a dropbox invitation for 48GB free and a message from Samsung asking to verify an account. At first I thought that this was a phishing technique I hadn’t seen before, build trust by sending related emails sort of thing, until I looked at the recipient address.
Something many people don’t know about gmail is that it handles names in a particular way. Period delineated names get parsed as if they had no period.
For example forename.surname@gmail.com is exactly the same as forenamesurname@gmail.com

To make things worse when you’re signing up for a new address it won’t tell you that and will allow you to go through the whole process with no warnings. The upshot of this that as a new shiny email address owner you don’t actually get emails, the owner of the address without the periods gets them. That’s what happened to me today.

So I clicked the dropbox link and gained 48GB of free data due to the automated service at the dropbox end.

I’ll admit that I probably shouldn’t have also clicked the account activation link from Samsung but I was curious as to how much information I could get from these two sources. Samsung did send a password reset link but I decided not to follow it as I thought that might be a step too far even in the name of research.

I’ve decided to be a good netizen and report the issue in the hope that it can be resolved and will report back if anything happens.

#update of sorts#

Still no response from any of the players in this sorry tale. I really hope that Muhyiddin Abdul Rahim isn’t too annoyed at his lack of Dropbox space.

I had a read an article from the gmail support forums and the official word is that any gmail address with my username and any number of periods in it is exactly the same as the one without so I guess Google is off the hook. Your move Dropbox/Samsung.

#update of sorts 2#

Dropbox Support got back to me via Twitter and I’ve forwarded them here and also provided them more information so hopefully they’ll be able to get this sorted.

#update 3#
Dropbox messaged me directly via Twitter and told me that they’ve managed to attribute the lost space to the correct user now and have also allowed me to keep the same amount of space for myself too. I don’t think I could have asked for a better resolution than that.

Leave a Reply

Your email address will not be published. Required fields are marked *