Site Comments & Suggestions

RedFlagDeals has been hacked. Database dump.

  • Last Updated:
  • Apr 17th, 2017 12:27 pm
Sr. Member
Oct 22, 2006
693 posts
399 upvotes
Ontario
TomRFD wrote:
Jan 19th, 2017 10:48 pm
All of the staff accounts are secure. Did something happen to make you think otherwise?
You seem to have missed or ignored Hellfire's post (even though you're mentioned in it) : redflagdeals-has-been-hacked-database-d ... #p27369813

How was the "hacker" able to access his account with the reset password link? He states his email is secure and there's no keylogger on his system. Only other possibility would be unsecured wireless, but I doubt anybody here for 14 years would fall for that.

So, how'd it happen??? Please explain if YPG and RFD is all secured up now y'all...
Administrator
User avatar
Jun 17, 2013
8588 posts
12933 upvotes
Scarborough
adamtheman wrote:
Jan 20th, 2017 1:16 am
Post #399 Yoshim said:
Anyone can delete their own sent PM's up until the point they're read by the recipient.
dollarsign wrote:
Jan 20th, 2017 1:46 am
You seem to have missed or ignored Hellfire's post (even though you're mentioned in it) : redflagdeals-has-been-hacked-database-d ... #p27369813

How was the "hacker" able to access his account with the reset password link? He states his email is secure and there's no keylogger on his system. Only other possibility would be unsecured wireless, but I doubt anybody here for 14 years would fall for that.

So, how'd it happen??? Please explain if YPG and RFD is all secured up now y'all...
I missed that post (I wasn't @ mentioned) but I was responding to it on the back end. What happened there only affected the single account and we've since taken measures to make sure that doesn't happen again to anyone.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Deal Addict
User avatar
Apr 29, 2005
3953 posts
10 upvotes
Markham/GTA
TomRFD wrote:
Jan 20th, 2017 7:23 am
Anyone can delete their own sent PM's up until the point they're read by the recipient.
They were able to delete entire threads made through my account, right after I posted on them to warn people. I believe you need admin access to do this.
Administrator
User avatar
Jun 17, 2013
8588 posts
12933 upvotes
Scarborough
yoshim wrote:
Jan 20th, 2017 10:27 am
They were able to delete entire threads made through my account, right after I posted on them to warn people. I believe you need admin access to do this.
Those threads were removed by moderators or myself to prevent more users from potentially being put at risk. Threads you create with no replies can be deleted by yourself which is something we did see happen as well.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Deal Addict
User avatar
Apr 29, 2005
3953 posts
10 upvotes
Markham/GTA
TomRFD wrote:
Jan 20th, 2017 10:32 am
Those threads were removed by moderators or myself to prevent more users from potentially being put at risk. Threads you create with no replies can be deleted by yourself which is something we did see happen as well.
How strange that mods would delete those threads, but continue to allow these hackers to use my account to scam people for another 8 hours until I sent you that private message alerting you of my account being hacked (sending a message through the Contact Us page did not help in this case).
Administrator
User avatar
Jun 17, 2013
8588 posts
12933 upvotes
Scarborough
yoshim wrote:
Jan 20th, 2017 2:34 pm
How strange that mods would delete those threads, but continue to allow these hackers to use my account to scam people for another 8 hours until I sent you that private message alerting you of my account being hacked (sending a message through the Contact Us page did not help in this case).
This was a new situation that we hadn't encountered before so things didn't happen exactly as they should have. For that I apologize. We're working on adding new measures which will include locking down accounts which we think may have been compromised.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Newbie
User avatar
Jan 13, 2017
23 posts
9 upvotes
Burlington, Ontario
This sucks losing my account. Oh well, it's just a message board, no big deal starting a new one.
Deal Addict
User avatar
Nov 7, 2004
1127 posts
358 upvotes
Whitby
toejammcgee wrote:
Jan 20th, 2017 5:16 pm
This sucks losing my account. Oh well, it's just a message board, no big deal starting a new one.
E-mail support, they'll help you get your old account back.

-Jamie M.
Home server: http://ywax.us
Speedtest: Image
Sr. Member
Jul 10, 2008
704 posts
119 upvotes
TomRFD wrote:
Jan 19th, 2017 9:34 pm
I just replied back to your PM. Sorry for the delay.
Everything seems to be working now. Thanks.
Newbie
User avatar
Jan 13, 2017
23 posts
9 upvotes
Burlington, Ontario
toysareforboys wrote:
Jan 20th, 2017 7:01 pm
E-mail support, they'll help you get your old account back.

-Jamie M.
I e-mailed a while ago, no reply. It's really no big deal.
Newbie
Jan 21, 2017
1 posts
Just submitted request #21557 as well. Not a big deal but kind of annoying after 10+ years of account history goes bust because of a hack
Deal Fanatic
User avatar
Jan 11, 2008
7218 posts
748 upvotes
GTA
So now I'm getting emails (directly, not RFD PMs) as a result of this breach. They say they know I'm a long term member on this site and they are willing to pay me or offer free products to post favourable reviews for them. To contact them for details.

Regarding the initial notification of the breach, I still don't know why they failed to advise email addresses were also obtained.
When your mind says give up, hope whispers "one more try"
Never say never
Deal Guru
User avatar
Feb 8, 2014
13677 posts
3417 upvotes
Toronto
sillysimms wrote:
Jan 22nd, 2017 12:33 pm
So now I'm getting emails (directly, not RFD PMs) as a result of this breach. They say they know I'm a long term member on this site and they are willing to pay me or offer free products to post favourable reviews for them. To contact them for details.
Go for it, when i reported corporate shills i am told to leave them alone (i'm the problem)
I no longer bother
Lies, damned lies, statistics and alternative facts
Deal Fanatic
User avatar
Jan 11, 2008
7218 posts
748 upvotes
GTA
Quentin5 wrote:
Jan 22nd, 2017 1:03 pm
Go for it, when i reported corporate shills i am told to leave them alone (i'm the problem)
I no longer bother
I have no doubt some will take up the offer...I know I'm not the only one contacted, since all email addresses were breached. It was a bcc email.

Glad I use a throwaway email address, but I've used it for a bunch of places so it is annoying to have to change it.

I know legal had to review the notice of the breach before it was sent out...how they reviewed it I don't know. To say no personal info was taken and to fail to mention email addresses were part of the breach isn't proper notification.
When your mind says give up, hope whispers "one more try"
Never say never

Top