- Nov 15, 2011
- 64
- 66
- First Name
- Jeff
And if it’s a legacy script, left over in a site the chances are whomever asked the provider to place it may have also been selling the browsing behavior and related to eXelate
BUSTED Spincar caught selling dealer data
- Thread starter Alex Snyder
- Start date
Not to stir the pot too much, but if you have an email showing them requesting the actual code be added, that would be more of a smoking gun than the email saying sorry.
- Nov 15, 2011
- 64
- 66
- First Name
- Jeff
Image of what was sent to client and what client sent to support. We have many similar requests from SpinCar for other clients as well.
- Nov 15, 2011
- 64
- 66
- First Name
- Jeff
And the initial
The script shown is the SpinCar script which after 3-4 seconds fired the eXelate pixel. Most people would never notice it was happening. We test all scripts.
So the theory is that integrator.swipetospin.com used to contain a link to exelator.com?
This is their generic script for adding spins, but it's also the same script I checked on my end and I couldn't find anything phoning home to exelator.
This is their generic script for adding spins, but it's also the same script I checked on my end and I couldn't find anything phoning home to exelator.
Here's what I see, which includes Criteo, but Criteo is for their remarketing service if I'm not mistaken.
- Nov 15, 2011
- 64
- 66
- First Name
- Jeff
It’s not a theory. It is what happened. It was integrated or “piggy backed” in to the standard SpinCar script, loaded after 3-4 seconds. This was confirmed in the original email posted here when the exelator portion was emailed to SpinCar, For which they apologized and said it would be removed. Since they were exposed they may have (looks like they most certainly did) deprecate it, but none the less it was found and exposed. We will watch to see if something similar ever surfaces.
- Nov 15, 2011
- 64
- 66
- First Name
- Jeff
Criteo is entirely different. Read the original email, the support ticket and their apologizing for its placement. They obviously removed it across all their accounts.
It's not that I don't believe you, I was just looking for the actual smoking gun.
The email you got back was from a sales manager - I've seen plenty of preemptive apologies as a way to appease a client with a serious concern so I wouldn't hang a company on an email.
At this point I am not seeing it doing it, but it is possible that it used to, before Alex posted this thread.
Happy that it doesn't now either way.
- Apr 23, 2011
- 11
- 10
- First Name
- Keith
Sorry that I'm late to this party. I actually "met" (online) Jeffrey Tognetti when I was trying to point out something similar another vendor was doing for tags and data, and he was a good guy to me then, especially once he understood my motivation and what I was trying to achieve (good for the dealer). My whole business is centered around helping dealers determine fraud and prevent data theft online, and sadly it's over and over that dealers "don't want" to know. I can't speak to this particular situation, but I've just run into--today!--a different kind of fraud that I see over and over: SEM/PPC to the tune of $20k a month landing about 50% naked on the home page. From a major industry vendor because the "dealer wouldn't work with us on determining the campaigns, so we just automated it all". Okay. $240k a year is a lot of motivation to turn deaf. Sigh. Anyway, many thanks to Jeffrey, Alex, and guys like Steve Stauning who try and do the right thing here. Gives me hope.
