BUSTED Spincar caught selling dealer data

[Jeffrey Tognetti]

The tag was asked to be installed by SpinCar. Do you want the email where they ask to install the tag? Further the websites where they were installed were in dev, never out in the web as of yet. Let me know and I’d be happy to post the “request” to place the script

And if it’s a legacy script, left over in a site the chances are whomever asked the provider to place it may have also been selling the browsing behavior and related to eXelate

 

[craigh]

The tag was asked to be installed by SpinCar. Do you want the email where they ask to install the tag? Further the websites where they were installed were in dev, never out in the web as of yet. Let me know and I’d be happy to post the “request” to place the script

Not to stir the pot too much, but if you have an email showing them requesting the actual code be added, that would be more of a smoking gun than the email saying sorry.

 

[Jeffrey Tognetti]

Image of what was sent to client and what client sent to support. We have many similar requests from SpinCar for other clients as well.

 

[Jeffrey Tognetti]

And the initial

Image of what was sent to client and what client sent to support. We have many similar requests from SpinCar for other clients as well.

The script shown is the SpinCar script which after 3-4 seconds fired the eXelate pixel. Most people would never notice it was happening. We test all scripts.

 

[craigh]

So the theory is that integrator.swipetospin.com used to contain a link to exelator.com?
This is their generic script for adding spins, but it's also the same script I checked on my end and I couldn't find anything phoning home to exelator.

 

[craigh]

Here's what I see, which includes Criteo, but Criteo is for their remarketing service if I'm not mistaken.

 

[Jeffrey Tognetti]

It’s not a theory. It is what happened. It was integrated or “piggy backed” in to the standard SpinCar script, loaded after 3-4 seconds. This was confirmed in the original email posted here when the exelator portion was emailed to SpinCar, For which they apologized and said it would be removed. Since they were exposed they may have (looks like they most certainly did) deprecate it, but none the less it was found and exposed. We will watch to see if something similar ever surfaces.

 

[Jeffrey Tognetti]

Criteo is entirely different. Read the original email, the support ticket and their apologizing for its placement. They obviously removed it across all their accounts.

 

[craigh]

Criteo is entirely different. Read the original email, the support ticket and their apologizing for its placement. They obviously removed it across all their accounts.

It's not that I don't believe you, I was just looking for the actual smoking gun.
The email you got back was from a sales manager - I've seen plenty of preemptive apologies as a way to appease a client with a serious concern so I wouldn't hang a company on an email.

At this point I am not seeing it doing it, but it is possible that it used to, before Alex posted this thread.
Happy that it doesn't now either way.

 

[Keith Shetterly]

Sorry that I'm late to this party. I actually "met" (online) Jeffrey Tognetti when I was trying to point out something similar another vendor was doing for tags and data, and he was a good guy to me then, especially once he understood my motivation and what I was trying to achieve (good for the dealer). My whole business is centered around helping dealers determine fraud and prevent data theft online, and sadly it's over and over that dealers "don't want" to know. I can't speak to this particular situation, but I've just run into--today!--a different kind of fraud that I see over and over: SEM/PPC to the tune of $20k a month landing about 50% naked on the home page. From a major industry vendor because the "dealer wouldn't work with us on determining the campaigns, so we just automated it all". Okay. $240k a year is a lot of motivation to turn deaf. Sigh. Anyway, many thanks to Jeffrey, Alex, and guys like Steve Stauning who try and do the right thing here. Gives me hope.