The Site > DSLReports.com > Site Bugs > site user password intrusion info

reply to scott0531

Re: site user password intrusion info

reply to justin
Is there someone I can talk to about getting my original username/account back? I tried e-mailing Justin a while back but never got an answer. I'd really like to continue to use my original account. TIA.

reply to justin
Spam was sent again today to my hotmail contact list.

I had deleted the contacts off my hotmail account the last time when i changed the password. So obviously, they grabbed the entire contact list and spoofed my email address to send this out. Again.

Geez.......

This happen to anyone else too today?

edit: Not my entire contact list from before....just the 3 contacts that were added to my hotmail contact list since the last incident. I changed up the password again today.

reply to justin
Because of this problem, my Hotmail account was compromised and was used to spam people on my contact list. I made a mistake of using the same password on both my Hotmail account and here at DSL Reports. People on my contact list told me that they were receiving spams from my Hotmail account. Some of them were just simple spam plus others are malicious and virus infested ones. I've immediately login to to my various accounts and change each of them to a different passwords. Luckily for all of my financial places, I've uses a much more sophisticated passwords and wasn't compromised.

Doing it this way would mean it's more difficult to remember all of those different passwords. For me, I've typed it all on a Word document and then passwords saved it as WinRAR file using an easy to remember password.

reply to Hall
If it wasn't for people like your co-worker, average folks like you and I wouldn't look so good!

reply to nwrickert
"random luck" or *coincidence* doesn't factor in with this person... It HAD to be legitimate, as far as they think !

reply to Hall

reply to nwrickert

reply to Rick
You might have received a phish. It's good that you were suspicious.

Unfortunately, paypal is not very good at identifying phish. I have seen a number of reports of mail that actually came from paypal, and when submitted to paypal they wrongly identified it as phish.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 4.0

reply to nwrickert

reply to Rick
Is there any chance that was the email discussed here:
»PayPal Email...your enhanced account statement is here
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 4.0

reply to justin
I just wanted to report this. I'm not 100% sure its the result of what occurred here but I was one of those who had their information stolen and prior to this I have never had any issues at all with the email address that was stolen. It's an address that I haven't even given out all that much and has been my primary one for very trusted sites for years. I mention this because the timing then of what occurred seems to suggest it was very recently compromised. And this would be the place it likely happened then.

What occurred is this. I received a VERY targeted email from paypal. Needless to say, I've been around the computer and internet block a time or two and I can tell you this..it was very professionally done. Someone had even managed to associate that
email address with my full name..making it more believable. The email DOES contain my name but only with initials and last name...and this email had correctly identified my first name out of the initials. And so obviously..work was done with the information they had.
The return address was also very official appearing to come from paypal themselves.

Were it not for my knowledge of what had occurred recently here..I might even have been inclined to click on it and to respond. That's how well done and prepared it was. In this case I decided to not only not click on it..but I also contacted paypal directly about it..forwarding the email to their security dept.

Here was their reply..

"Hello Rick,

Thanks for reporting that suspicious-looking email. The email you
received was not sent by PayPal and it links to a fake website. We are investigating and working on stopping the fraud.

If you have already given any personal or financial information to this fake website, you should immediately log in to your PayPal account and change the password and secret questions. You should also tell your bank about this problem.

To learn how to change your password, go to the PayPal website, click "Help" at the top of the page, and enter "How do I change my password?" in the search box.

You should report any unauthorized account activity to PayPal. Here's
how:

1. Go to the PayPal website.
2. Click "Security Center" at the top of any PayPal page.
3. Click "Start an unauthorized transaction claim" under "Report a
problem" on the left.
4. Log in to your account, or click "Continue" if you are unable to log
in.
5. Review the information about unauthorized transactions, and click
"Continue."
6. Complete the report and click "Preview."
7. Check the box to state that the claim is accurate and click "Submit."
8. Confirm that you're the account owner by entering the financial
information requested, and click "Continue."

Your account security is very important to us, so we appreciate the opportunity to pass along this information.

Thanks,

PayPal "

In any event..again..could it have come from elsewhere? It could have. But I'm inclined to think it wasn't given it was this address..one that has been secure for years and one that is also tied to paypal. Someone also did work on this information to arrive at my correct name out of initials in the email address.

If Fatness or Justin would like a copy of this for futher research I'd be happy to provide it to you along with paypals response email. Just pm me with an address to send it to.

Thanks..

~Rick

reply to GaryP

Re: LastPass Security Notification

reply to PhoenixDown
Yup they got my account too, good thing was the email associated with my account here was old and not even use any longer, so a quick PM to Fatness with my new email address and setting up a new password and all is good, I was scared there for a minute I didn't want to lose this login as iv'e had it for many years!

reply to GaryP

Re: LastPass Security Notification