Help some brothers out.. scammer content

TTony

Lebarque said:

https://haveibeenpwned.com/

My email address comes up on there. What should I do about it?

Given the many, many, many data breaches that have occurred since emails started being used, I’d say it’d be more unusual if an email address wasn’t listed.

Two things to keep in mind.

With an email address - alone - you just need to be wary of spam & scam emails.  But then you’d do that anyway.  Wouldn’t you.

If other data leaked along with your email address (such as full names, passwords, addresses, DoBs) then you need to be more aware of potential scams and might even want to subscribe to one of the ID protection services.  But with the amount of personal data that idiots people freely share on Social Media platforms, a lot of that info is more easily harvested from freely available sources anyway.

Bottom line; be alert and switch your default trust settings to “off”.

digitalscream

Just as an update...I'm currently processing the entirety of the breach file in question, with the aim of comparing it to our members table.

All matching accounts will get a PM notification. If I'm able to use the leaked credentials to log that user in, I'll change the user's password and notify them with instructions on how to recover their account.

It's gonna take a while, though - there are 230 million email addresses. Just importing them is gonna be a multiple-day exercise.

prlgmnr

Easier just to log everyone out and make us all make a new password? Been done on other forums.

springhead

DefaultM said:

I've apparently been part of a hack of Truefire that revealed pretty much every single personal detail about me.
 Full name, address, email, password, DoB, phone number. That’s not great is it!

Mines the same. Truefire, Feb 2020.  I use two different email accounts. One for sure logins and online purchases, the other for personal and official stuff. I also use a password specific for each site login. I’ll be changing the Truefire one though. 

Edit: I’ve checked my Truefire profile. As with many sites I only gave them an initial, no surname or address or phone number. No date of birth. I use a fake date of birth where one is mandatory unless it’s for a bank or medical purpose. 

mankytom

Up to £205…

which is brilliant!

if you can donate I’m sure it would be appreciated 

https://www.justgiving.com/crowdfunding/tom-regan

Drcornelius said it best:

It’s important we look after our own or this isn’t really a community . Sorry this happened guys - there but for the grace of God etc

glitterjet

mankytom said:

Up to £205…

which is brilliant!

if you can donate I’m sure it would be appreciated 

https://www.justgiving.com/crowdfunding/tom-regan

Drcornelius said it best:

It’s important we look after our own or this isn’t really a community . Sorry this happened guys - there but for the grace of God etc

Folks this is massively appreciated, thank you so much.

Brize

goldtop said:

Re sellers insisting on PPF&F, if you really REALLY want the specific item is for sale, offer an extra 4% to cover the PP fees for Goods & Services.

If the seller refuses, it's clear that it's not the PP fees he's trying to avoid - it's the chances of a chargeback. Walk away.

(That said for long-standing tFBers, I've sometimes used PPF&F. Also, some buyers here have sent payment that way without me asking.)

Of course it's the chargeback that the seller is trying to avoid - I don't think anyone's trying to obfuscate that point.

Scams work both ways and sellers can be stung with a chargeback through PayPal within six months (!) of the purchase date. All you need is a buyer who doesn't fancy the guitar/amp/pickups any more and wants you to fund their next purchase.

digitalscream

prlgmnr said:

Easier just to log everyone out and make us all make a new password? Been done on other forums.

Easier? Yes, definitely.

Catastrophic for site traffic? Sadly, also yes.

victorludorum

I know it's a pain, but can you not contact your bank and tell them your card was stolen and claim a chargeback? I think this has been used successfully in the past to claim back money paid via Friends and Family. The banks may have clued up now though.

Has anyone done this on here?

TTony

victorludorum said:

I know it's a pain, but can you not contact your bank and tell them your card was stolen and claim a chargeback? I think this has been used successfully in the past to claim back money paid via Friends and Family. The banks may have clued up now though.

Has anyone done this on here?

You mean, has anyone defrauded their bank and is willing to publicly admit it?

digitalscream

Update: having thought about it a bit, it turns out that the code I wrote at 5am after one of my dogs was sick in our bed wasn't exactly the best. Having just rewritten the import, the estimated time to completion has gone from 6 days to a couple of hours.

Sometimes, it pays to engage brain before writing code.

DefaultM

springhead said:

DefaultM said:

I've apparently been part of a hack of Truefire that revealed pretty much every single personal detail about me.
 Full name, address, email, password, DoB, phone number. That’s not great is it!

Mines the same. Truefire, Feb 2020.  I use two different email accounts. One for sure logins and online purchases, the other for personal and official stuff. I also use a password specific for each site login. I’ll be changing the Truefire one though. 

Edit: I’ve checked my Truefire profile. As with many sites I only gave them an initial, no surname or address or phone number. No date of birth. I use a fake date of birth where one is mandatory unless it’s for a bank or medical purpose. 

I look to have done the same. It's only my email address on my profile but I'm not sure if that's just what's visible to others and my details might be under a private section that I gave only to Truefire if that makes sense?

Mike58

victorludorum said:

I know it's a pain, but can you not contact your bank and tell them your card was stolen and claim a chargeback? I think this has been used successfully in the past to claim back money paid via Friends and Family. The banks may have clued up now though.

Has anyone done this on here?

Jeezus H Christ… this is unbelievable, actual advice to fix a fraud with a fraud.

springhead

DefaultM said:

springhead said:

DefaultM said:

I've apparently been part of a hack of Truefire that revealed pretty much every single personal detail about me.
 Full name, address, email, password, DoB, phone number. That’s not great is it!

Mines the same. Truefire, Feb 2020.  I use two different email accounts. One for sure logins and online purchases, the other for personal and official stuff. I also use a password specific for each site login. I’ll be changing the Truefire one though. 

Edit: I’ve checked my Truefire profile. As with many sites I only gave them an initial, no surname or address or phone number. No date of birth. I use a fake date of birth where one is mandatory unless it’s for a bank or medical purpose. 

I look to have done the same. It's only my email address on my profile but I'm not sure if that's just what's visible to others and my details might be under a private section that I gave only to Truefire if that makes sense?

No I think you're ok. The "Profile" section is all the data they have. 

victorludorum

Mike58 said:

victorludorum said:

I know it's a pain, but can you not contact your bank and tell them your card was stolen and claim a chargeback? I think this has been used successfully in the past to claim back money paid via Friends and Family. The banks may have clued up now though.

Has anyone done this on here?

Jeezus H Christ… this is unbelievable, actual advice to fix a fraud with a fraud.

"You gotta pick a pocket or two-ooh-ooh"

digitalscream

digitalscream said:

Update: having thought about it a bit, it turns out that the code I wrote at 5am after one of my dogs was sick in our bed wasn't exactly the best. Having just rewritten the import, the estimated time to completion has gone from 6 days to a couple of hours.

Sometimes, it pays to engage brain before writing code.

Further update: all imported, and it looks like there are way more accounts than expected on the list (around 6% of the total user base). It's going to take a bit more effort to get this sorted than I thought...I was expecting maybe 100 or so?

Also: Holy shit, when this is all indexed and shoved into MySQL, there's about 60GB of data in here!

danishbacon

digitalscream said:

digitalscream said:

Update: having thought about it a bit, it turns out that the code I wrote at 5am after one of my dogs was sick in our bed wasn't exactly the best. Having just rewritten the import, the estimated time to completion has gone from 6 days to a couple of hours.

Sometimes, it pays to engage brain before writing code.

Further update: all imported, and it looks like there are way more accounts than expected on the list (around 6% of the total user base). It's going to take a bit more effort to get this sorted than I thought...I was expecting maybe 100 or so?

Also: Holy shit, when this is all indexed and shoved into MySQL, there's about 60GB of data in here!

23,000 websites or something like that wasn’t it? 10k users per site, 230 mil lines back of fag packet estimation! 

On the plus side, I think your proactive approach is probably one taken by a minority of admins, so it is to be commended as some could very well be expected to just say ‘do your own due diligence, buyer beware’. 

mankytom

Happy new year all..

https://www.justgiving.com/crowdfunding/tom-regan

this is the link for the fundraiser.. up to 275 now, which is brilliant! 

This discussion has now had 5.1k views.. if every view gave 25p we would have enough to reimburse the loss. Anything people feel able to manage would be greatly appreciated. Lots of small amounts from so many of us who are interested, and could have fallen foul of this, could make a real difference.

<geldof mode disengaged> 

prowla

prlgmnr said:

Easier just to log everyone out and make us all make a new password? Been done on other forums.

But then we'd have to login again and also go through the rigmarole of rejecting pages of cookies & tracking (pending the site updating to match current UK interweb rules).

digitalscream

danishbacon said:

digitalscream said:

digitalscream said:

Update: having thought about it a bit, it turns out that the code I wrote at 5am after one of my dogs was sick in our bed wasn't exactly the best. Having just rewritten the import, the estimated time to completion has gone from 6 days to a couple of hours.

Sometimes, it pays to engage brain before writing code.

Further update: all imported, and it looks like there are way more accounts than expected on the list (around 6% of the total user base). It's going to take a bit more effort to get this sorted than I thought...I was expecting maybe 100 or so?

Also: Holy shit, when this is all indexed and shoved into MySQL, there's about 60GB of data in here!

23,000 websites or something like that wasn’t it? 10k users per site, 230 mil lines back of fag packet estimation! 

On the plus side, I think your proactive approach is probably one taken by a minority of admins, so it is to be commended as some could very well be expected to just say ‘do your own due diligence, buyer beware’. 

It's actually closer to 9000 websites, 230 million emails I think. Or, in dev parlance, "shitloads"

prowla said:

prlgmnr said:

Easier just to log everyone out and make us all make a new password? Been done on other forums.

But then we'd have to login again and also go through the rigmarole of rejecting pages of cookies & tracking (pending the site updating to match current UK interweb rules).

I literally can't control that popup - the Adsense control panel for it is broken and has been for over a year, and my attempts at getting support from Google have been met with a brick wall. I was planning to move to a different ad provider over the Christmas break, but all my time's been sucked up by this scammer problem, so unless Google magically sort their shit out there's little chance I'm going to be able to do anything about it until I've next got a week off.