Your privacy on MOTOBLUR by Motorola

Publié le :

After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like Nokia, Motorola does not bother to validate the email address you enter on your profile, and sends a welcome message straight to that address:

Bonjour Francois, Félicitations! Vous avez créé avec succès votre compte MOTOBLURMC! Nous vous écrivons donc pour vous souhaiter la bienvenue dans notre grande famille. Vous êtes maintenant prêt(e) à vous connecter à MOTOBLUR et à profiter d’une vie sociale branchée.
(Pardon their French, it's Motorola Canada.)

In this case, since it was my own address and it serves as the account ID, I was able to request a password change and access the account:

motoblur

An almost complete profile with phone number, phone IMEI, access to contacts, phone location and the ability to wipe the phone remotely!

motoblur wipe phone

Since Motorola does not provide any way to delete the account I'm not going to do anything beyond changing the password and opting out from the Motorola marketing spam that's now arriving in my mailbox (thanks Francois!). The poor schmuck might just have made a typo on the email address, and it's Motorola's entire fault to send out the keys to their client's profile without the simple step of verifying it actually belongs to the right person.