Today I received an unsolicited email from a website called FestingerVault. They had created a WordPress account on their website using my email address, even though I had never heard of them before.
But it didn’t stop there. Shortly after that, I received an email newsletter from “Festybot” - clearly an automated thing from the same company. Now, this got me thinking about what FestingerVault is all about and why they would reach out to me without my consent - a clear breach of GDPR.
It seems that FestingerVault sells access to WordPress themes that they haven’t made themselves 1. Because of the nature of the GPL (General Public License), users are legally allowed to sell GPL products, such as WordPress themes and plugins, that they have purchased. However, this practice is generally frowned upon for a few reasons.
Firstly, the original developers do not benefit when someone else starts selling their themes without permission or proper compensation. Secondly, these themes are often altered or broken by unauthorized sellers, resulting in poor user experiences. Thirdly, updates for these themes are not easily accessible through unofficial channels. Finally, when you get themes from an unofficial source, you don’t know if they contain malicious code or not.
Festinger Vault tweets showing users frustration.
It seems like FestingerVault has been scraping developer contact information from various sources (I have seen Github mentioned more than once) and spamming people with their products. Similar incidents have been reported on platforms like Reddit and Discord as well. Although FestingerVault claims not to be responsible for these issues directly, it does raise suspicions given the number of coincidences.
FestingerVault say you should contact support if you want to remove your email address from their database 2. However there have been multiple reports of this not working and people continuing to receive messages from FestingerVault without permission. Likewise the unsubscribe link in the emails do not appear to do anything.
A Festinger Vault review on TrustPilot, including a reply from the company with their email address.
Now let’s talk about what you can do if you’ve also received unwanted messages from FestingerVault without signing up for their service:
- They seem to ask for FestingerVault Trustpilot reviews quite often. You could give them what they want, but make sure to be honest about your experience.
- FestingerVault uses AmazonSES for their email communications. If you’re receiving unsolicited emails from them, you can report them to Amazon 3.
- If you are in the UK you can report them to the ICO (Information Commissioners Office). They have a form for reporting spam. I imagine there’s similar services in other countries.
While I cannot say with certainty whether FestingerVault is directly responsible for these issues or if they have an over-eager staff member or marketing company doing shady things on their behalf, one thing is clear: this is entirely unwanted and raises concerns about the legitimacy of their practices.
So, if you find yourself in a similar situation with FestingerVault or any other company that engages in questionable tactics, remember that there are steps you can take to voice your concerns and protect yourself from further unwanted communication.
Footnotes
-
I’m a bit disappointed that they didn’t think my WordPress themes were good enough to pirate on their site. ↩
-
If you want to contact them FestingerVault have posted their email address publicly in multiple places - [email protected]. ↩
-
Select ‘AWS Owned Resource’, then ‘Email’, then ‘Sending Email Spam’. You will need to include email headers and content, and add some comments about what they are doing. ↩
Let me know what you think on Mastodon, or BlueSky (or Twitter X if you must).
Link to this page
Thanks for reading. I'd really appreciate it if you'd link to this page if you mention it in your newsletter or on your blog.