I dunno...
Doesn't sound very believable.
The Greater Manchester Skeptics Society (GMSS) has been obliged to start up a new group on Meetups.com, after someone with a very different agenda took over its profile on the social networking site. A glitch with the renewal of GMSS' Meetup Subscription allowed a non-committee member called "Sophie" (not her real name, we are …
Some may recall this prank name change from a few years back
"After being charged £20 for a £10 overdraft, 30 year old Michael Howard of Leeds changed his name by deed poll to 'Yorkshire Bank Plc are Fascist Bastards'. The bank has now asked him to close his account, and Mr Bastards has asked them to repay the 69p balance by cheque, made out in his new name."
http://www.theguardian.com/money/1999/nov/05/workandcareers1
Quite plainly "Sophie" had no interest in the group, and merely sought to cause as much embarrassment as possible to the established group. I have seen this before, when someone grabbed a web address and created a bogus dating agency on it. The motive then was money - the vandal just create as much embarrassment and nuisance to the genuine owners as possible, in the hopes of being bought off. Why else does cybersquatting happen?
I would suggest the "skeptics" (sic) contact the police. This looks like a case of extortion to me.
As for meetup.com ... clearly they couldn't give a damn. If the police are involved, finger the site as accomplices after the fact.
As alluded to in the article:
1. Set up sock puppets on numerous accounts
2. Wait for a payment default email
3. Gain control of said group by paying £15
4a. Harvest any subscription payments
4b. Hold group to ransom
The whole thing would be fairly automatable and likely to be beyond the reach of law enforcement if based in a lax jurisdiction.
It is a form of cybersquatting, you'd think they'd have better systems in place.
When you get someone else's meetup you don't get access to that person's account. The only power you have is to email all the members through meetup. I don't even think you get actually emails. Its not worth the time. People rarely miss payments either.
I know what you are saying but the article specifically stated that when payment was missed an (presumably automated) email was sent to all group members.
With regards to not many people missing payments, if you automate the sign up process and have a large enough number of accounts I'd guess that missed payment fails would occur. I do admit that the likelihood of return is small and probably not worth it but there may be folks out there who'd do it for the lulz.
Undoutably! There's millions of people out there who would like nothing better than to snag a group they don't like, & for £15 a time, with a few scripts watching, it'd be very doable.
You'd likely only target groups in a range that you didn't like, at that price, but then if you were using a stolen card would you care at all?
As for the money side,I doubt you could make it pay often, but for some groups it would be worth it to them to pay out big time to get their calender and email list back.
"Our fault was being naive enough to believe that no-one in our membership would behave in such a way"
This is a very telling remark. Indicative of profound self-complacency. It's the sort of remark that one would hear from a member of any cult-like sect in the same situation. Also the basis for any number of affinity frauds. Expect it to occasion no serious self-examination at all.
...it sounds as though Meetups procedures are really, really shoddy.
1. It should be perfectly possible to separate payments from organizational control, so someone could renew on behalf of the Group without being handed control over it; and conversely
2. Where a group has organizers, being quicker on the draw with a credit card shouldn't allow the payer to displace them.
3. The "let's notify the whole group that control's up for grabs to anyone quick with a Visa" model of renewal notification sounds utterly nonsensical.
Certainly, on the basis of this report, it's a service that I wouldn't trust.
Hello - I'm the original organiser mentioned in the article. I have a bit more information that might add some context.
I created the meet-up page years ago and it had been left with my name as the 'owner' of the group, although the organiser role had moved to other people.
Recently my meetup account was automatically deleted by meetup. The reason given was an invalid e-mail address - this is not the case, the e-mail address for my account was valid and I was regularly receiving e-mails from them (mainly marketing e-mails). There does not seem to be a missed payment, although I could be mistaken. I did receive one e-mail telling me that they were unable to send me e-mails, but I foolishly thought it was another marketing e-mail and didn't read it at the time.
At this point, the organisers of the group (set up with organiser accounts on the site) were not informed - other wise they would have been able to sort this before anything happened. Instead, an invitation to take over the group was sent to all 700 members, at which point someone seemed to take over it in order to promote their own unrelated veganism and anarcho-capitalism events and associated YouTube channel. The channel's name is "Karma Krack" for anyone interested and it is hosted by one of the two people who took over the group's page.
This incident has been interesting. It's shown us that when taking over a group it is very important to be thorough and get control of everything - I forgot to give up ownership of the meetup page, which was a big mistake on my part.
I also think the meetup procedure is flawed, although I am clearly biased on that account. In any case, this is my opinion on the procedure we experienced;
Meetup should really offer ownership of the group to the people listed as running the group before offering it to everybody. This would avoid situations like this where people take over groups for their own gain. Also, it's a bit worrying that meetup is deleting accounts for having invalid e-mails when the e-mail address is actually valid.
It's not a massive problem, but I understand it was a very annoying few days for the current organisers of the group. I hope this adds a bit of context for anyone who has read this.