359 comments

[ 4.1 ms ] story [ 246 ms ] thread
You might want to obfuscate the last 4 digits of your credit card in that screenshot given how useful it is for hacking other systems.
Yeah, his expiration date (if correct) is on there too.
Card's already canceled. Thanks though.
I don't think that rathboma was suggesting that you might get fraudulent changes on the card - but any other service that you use which currently has that card on record could now potentially be compromised by anyone who knows your name and has those 4 digits - many customer support systems only need that much to verify your identity and make changes to your account.
Do all of the online services you use also no longer use the last four of that card for authentication purposes over the phone? For instance, you can sometimes use the last four of the card on a GoDaddy account to get a password reset over the phone.
Doesn't matter, it's still confidential information that can be used to verify you or used to social engineer more information about you. "Hi sir, I'm calling in because I lost access to my account, I don't have my current card, but I do have the last 4 of my previous that I used on this service, will that be good enough?"

Like don't reveal unnecessary information if you don't have to. It's low effort, high risk.

You should read: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

>> It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud. <<

[Apple may have changed their policy meanwhile, but likely others did not]

Some banks allow charges through to cancelled cards -- beware!
Hrm I've never heard of this apart from automatic billing systems ability to request the new card number. Any more specific info about that? I'm interested in how this is possible.
I know that when I canceled my American Express card, they said that they would keep the account open for an X amount of time (I wanna say ~1 year), and I would be responsible for any charges during that period, and billed normally. However that was a case of canceling because I was just closing the account - not because of fraud... I assume they have different processes.
Yeah, it looks the same with little tweaks. My question is did those magazines feature flymaids as they are stating?

EDIT: The site looks the same and that is a clear fraud hence my question.

According to the article, no.
That's a bit brazen to make those claims on the site. They can get into trouble for that and also ruin their own reputation. So I am thinking the site is a little joke? When you click on help and go to FAQs, it labels questions as "HOT".

I think it is a joke.

Did you notice they literally copied their competitors site?

Testimonials are the least of their worries.

User of private data is really concerning. How easy someone can take liberty of using the private data for a ride :( When I read the post about someone go crazy to protect their data and communication, I feel they need to have little faith in fellow people. But this kind of instance move my confidence and make me think that we are racing against time and we will see more and more kind of this situations.
They didn't claim they were featured. They simply displayed the logos. Lots of affiliate marketing sites do the same thing.

I'm not defending the practice of course.

It's entirely possible that including the logos is a trademark violation.
You're underestimating how far people are willing to go to appear legit. Showing logos of companies who aren't your clients -- or of publications that never mentioned you -- is common. They know most people won't check to verify.
>You're underestimating how far people are willing to go to appear legit.

You are right. This is clearly a lawsuit waiting to happen.

My old Homejoy login doesn't work on that site, and doing "forgot your password" gives an error of "user does not exist" for the email I used with Homejoy.
They're probably not porting over accounts by default, but rather waiting for users to express interest by clicking the link in the marketing email.

From the original post:

> Worst still, as I navigated around the site I realized the email link I clicked logged me into “My Account”. This screen had lots of my personal information, home address, email, even my credit card number.

So hold on... If we can work out how they encoded those activation URLs, or someone intercepts the email then they can get full access to anyone's account?

I have zero sympathy for HomeJoy. They failed, which is something I can gave sympathy for. But they sold all their customer's private data without notifying them of this fact, and caused major security concerns in the process!

We don't actually know what happened here. It could have been just one founder doing something shady; it could have been a hack; it could be something we can't imagine yet.

Let's not break out the pitchforks until we know who to point them at.

(comment deleted)
Actually, I'm breaking out the pitchforks. One of the requirements for PCI compliance is that you do NOT hold credit card data for any longer than absolutely required. Given HomeJoy was not doing any more billing of credit cards, these should have been removed from their system.
They may still be compliant and storing your credit card responsibly, I would assume they used Stripe or similar and they're only sending the last 4 digits back over standard http. If they're allowing you to add a new card, then there's an issue.
Looking like they sold their customer data over to fly maids or whoever was behind them. Surprised they were able to actually transfer the CC info. When I was at a company that was selling off assets, the most we could do was give them customer email addresses. I have serious doubts about the legality of this.
This appears to be very plausible.

Googling "Fly Maids, Inc" shows their terms and privacy pages w/last modified dates of 2013 and 2014 respectively.

https://www.google.com/search?q=%22Fly+Maids,+Inc%22

Except it looks like the domain was dropped on 1/17/2014 and then re-registered earlier this month.

The domain's WHOIS info lists:

Creation Date: 2015-10-08T04:34:58Z

It's only the last four digits of the card number.
This is completely appalling and a blatant ripoff of Handy. I hope they don't get away with this.
It's the rip-off that put me over the top. I was so pissed I had to write the article.
I'm pretty sure them having the details Homejoy promised wouldn't be accessible is a much bigger deal, at least for me it is. If they have it, who else does?
It's sad, but I guess feel like my data isn't really secure anywhere.
It isn't. Used to be that two could keep a secret if one were dead. Still true, unless one is a corporation; they can never really die.
Search for "open the door to better days" and you'll find dozens of these Handy knock-offs.
Oh that's not shady at all. Assuming all this is legal (I doubt it, but hypothetically) how is this a good marketing tactic? Having all this info already stored comes off as way more creepy than convenient as evidenced by the author of the article. And yeah, I can't see this being legal in a thousand years.
> Having all this info already stored comes off as way more creepy than convenient as evidenced by the author of the article.

If you're used to thinking about this from our side of things, sure. For Random Person, they might think, "gee, this is neat! And they've already got my card number and everything!"

No, random person thinks what we all think: "how the hell did they get my credit card details?!?!"
This site appears to be hosted on Heroku according to the DNS information.

    www.flymaids.com.	3600	IN	CNAME	cleanerconnect.herokuapp.com.
    cleanerconnect.herokuapp.com. 300 IN	CNAME	us-east-1-a.route.herokuapp.com.
    us-east-1-a.route.herokuapp.com. 60 IN	A	23.21.224.165
Would the author have a case for emailing Heroku's abuse address and asking them to look into it or would this fall outside their purview? My hypothesis is that they'd want to know if their services were being used in a fashion that was creepy (for lack of a better descriptor).

  Updated Date: 27-oct-2015
  Creation Date: 08-oct-2015
They be baffled by the page views they be getting! Would this be considered as "any publicity is good publicity"?
(comment deleted)
(comment deleted)
Looks like the domain was registered on Oct 8th and I can't find "Fly Maids" or similar names on the Delaware Division of Corporations. (Maybe it takes longer for it to show up?)

Either way super weird and creepy.

Any C-corp created in Delaware shows up their Entity Search (link below) almost instantly, e.g. within a few minutes of the company's creation.

That said, I looked on the Fly Maids webpage and they don't give the name of their corporation at all, they just show "© 2015 Fly Maids. All rights reserved." That means that "Fly Maids" could be a trademark, a fictitious name, owned by a corporation with a different name, or just owned by any random individual who hasn't registered his/her business. Another possibility is that Fly Maids is in fact registered as a corporation or LLC, but in a state other than Delaware. Yet another possibility is that "Fly Maids" is a fictitious name, and those are generally registered at the county in which they operate, and searching through each county's database would be an enormous task.

My point is: in any of the above cases it could be nearly impossible to figure out who is actually running this website. And failing to find a result in the Delaware Division of Corporations website really doesn't tell you much of anything.

And, as a relevant tangent: If you are really interested in finding out who owns/runs that website you could always sue Fly Maids. GoDaddy explicitly states in their Ts and Cs that they will give up owner information if there is a lawsuit brought against the owner...

----- Delaware Division of Corporations Entity Search link... https://icis.corp.delaware.gov/Ecorp/EntitySearch/NameSearch...

As mentioned above, they don't exist or are lying. Likely the former. Their privacy page claims to give you exactly what to search for:

> In the USA/rest of the world (excluding the European Union), we are Fly Maids, Inc. (doing business as Fly Maids), a Delaware corporation with our head office at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808.

http://www.flymaids.com/privacy

Biggest thing is that CC info still being on there. That is grossly irresponsible.

Not that I approve ripping people off, but hard to sympathize with Handy when Handy treats (treated?) its employees and workers poorly.

As for the whole transferring over of assets without any secure certs, that's pretty shady and/or lazy not doing that.

Cue someone from said company posting, "oh sorry we're not ready for public and that accidentally got sent" without mentioning why they even have the author's data or why the author's credit card data was apparently sold off.

What's the big deal? Homejoy is just hacking startup downfunding... (/s)

I'd like to see some kind of stronger YC influence on ethics in the companies they fund. I realize that YC doesn't have any direct control over the companies, but it could be as simple as including good ethics in the traits they look for in startup founders.

A while back I started compiling a list of YC companies that spammed or otherwise behaved badly. It quickly got back-burnered by other projects, but there was AirBnB from W09, InstallMonetizer and SocialCam from W12, Zenefits from W13, Abacus and GetAirHelp from W14, Gradberry and OmniRef from W15 ... while so far it looks like the majority of YC startups are well-behaved, the trend was looking like there's a few in every batch that are willing to do shady things to meet their growth metrics.

Or, in Homejoy's case, maybe make a little more money while winding down.

Does YC officially offer any ethics training/mentoring?

It would be an interesting offering even if there isn't any weight behind it. Sometimes I think the message, "Hey, maybe we should all think about what we are doing and whether or not it is in the best interest of something besides our bottom line" isn't something that is brought up/told to a lot of founders. However, whether or not they listen is totally up to them and I am fine with that.

YC makes it very clear they will disavow any company or founder that acts unethically. YC is strict about very few things, but this was made clear in no uncertain terms (especially by Jessica). When things go bad, YC always gets involved – even if you don't read about it online.

Don't blame YC just yet. We don't know what happened here. Maybe Homejoy went into debt, had their assets seized, and lost control (like with GigaOM). Maybe the investors approved or forced a reincorporation under another name. Maybe Handy bought the assets and is quickly trying to stem off churn. Or, yeah, maybe something unethical happened. Until we know what happened, though, it's all speculation.

Is this a new policy? Because the company that prompted me to start the list, Zenefits, is still a Paul Graham darling: https://twitter.com/paulg/status/654377298234224640

Or, might be that our definitions of unethical don't match up 100%. I consider spam to be unethical, maybe you just mean more serious offenses.

I guess we all have different views on ethics, maybe I'm just used to seeing spam and tossing it out. I find it harmless now because I'm so used to getting it...but its interesting to see how offended people get when they see unsolicited virtual mail which can be deleted with a click of a button.

I'm actually more concerned about the actual spam in my real world mailbox that USPS dumps 3 times a week, no opt-out button there.

Among my responsibilities is systems administration for hosted services for customers, including email. What is for you a minor nuisance is for me a major time-consuming headache. For instance, even with a top-of-the-line modern mail stack, including SpamAssassin and greylisting and so and so forth, enough spam was still getting through to customer inboxes that I've had to develop additional non-trivial software specifically for dealing with it.

I beat this drum occasionally because I don't want to have to pit my meager resources against the resources of someone like YCombinator who are willing to provide funding (and introductions to enormous amounts of even more funding) to companies that are OK with spamming.

And I'm not including B2B cold emails as "spam", even if they're written as a template, so long as there's an actual human behind them and they aren't being sent out en masse (for example, Locbox: https://news.ycombinator.com/item?id=4672162).

At this point I have been hearing this sorry excuse for twenty years. At least it once had the value of novelty.

Spam is illegal, so that's one good sign it might be unethical. About 90% of email is spam [1]; the reason you aren't spending all day "deleting with the click of a button" is that a lot of smart people and a lot of computing power are devoted to keeping most of that spam out of your inbox.

You should be thankful for the people who get offended about this stuff, because its only their reactions and their hard work that have kept email a usable medium.

[1] https://www.m3aawg.org/sites/default/files/document/M3AAWG_2...

(comment deleted)
This thread is about "selling customer data", not "cold outreach."

But since you brought it up, cold outreach for B2B is not considered spam, as long as they comply with the following: https://www.leadfuze.com/cold-email-outreach-isnt-spam-heres...

Not everything legal is ethical, but in this case it seems more annoying than unethical. I hate cold outreach emails and my company doesn't send them, but concluding that YC doesn't care about being ethical because the former president of YC tweets about a company that sends cold outreach emails seems like a stretch.

You're right, I've veered some discussion away from the original topic, sorry. I wanted to focus more on YC's role in this, if any.

(As my final word on it however, Zenefits specifically was not sending "cold outreach emails", it was bona-fide spam. But, they're far from alone in this anyway, which was my main point.)

hmm... There were some previous threads about Zenefits where pretty much everyone (customer base mostly) that came in contact with Zenefits was unhappy for one reason for other. This seems to be a bit of a trend for them. The fact a VC is happy with the company simply shows the difference in incentives between investors in a company vs outsiders.
Did YC ever disavow InstallMonetizer? (honest question)
I've seen that before, but it's essentially the opposite of disavowing isn't it? He's doing quite a bit of rationalizing and misdirecting in that post, IMO.

At the time, I remember being incredibly disappointed to see him hide behind the EULA and "This one seems a matter of opinion." That's why it came to mind immediately and I was curious if YC ever took a more respectable position in the interim.

Well, given that the YC official stance on founders is that they should 'be a little naughty' and that they expect founds to not care 'about observing proprieties', I am not surprised that the founders would be a little shady when things aren't going well.

http://www.paulgraham.com/founders.html

Looks like the list Santa uses to give gifts on christmas
I doubt that spam or cold emails are considered a major breach of ethics. We might as well start filing lawsuits against the thousands of startups that spam the crap out of my inbox everyday. To fix all of that I just have a really good spam filter.
Yes, YC specifically posted about founder ethics a year and a half ago.

https://blog.ycombinator.com/founder-ethics

https://www.ycombinator.com/ethics/

  "To maintain our community, if a founder behaves 
  unethically during or after YC, we will revoke their YC  
  founder status. This includes access to all Y Combinator
  spaces, software, lists and events."

  "We will stand behind you no matter how much your company
  struggles, as long as you behave ethically."
I'd like to see some kind of stronger YC influence on ethics in the companies they fund.

Great idea, maybe you should take that up with Paul "Morally, [the founders we want to fund] care about getting the big questions right, but not about observing proprieties. That's why I'd use the word naughty rather than evil." Graham.

You say "lying", I say "exploring a few different angles on communication" /s
Everyone is assuming that the founders sold the company data to Fly Maids, a brand-new company nobody has ever heard of before.

It's also possible one of the founders just spun up the new service themselves and copied over all of the customer records. If so, they may want to prepare to be sued by their previous investors.

It's one thing to fail after giving it the good ol' college try, but it's another entirely to strip the copper out of the walls on your way out.

Speculation aside, they should put out a statement to clarify the relationship between the companies and what's going on with their customers' data.

That was my first assumption as well - that one of the founders was continuing to work with the same idea under a different brand.

Whoever it was, they clearly capitalized on the market opening left in Homejoy's wake. A quick

  whois flymaids.com
yields

  Domain Name: flymaids.com
  Registry Domain ID: 1966895891_DOMAIN_COM-VRSN
  Registrar WHOIS Server: whois.godaddy.com
  Registrar URL: http://www.godaddy.com
  Update Date: 2015-10-08T04:34:58Z
  Creation Date: 2015-10-08T04:34:58Z
  Registrar Registration Expiration Date: 2016-10-08T04:34:58Z
  Registrar: GoDaddy.com, LLC
  Registrar IANA ID: 146
  Registrar Abuse Contact Email: abuse@godaddy.com
  ...
  Registrant Organization: Domains By Proxy, LLC
  ...
The site was only created in the last 3 weeks, and it was registered by someone who wanted to stay anonymous (which is, in fairness, very reasonable - Homejoy cofounder or not. Certainly not enough to draw a conclusion).
Domain registrars often include a year of "whoisguard" (namecheap's brand for it) or similar with new domain registrations. I'm never too surprised by that until it's been over a year. Or is Domains By Proxy a more significant anonymity system?
They're all pretty much the same - just who is controlling it. Domains by Proxy is GoDaddy's version.
As part of winding down they could have sold off their data to an interested party, not different from a merger, and they further could have hired some of the old team.

If someone just copied the db and then sold or gave it on the sly, investors of former unaware, then, yes, problematic. But if it was a transaction approved by the principals of the former, unfortunately, there aren't stipulations about commutability of customer data, are there?

They could have actually sold the entire company, so this is just a new skin on top of the old software.
Well, according to their Privacy Policy you can just shoot them an e-mail:

> You may contact us as follows: support@flymaids.com.com

Oh wait....

[Bonus points for saying they are incorporated in Delaware who has no record of a business by that name.]

*Edit- See below, I searched the company name on the Delaware website two different ways and they certainly do not have an active registration or even a name reservation.

Every startup is incorporated in Delaware, not always as the name they call themselves.
Except they gave me the name to look up[1]:

"In the USA/rest of the world (excluding the European Union), we are Fly Maids, Inc. (doing business as Fly Maids), a Delaware corporation with our head office at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808."

Trust me, it isn't there. I tried both the regular lookup and just a simple name reservation in case the paperwork hadn't gone through yet. No results for either.

[1] http://www.flymaids.com/privacy

Not incorporated in Delaware (as represented) nor are they qualified to do business in CA (where they are, presumably, physically located)...Probably not the company you want coordinating strangers into your home, though something tells me this is par for the SV course. You know move fast and break things, or beg forgiveness rather than ask permission. However, my advice owners/operators, they might wish to consult a lawyer to explain the basics of personal liability and benefits of corporate protections...
Oh yeah, totally forgot about the part that they were trying to do business in Los Angeles...
I presume this is language that was copied straight from the website of the competitor
homejoy barely gave it a college try. more like high school try
Whomever is responsible for this should be blacklisted from receiving funding in the future.

This is a really scummy move, and the person behind it should be publicly humiliated so that they understand the error of their ways.

(comment deleted)
I'm pretty sure I know what's going on. In order to pay off their debts, Homejoy must have sold user account information, including credit cards, to a bunch of local home cleaning businesses. A shit ton of them have been popping around over the past couple of years, modeled after the advice given in this subreddit: https://www.reddit.com/r/entrepreneurridealong

The difference with these local cleaning businesses is that they are developed and ran by amateurs, who often times copy each other (or the successful giants) down to the wording on the websites, with minor branding changes. They tend to be super low-budget, so Fly Maids probably paid some "web developer" $500 to develop their website and paid zero attention to security, PCI compliance, and so on. They then purchased a bunch of LA-based user accounts from the now-defunct Homejoy, who of course did not perform any due diligence.

Shitty situation to be sure. I definitely lost respect for the Homejoy founders, and will probably stay away from their next venture.

How is it possibly legal to sell credit card details to a third party?
It makes sense in many cases: when, say, Verizon Wireless acquired Alltel, an Alltel customer who has automatic monthly billing set up shouldn't be required to re-set up billing with Verizon, simply because it's a new company.

It's not clear to me that the same intuition applies if the Alltel equivalent is shutting down because it was mismanaged, and the Verizon equivalent was created by one of the mismanagers and has no other assets, but it's hard for me to imagine there's a meaningful legal distinction.

What is the full URL of the link in the email you received? You must save your login information in your browser, otherwise I assume you would have questioned how you logged into the site at all.

It could be a phishing scheme that attacked your saved login information then placed that on a dummy site in hopes that you may provide even more data.

EDIT: They could have sold / transferred user data... but I don't know how they would automatically authenticate you without using some previously stored data that you, maybe unknowingly, gave them access to.

(comment deleted)
as someone mentioned in the blog comment, Fly Maids site is a complete copy (with redesigned homepage) of another cleaning service http://www.homeaglow.com/

@johnsalzarulo out of curiosity, try if your login works on homeaglow.com

f.e.: both logos are served from the same S3 bucket: https://s3q1w2e3.s3.amazonaws.com/brands/logos/fly_maids.png https://s3q1w2e3.s3.amazonaws.com/brands/logos/homeaglow.png

It also has the same address/registration number as the one in the privacy policy of http://cleanr.ca/

"a company incorporated in England and Wales (registration number 8883585) with its registered office address at 14 Whittonditch Road, Ramsbury, Marlborough, Wiltshire, United Kingdom, SN8 2PY."

Which is in fact "HOMEJOY EUROPE LIMITED"! https://beta.companieshouse.gov.uk/company/08883585
So the probably sold the whole company and reincorporated. I almost did a deal exactly like this today.
Wild speculation: could they (Homejoy or whoever is liquidating them) be trying to salvage Homejoy's best markets by creating new cookie-cutter brands for each one and then trying to find a buyer?
Cleanr can't be "Homejoy Europe Limited", it could be a trading name of them, but in their terms Cleanr say:

>"These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of 112 Bagot St Toronto Guelph Canada m3k1v6." //

That's a pretty specific set of laws!! But it's not then the website of a UK company. FWIW in Europe legislation requires a business to have the business name and address for service on the website.

They also use a @gmail.com email address, which is low trust indicator for a business IMO.

It might be of note that Cleanr haven't updated their Facebook page, https://www.facebook.com/HomeCleanr/, since April 2015.

I saw your post right after I noticed a broken logo on their booking form. I think this seems to be an interesting lead.
Yep, also using the same Mixpanel ID and Google Analytics ID, which could be because of copying the entire thing, or because they're the same company, signs point to same company since they have assets with different company names in the same S3 bucket though!
When I entered my email into homeaglow it didn't work. It said I had the wrong password. BUT when I entered in the password reset box I got a password reset email from support@flymaids.com. They are unmistakably connected somehow.
Perhaps homeaglow is just a prelaunch version of flymaids? Line maybe they were creating the brand around homeaglow, then switched at some point to flymaids and just never wound down the first site?
Also interesting, the homeaglow.com zendesk account (now shut down) has all its entries created by "AJ Hung" https://www.google.com/?gws_rd=ssl#q=site:https:%2F%2Fhomeag... (look at the cached pages).

One of the first employees of Homejoy was Daniel Hung https://twitter.com/danhung

Anyone want to tweet him and ask? :-)

This is a total nitpick, but I was actually Homejoy's first engineer. I was fired after 4 days, and then they hired Dan to replace me. This has no relevance whatsoever, I just thought I'd clarify that one bit :)
He dis say "ONE of the first" and not "the first". Unnecessary nitpick, I'll give you that...
It's not an uncommon practice to A/B test your branding, even your brand name. The other wesbite could be targeting a different market, different geography, etc.

The point is we just don't know at this point and perhaps we should refrain from doxxing the innocent until proven guilty.

Same registration number, office address, etc.

> In the USA/rest of the world (excluding the European Union), we are Fly Maids, Inc. (doing business as Fly Maids), a Delaware corporation with our head office at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808. In the European Union, we are Fly Maids Europe Limited, a company incorporated in England and Wales (registration number 8883585) with its registered office address at 14 Whittonditch Road, Ramsbury, Marlborough, Wiltshire, United Kingdom, SN8 2PY. We will refer to these companies together as "Fly Maids", "we", "us" and/or "our".

(http://www.flymaids.com/privacy)

> In the USA/rest of the world (excluding the European Union), we are Homeaglow, Inc. (doing business as Homeaglow), a Delaware corporation with our head office at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808. In the European Union, we are Homeaglow Europe Limited, a company incorporated in England and Wales (registration number 8883585) with its registered office address at 14 Whittonditch Road, Ramsbury, Marlborough, Wiltshire, United Kingdom, SN8 2PY. We will refer to these companies together as "Homeaglow", "we", "us" and/or "our".

(http://www.homeaglow.com/privacy)

This whole ordeal is confusing.

So it looks like Aaron Cheung ripped of Handy's website into multiple clones and is running them separately?

Maidayy.com also appears to be the same - the privacy policy is almost an exact word-for-word copy of homeaglow etc, and the site design has a lot in common as well. However, it appears to have been registered as early as march?

Their privacy policy appears to be copy-pasted as well:

> we are Maidayy LLC (doing business as Maidayy), a Wisconsin company with our head office at ADDRESS, CITY, STATE USA

edit: just noticed this heading near the bottom:

"Access to Information; Contacting Homejoy:"

I tried to book an appointment with a bogus email and got a 500.

The logo image was broken and I noticed an interesting path when viewing it's `src` attribute:

    https://s3q1w2e3.s3.amazonaws.com/brands/logos/
I wonder if this is a template theme or perhaps some sort of parent company that has many brands.
While this is sleezy, and probably violating all sorts of copyright and fraud statutes, I have to commend the down-and-dirty hustle here.
Digging into trademarks, incorporations and S-1's is a weird little obsession of mine..

That said, my initial findings are that Flymaids is directly related to Homejoy. Under Privacy link of Flymaids it states "In the European Union, we are Fly Maids Europe Limited, a company incorporated in England and Wales (registration number 8883585) with its registered office address at 14 Whittonditch Road, Ramsbury, Marlborough, Wiltshire, United Kingdom, SN8 2PY."

If you lookup the registration number at Wales Companies House, it shows owner as "HOMEJOY EUROPE LIMITED"

https://beta.companieshouse.gov.uk/company/08883585

FWIW, they changed their registered address on 8/7/15, ten days short of their announcing to cease operations: http://bit.ly/1kbHtyJ

As I mentioned in another post, they don't seem to be actually registered in Deleware and there are typos related to find/replace (support@flymaids.com.com) so I'm not sure we can discount the chance someone just cut/pasted that from the original Homejoy privacy page. Homejoy's privacy page doesn't load and the wayback machine was blocked via robots.txt so we have no good way of checking that I can think of.

Also, nice to meet someone else obsessed with investigating incorporation documents. :)

This may be known already, but HOMEJOY, INC. is a Delaware corporation with the filing number: 4815336

----

As mentioned in Flymaids privacy policy, their "head office" in Delaware is actually offices to incorporate.com; a registered agent for out of state companies.

Also, a DBA search in Delaware returns nothing: http://www.courts.delaware.gov/tradenames/JICKioskSearch.asp...

Is there any way if getting the company status without having yo pay $10? Seems bizarre you have to pay to see if the company is still in business or not!
That's a residential address, but seems to be being used as a registered office for the UK branches of a few US tech companies. e.g. Hired.com, Canvas.
That's the head office of Nortons accountants, who I'd imagine are handling the liquidation. Changing the registered address is normal. http://www.nortonsgroup.com/uk/global-offices
The liquidators have the power to dispose of the assets as they wish, in an attempt to return as much money to creditors (and the taxman) as possible. It's entirely possible that they've decided to try and keep some parts of the company active and have outsourced the dev work to a shady 3rd party. Alternatively they might be moving the sellable assets into a separate company which can itself be sold soon/later. Odds are that the founders weren't behind this move.
> Odds are that the founders weren't behind this move.

Are you insinuating that someone other than Aaron Cheung sent the email from the top of the post? That seems... strange.

In the UK the liquidators hold the assets in a kind of trust. It is their responsibility to try and liquidate the assets to return money to the creditors.

In my case one of our founders purchased the domain name and the "good will of the company", and continued to run the company under that name as a "trading name". The actual company entity going forward was completely different.

(comment deleted)
(comment deleted)