Site Comments & Suggestions

RedFlagDeals has been hacked. Database dump.

  • Last Updated:
  • Feb 11th, 2017 1:40 pm
Newbie
Jan 21, 2017
1 posts
Just submitted request #21557 as well. Not a big deal but kind of annoying after 10+ years of account history goes bust because of a hack
Newbie
Dec 5, 2012
9 posts
2 upvotes
Toronto
Please delete my account in its entirety, including all entries in any email or password databases you may be maintaining.

Good luck with your site.
Deal Expert
User avatar
Jan 27, 2004
35214 posts
1740 upvotes
Toronto
oh wtf... I got hacked.
SOmeone edited my signature to some twitter account...
Deal Fanatic
User avatar
Jan 11, 2008
7116 posts
701 upvotes
GTA
So now I'm getting emails (directly, not RFD PMs) as a result of this breach. They say they know I'm a long term member on this site and they are willing to pay me or offer free products to post favourable reviews for them. To contact them for details.

Regarding the initial notification of the breach, I still don't know why they failed to advise email addresses were also obtained.
When your mind says give up, hope whispers "one more try"
Never say never
Deal Guru
User avatar
Feb 8, 2014
11933 posts
2460 upvotes
sillysimms wrote:
Jan 22nd, 2017 12:33 pm
So now I'm getting emails (directly, not RFD PMs) as a result of this breach. They say they know I'm a long term member on this site and they are willing to pay me or offer free products to post favourable reviews for them. To contact them for details.
Go for it, when i reported corporate shills i am told to leave them alone (i'm the problem)
I no longer bother
Lies, damned lies, statistics and alternative facts
Deal Fanatic
User avatar
Jan 11, 2008
7116 posts
701 upvotes
GTA
Quentin5 wrote:
Jan 22nd, 2017 1:03 pm
Go for it, when i reported corporate shills i am told to leave them alone (i'm the problem)
I no longer bother
I have no doubt some will take up the offer...I know I'm not the only one contacted, since all email addresses were breached. It was a bcc email.

Glad I use a throwaway email address, but I've used it for a bunch of places so it is annoying to have to change it.

I know legal had to review the notice of the breach before it was sent out...how they reviewed it I don't know. To say no personal info was taken and to fail to mention email addresses were part of the breach isn't proper notification.
When your mind says give up, hope whispers "one more try"
Never say never
Deal Guru
User avatar
Feb 8, 2014
11933 posts
2460 upvotes
sillysimms wrote:
Jan 22nd, 2017 1:17 pm
I have no doubt some will take up the offer...I know I'm not the only one contacted, since all email addresses were breached. It was a bcc email.

Glad I use a throwaway email address, but I've used it for a bunch of places so it is annoying to have to change it.

I know legal had to review the notice of the breach before it was sent out...how they reviewed it I don't know. To say no personal info was taken and to fail to mention email addresses were part of the breach isn't proper notification.
Indeed, every user should have a popup. Notice how PMs are also missed since no more popup, i have ones i sent 4 months ago the recipient never received.
I also used a disposable address, a few months back before this broke i was thinking of replacing with regular e-mail but never bothered to do it, glad i didn't
Lies, damned lies, statistics and alternative facts
Moderator
Sep 27, 2003
7720 posts
1296 upvotes
Newmarket
Hellfire wrote:
Jan 22nd, 2017 1:29 pm
*sigh* my account was accessed again. This time they didn't change my email addy so I was able to reset and change password but still....@TomRFD
So they are still sending PMs and creating posts from within your login? @TomRFD should have force closed all active sessions for your user name (which would have logged out the hackers) and then once you changed your password, would have prevented them from logging back in. There is no other way they are getting in unless their session was still logged in or are somehow getting your new password through other means. @TomRFD should be able to validate how they are accessing your account, if they got the password right on first attempt, and hopefully from where the account is being accessed.
RFD Forums Moderator
Corporate Account Manager for a Bell Mobility Reseller
Deal Fanatic
User avatar
Sep 7, 2003
7359 posts
267 upvotes
Edmonton
WorldIRC wrote:
Jan 22nd, 2017 2:52 pm
So they are still sending PMs and creating posts from within your login? @TomRFD should have force closed all active sessions for your user name (which would have logged out the hackers) and then once you changed your password, would have prevented them from logging back in. There is no other way they are getting in unless their session was still logged in or are somehow getting your new password through other means. @TomRFD should be able to validate how they are accessing your account, if they got the password right on first attempt, and hopefully from where the account is being accessed.
Yes, I'd appreciate him sharing details of what he discovers so I can take appropriate measures. @TomRFD
Deal Addict
Oct 6, 2007
4814 posts
1107 upvotes
Kootenays
I guess this is why I'm getting such an increase in spam emails to the account that is registered here. Bummer!
Deal Addict
Aug 29, 2012
3451 posts
676 upvotes
This is why I use a unique 16 random characters password for every single website. Just try to brute force it.
As we all know, the Greater Toronto Area is the center of the universe!
Deal Addict
User avatar
Apr 29, 2005
3723 posts
4 upvotes
Markham Toronto area
I just noticed I'm no longer getting email notification of PM's after my account was restored. I verified that my email address is still the same and not in spam folder.

Edit : Nevermind, realized I need to enable it manually after the hackers disabled it.
Deal Fanatic
User avatar
May 12, 2004
8470 posts
2662 upvotes
Ottawa
sillysimms wrote:
Jan 22nd, 2017 12:33 pm
So now I'm getting emails (directly, not RFD PMs) as a result of this breach. They say they know I'm a long term member on this site and they are willing to pay me or offer free products to post favourable reviews for them. To contact them for details.

Regarding the initial notification of the breach, I still don't know why they failed to advise email addresses were also obtained.
Me too and some of these companies are very surprising and their offers very appealing. I have a feeling they ran a check on member seniority/post count and are targeting these people to fly under the radar.

I agree we should have been told the extent of this breach...sounds like they found their legal department in group deals.
Censorship is telling a man he can't have a steak just because a baby can't chew it.
- Mark Twain
Deal Guru
User avatar
Nov 28, 2013
10126 posts
2881 upvotes
Oakville
Cas77 wrote:
Jan 23rd, 2017 9:06 am
Me too and some of these companies are very surprising and their offers very appealing. I have a feeling they ran a check on member seniority/post count and are targeting these people to fly under the radar.
The thing is - shill posts are usually pretty easy to spot. The Amazon Marketplace deals in particular are super obvious. Though I'm curious which companies offered you deals that were surprising, or appealing? Any of the ones I was ever offered were pretty weak.
× < >
Rotate image Save Cancel

Top