If You Are Using Diverse Solutions IDX, You Need To Stop What You're Doing, And Read This Post

If You Are Using Diverse Solutions IDX, You Need To Stop What You're Doing, And Read This Post

Two days ago, I began getting phone calls from clients, saying that my Diverse Solutions IDXPress was not working on our website.  I immediately went to my Dashboard at DS, and found several items had been manipulated/changed.  I immediately called Diverse Solutions, and the customer service agent determined that my account had probably been hacked, and advised me to change my password.  He opened up a ticket, and told me the "development team" would be looking into the problem.  I hung up with him and immediately changed my password.

The next day, I spoke with Jon Hardison with Ha Media Group (who, along with Inna Hardison, developed and launched my site just over one month ago).  When I explained to Jon what had happened, he immediately determined that DS has a major security issue.  Basically, he was able to still use my DS account, even though I had changed my password.  Why, you ask?  

The answer is simple, but scary.  DS does not log you out when you simply close your browser.  In order to completely log out, YOU MUST HIT THE LOGOUT KEY in the top right-hand corner of the screen.  Don't believe me?  If you have DS, go to their homepage and click on the "Customer Login" tab.  If you simply closed your browser the last time you used DS, you will not be asked for a password.  Basically, you are still logged in from your last visit.

So, here I sit, some 48+ hours later.  Someone has hacked into my account, and despite the fact that I have changed my password, they can continue to hack it, unless they have decided to hit the "logout" tab.  You see, the old password will continue to work, as long as the hacker didn't physically log out by hitting the "logout" tab.

48+ hours, and all I can get from the CSR at Diverse Solutions is "Our developers are looking into the problem, and I'll let you know when we get it figured out".  This is not acceptable.  Some hacker can not only go in and screw with my 120+ links that literally took days of work to create (and thousands of dollars), but he/she also has access to the personal information of everyone that has ever registered on my Diverse Solutions account.

Folks, this is scary stuff.  I've tried to get them to respond quickly, yet 48+ hours later, they still don't have a solution, nor do they seem to give a rat's ass.

Jon Hardison has written a post that does a much better job of explaining this security issue, as a service to the thousands of agents that are currently using this product.  I highly recommend you read his blog post, as it does a much better job of explaining in detail what is going on.  

I just wanted to get the word out so that fellow real estate agents are made aware of this issue.  Again, go read Jon's post, as he gives a detailed explanation of not only what is going on, but also tips on how best to protect your website from any damage.  First and foremost if you have ever worked in DS on a shared computer (at your real estate office, for example), it is imperative that you go back to that computer and physically log out, for obvious reasons.

I also want to make something very clear.  This post is not meant to disparage or harm DS in any way, shape, or form.  I felt it was my duty to make other agents aware of this issue, and I've given them two days to repair the problem.  As of the writing of this blog post, the problem still exists.

Please share this blog with others that you know are using Diverse Solutions, so that they are aware of this issue.  If you have Diverse Solutions, feel free to contact them and request that they fix this issue ASAP.   I hope that if other agents call and demand this, they will decide to make the necessary changes immediately.

 

Bob Hertzog

Designated Broker-Summit Home Consultants

http://forsalephoenixhomes.com