12

I was working in a company, where I was developing a Full Stack Application. In it, I had implemented Email API features in which users will get the following emails

  • confirmation mail and password of new account creation with the user name (the account creation process is done by an Admin, and the Users need to change the password during first login)
  • Password reset confirmation
  • One Time Password, in case a user has forgotten the password, and wants to change it

Before deploying the project in production, I had created a temporary Gmail account (which I do not use as much) to test these emails, back when I was implementing the features. I recently logged into that mail, and found out that I am getting ALL of the above mails from various users. Probably, the team who is currently working in that project, hasn't changed the Recipient's Email id.

I am brutally scared, because the Project manager had messed up my salary credit, after I left. So, I am not in good terms with the Project manager. I am good with some other team members, and the team lead of that project (who is still there, as far as I know), but I don't have their official emails.

What should I do ? Should I send an email to the Project Manager, or just give a call to the Team Lead

Improve this question
11
  • 9
    I had created a temporary Gmail account (which I do not use as much) to test these emails - Why not just abandon or ignore the email account? I have several "burner" email accounts for testing, etc. and I don't give them a moments thought.
    – joeqwerty
    Commented Mar 28 at 14:55
  • 1
    @joeqwerty I used that email to create an AWS account to get another year of free services. I logged in to see if there was any billing for the month
    – Asish
    Commented Mar 28 at 14:58
  • 1
    I'm a little surprised that you don't have the emails of the people you worked with, did you not communicate in that form with them and your other colleagues.
    – cdkMoose
    Commented Mar 28 at 18:02
  • 3
    @Asish - Can you just delete the Google account in question. This way you no longer receive the emails in question. The fact a confirmation email is sent to an email that no longer exists is no longer your problem.
    – Donald
    Commented Mar 28 at 18:36
  • 2
    What most folks seem to do is just send a reply-all saying "hey, someone forgot to take me off this list" and let others decide how to handle it. Rude, but minimum effort and usually gets the job done.
    – keshlam
    Commented Mar 29 at 22:19

1 Answer 1

Reset to default
29

Depending on the way this was initially set up and the nature of the information this might constitute a security incident (setting up a back door or information exfiltration, even if done for legitimate testing purposes, must be reverted when testing is done).

If your relation to the project manager is problematic, contacting the team lead to inform them of the leftover misconfiguration might be a possible way of handling this. Mistakes happen, and it's better to help clean them up and limit their negative consequences than hoping that nobody notices.

For the future, it may be good to remember to not set up external resources that are only managed by you when doing stuff for your employer.

Improve this answer
6
  • I did use a way to disable the email, and use the Email id of the real users. But, I think that someone messed up with the production code and uncommented out the email.
    – Asish
    Commented Mar 28 at 15:38
  • 15
    @Asish the mistake you made was to create gmail account for testing, instead of requesting email like [email protected] from your company. Gmail address should have never been there at all. If it weren't, there would be no chance for someone to bring it back from comments or revision history.
    – Mołot
    Commented Mar 29 at 13:14
  • 1
    @Molot While maybe not directly applicable in this case, I have found that sometimes emails are treated differently based on the spam filters for a generic Gmail account vs a company Gmail account and have needed to test non-company emails to troubleshoot issues. Though I generally used my own account, I never put it into code. If the non-personal account is for company use, I would have handed over the credentials when I left as part of all my other company credentials stored in my password manager.
    – Magnie Mozios
    Commented Mar 29 at 17:41
  • @Mołot I agree. But, the thing is, we had bought the Email API from a 3rd party vendor, and it was taking some time to get approval from the client (as client would be billed). So, to test the features, our team decided to use use the free Gmail APIs to send emails and check issues. At that time, Gmail was allowing email APIs. Hence the temp account creation. I had asked the company to create Gmail account on behalf of company, but they told me to create it. I didn't want to include this in the original post.
    – Asish
    Commented Mar 30 at 8:19
  • 1
    I don't think the OP did anything 'wrong', especially if they commented out the test account. I would notify, wait a week for a response, then close the account and delete all if nothing heard back. Keep a paper trail.
    – Happy Idiot
    Commented Mar 31 at 18:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .