My account was locked out.... So weird
Tommy did it to all accounts to force password resets after 6 were hacked using stale passwordsMy account was locked out.... So weird
Gotcha, thanks for the info sir. Take one night off PCF and shit hits the fan. lolTommy did it to all accounts to force password resets after 6 were hacked using stale passwords
Thanks, I think I’m going to give it a try.For those thinking about the switch... easy
https://dev.to/daniel1404/migrating-from-last-pass-to-bitwarden-i-m-changing-password-manager-48f5
What do you mean? Who notified you?Looks like my yahoo account was hacked. I was provided a list of all the compromised sites and passwords. FFS..
Are you talking about PCF or another site?I also got a notification that I had one compromised password.
It doesn't make much sense.What shocks me here is he returned the $190 in hopes of getting a the whole $325. This hacker is most likely a small time hacker who isn't so bright. He had $190 already and you are lucky he was dumb and returned the $190 to you to try to get a little more money.
Feel the powerBitwarden is awesome, highly recommended.
@Tommy once the dust settles I hope we can get more information about how this may have happened. Am especially curious about how our passwords are stored. I'd assume they are hashed and that the breach was more a result of individuals getting phished or reusing passwords that have been exposed in other breaches.
I must admit to having been really sloppy in this case. My PCF password is one that I used to use frequently and in fact from checking
https://haveibeenpwned.com/Passwords
I can see that it has previously been exposed. I've now (using Bitwarden, handy feature) generated a unique password for PCF and enabled 2FA.
IMO it would be worth having PCF use the Have I Been Pwned API to prevent known passwords from being set and also enforcing a password expiration policy.
Bitwarden is awesome, highly recommended.
@Tommy once the dust settles I hope we can get more information about how this may have happened. Am especially curious about how our passwords are stored. I'd assume they are hashed and that the breach was more a result of individuals getting phished or reusing passwords that have been exposed in other breaches.
I must admit to having been really sloppy in this case. My PCF password is one that I used to use frequently and in fact from checking
https://haveibeenpwned.com/Passwords
I can see that it has previously been exposed. I've now (using Bitwarden, handy feature) generated a unique password for PCF and enabled 2FA.
IMO it would be worth having PCF use the Have I Been Pwned API to prevent known passwords from being set and also enforcing a password expiration policy.
I’ve been down and out lately. When I looked into my email I noticed that my yahoo account hadn’t received any new mail since mid-March. So when I went to the yahoo site and logged in I was immediately stopped and forced to update my info. This is when they informed me that they had been hacked and many users had their info compromised. I don’t know if the recent hacking on PCF is directly related. The gave me a list of all the sites I routinely used that I linked my yahoo email to.What do you mean? Who notified you?
Are you talking about PCF or another site?
@Tommy, is there a rate limit active for login attempts?
Did it work the first time, and was the "make this a trusted device" checkbox checked? If so, it will not require additional 2FA for 30 days from that device. You can stop trusting devices under the settings for 2FA.Still can’t get the 2FA to work
HollyI think this is not my job to adres this here . But as the person in question is me who went to trough just a hour ago, this is very concerning. So here it goes ;
@justincarothers listed a set for sale ;
https://www.pokerchipforum.com/threads/sold.72394/
I immediately called dibs as those chips were the exactly ones I was looking for
I paid $190 by PayPal and told him I’ll pay $135 in about a hour, the set was $325 shipped
I never dealt with @justincarothers so therefore his behavior wasn’t that suspicious at first, he was very inpatient and said he wanted the whole payment immediately and not even wait a hour. Now this is personal preference so I didn’t know what was going on. Okay first thing is first, Justin was HACKED , the person I was talking to wasn’t Justin and I should’ve know it because the flag on this profile wasn’t USA while location is Texas. But I’m relatively new here, so I didn’t catch up.
However, the guy who was portraying himself as Justin refunded me in hope to receive full payment to a other account.
Meanwhile @JeepologyOffroad pmed me about what was going on, that @justincarothers was hacked.
I’m very shocked, and this is very concerning. What will this mean for future deals ? Luckily I have my money back , but imagine if I made the whole $325 payment I would’ve gotten scammed for sure.
He left out his PCF password.I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.
View attachment 677512
Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
What I don't get about this is someone would have to break into some accounts, this isn't hacking, and then have a fairly decent understanding of how this forum works, what people would want to buy and would be willing to pay quickly. That's a lot of attention
Yes - I was going to post the same thing! I have been into vintage tube audio since I was in my 20’s and most of the audio forums do something similar - hand written note or daily paper with date included in PIC to show it’s current. (For this very reason)I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.
View attachment 677512
Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
He left out his PCF password.
Absolutely applaud the idea, but counter-point. This took me maybe 45 seconds. I'm sure someone who spent more time could do much better and at the end of the day I think the strongest preventative measures are vigilant password and account security precautions, which should be every day best-practices.I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.
Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
The is idea is just a supplemantation to the already security measurements indeed. It’s not waterproof . But all together will add up and make sales pretty safe again.Absolutely applaud the idea, but counter-point. This took me maybe 45 seconds. I'm sure someone who spent more time could do much better and at the end of the day I think the strongest preventative measures are vigilant password and account security precautions, which should be every day best-practices.
View attachment 677530
Yep, totally get it. I'm not saying anyone shouldn't do it, but I'm going to steer clear of that particular method because I'd prefer not to distribute my handwriting to the internet for anyone to manipulate and use at a later time.The is idea is just a supplemantation to the already security measurements indeed. It’s not waterproof . But all together will add up and make sales pretty safe again.
You can always use a written note by phone and show it. Or pcYep, totally get it. I'm not saying anyone shouldn't do it, but I'm going to steer clear of that particular method because I'd prefer not to distribute my handwriting to the internet for anyone to manipulate and use at a later time.
FWIW I'm naming my next child Mfiondu OkangweYou should always check the name of the person you're sending money to on PayPal. It shows the name of the recipient before you click send or confirm. If you're buying chips from Mel, and the recipient is listed as Mfiondu Okangwe, and they responded to your request for payment info with, "please for make send $500 to m4t67k@yahoo.com", then you should realize that something isn't right.