PLEASE BE AWARE HACKER(S) ACTIVE (1 Viewer)

Status
Not open for further replies.
What shocks me here is he returned the $190 in hopes of getting a the whole $325. This hacker is most likely a small time hacker who isn't so bright. He had $190 already and you are lucky he was dumb and returned the $190 to you to try to get a little more money.
It doesn't make much sense.
 
Bitwarden is awesome, highly recommended.

@Tommy once the dust settles I hope we can get more information about how this may have happened. Am especially curious about how our passwords are stored. I'd assume they are hashed and that the breach was more a result of individuals getting phished or reusing passwords that have been exposed in other breaches.

I must admit to having been really sloppy in this case. My PCF password is one that I used to use frequently and in fact from checking

https://haveibeenpwned.com/Passwords

I can see that it has previously been exposed. I've now (using Bitwarden, handy feature) generated a unique password for PCF and enabled 2FA.

IMO it would be worth having PCF use the Have I Been Pwned API to prevent known passwords from being set and also enforcing a password expiration policy.
 
Bitwarden is awesome, highly recommended.

@Tommy once the dust settles I hope we can get more information about how this may have happened. Am especially curious about how our passwords are stored. I'd assume they are hashed and that the breach was more a result of individuals getting phished or reusing passwords that have been exposed in other breaches.

I must admit to having been really sloppy in this case. My PCF password is one that I used to use frequently and in fact from checking

https://haveibeenpwned.com/Passwords

I can see that it has previously been exposed. I've now (using Bitwarden, handy feature) generated a unique password for PCF and enabled 2FA.

IMO it would be worth having PCF use the Have I Been Pwned API to prevent known passwords from being set and also enforcing a password expiration policy.
Feel the power :D
 
Bitwarden is awesome, highly recommended.

@Tommy once the dust settles I hope we can get more information about how this may have happened. Am especially curious about how our passwords are stored. I'd assume they are hashed and that the breach was more a result of individuals getting phished or reusing passwords that have been exposed in other breaches.

I must admit to having been really sloppy in this case. My PCF password is one that I used to use frequently and in fact from checking

https://haveibeenpwned.com/Passwords

I can see that it has previously been exposed. I've now (using Bitwarden, handy feature) generated a unique password for PCF and enabled 2FA.

IMO it would be worth having PCF use the Have I Been Pwned API to prevent known passwords from being set and also enforcing a password expiration policy.

Thanks for sharing that link, cool site. I checked a lot of my old passwords, all have been previously exposed. About a year ago I came up with a new system and changed most of my passwords to be more secure, but still easy to remember. Thankfully these have not been "pwned" yet.

I'm still considering signing up for a password manager though.
 
What do you mean? Who notified you?



Are you talking about PCF or another site?
I’ve been down and out lately. When I looked into my email I noticed that my yahoo account hadn’t received any new mail since mid-March. So when I went to the yahoo site and logged in I was immediately stopped and forced to update my info. This is when they informed me that they had been hacked and many users had their info compromised. I don’t know if the recent hacking on PCF is directly related. The gave me a list of all the sites I routinely used that I linked my yahoo email to.
 
@Tommy, is there a rate limit active for login attempts?

Could replace the need for 2FA for those with strong randomly generated and unique passwords. Not saying 2FA wouldn't add any security in those cases, but there's a point where "more" is overkill when you've already done so much.

And yes, a password manager is a great thing, but it comes with caveats. A) You need a really crazy good password to encrypt the key store, and B) you must not ever have the device on which the password manager is running compromised by a virus.
 
@Tommy, is there a rate limit active for login attempts?

Yes. it's 5 failed attempts.

2021-04-14_12-15-43.png
 
I think this is not my job to adres this here . But as the person in question is me who went to trough just a hour ago, this is very concerning. So here it goes ;
@justincarothers listed a set for sale ;

https://www.pokerchipforum.com/threads/sold.72394/


I immediately called dibs as those chips were the exactly ones I was looking for
I paid $190 by PayPal and told him I’ll pay $135 in about a hour, the set was $325 shipped

I never dealt with @justincarothers so therefore his behavior wasn’t that suspicious at first, he was very inpatient and said he wanted the whole payment immediately and not even wait a hour. Now this is personal preference so I didn’t know what was going on. Okay first thing is first, Justin was HACKED , the person I was talking to wasn’t Justin and I should’ve know it because the flag on this profile wasn’t USA while location is Texas. But I’m relatively new here, so I didn’t catch up.
However, the guy who was portraying himself as Justin refunded me in hope to receive full payment to a other account.
Meanwhile @JeepologyOffroad pmed me about what was going on, that @justincarothers was hacked.
I’m very shocked, and this is very concerning. What will this mean for future deals ? Luckily I have my money back , but imagine if I made the whole $325 payment I would’ve gotten scammed for sure.
Holly
 
I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.

F93EACAA-60E3-4015-87FD-A979AD5F9B8D.jpeg


Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
 
I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.

View attachment 677512

Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
He left out his PCF password.
 
What I don't get about this is someone would have to break into some accounts, this isn't hacking, and then have a fairly decent understanding of how this forum works, what people would want to buy and would be willing to pay quickly. That's a lot of attention
I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.

View attachment 677512

Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
Yes - I was going to post the same thing! I have been into vintage tube audio since I was in my 20’s and most of the audio forums do something similar - hand written note or daily paper with date included in PIC to show it’s current. (For this very reason)

I would also typically ask some obscure question that only a true audiophile or someone very familiar with that piece of gear would know. Like chippers, audiophile’s are a different breed and you can usually get a “read” on if they know what they are talking about.

walked away from quite a few few deals due to the answer back - lol.

Unfortunately, I don’t have quite that level of “chip knowledge” yet - lol.
 
I added the idea that from now on , all sales pictures should be verified with a note next to the chips with the username of the seller AND the actual date of the listed items.
@chipinla shows a perfect example here of that idea , let me know what y’all think.


Ps . In the end we all can decide for ourselves. In my case I’ll be only buying listed items that can be verified with the above example.
Absolutely applaud the idea, but counter-point. This took me maybe 45 seconds. I'm sure someone who spent more time could do much better and at the end of the day I think the strongest preventative measures are vigilant password and account security precautions, which should be every day best-practices.

scam.png
 
Absolutely applaud the idea, but counter-point. This took me maybe 45 seconds. I'm sure someone who spent more time could do much better and at the end of the day I think the strongest preventative measures are vigilant password and account security precautions, which should be every day best-practices.

View attachment 677530
The is idea is just a supplemantation to the already security measurements indeed. It’s not waterproof . But all together will add up and make sales pretty safe again.
 
The is idea is just a supplemantation to the already security measurements indeed. It’s not waterproof . But all together will add up and make sales pretty safe again.
Yep, totally get it. I'm not saying anyone shouldn't do it, but I'm going to steer clear of that particular method because I'd prefer not to distribute my handwriting to the internet for anyone to manipulate and use at a later time.
 
Yep, totally get it. I'm not saying anyone shouldn't do it, but I'm going to steer clear of that particular method because I'd prefer not to distribute my handwriting to the internet for anyone to manipulate and use at a later time.
You can always use a written note by phone and show it. Or pc
 
You should always check the name of the person you're sending money to on PayPal. It shows the name of the recipient before you click send or confirm. If you're buying chips from Mel, and the recipient is listed as Mfiondu Okangwe, and they responded to your request for payment info with, "please for make send $500 to m4t67k@yahoo.com", then you should realize that something isn't right.
 
You should always check the name of the person you're sending money to on PayPal. It shows the name of the recipient before you click send or confirm. If you're buying chips from Mel, and the recipient is listed as Mfiondu Okangwe, and they responded to your request for payment info with, "please for make send $500 to m4t67k@yahoo.com", then you should realize that something isn't right.
FWIW I'm naming my next child Mfiondu Okangwe
 
One more data point:

I had a forced password reset this morning. My guess is that someone was trying to get in and failed too many times. Thankfully, I use a password manager and very secure passwords. (Shoutout 1Password!) Thanks for the 2FA suggestion -- I didn't know that this site supported it. Enabled now.
 
Status
Not open for further replies.
Back
Top Bottom