Site Comments & Suggestions

RedFlagDeals has been hacked. Database dump.

  • Last Updated:
  • Mar 9th, 2017 10:08 am
Newbie
Nov 12, 2011
1 posts
Toronto
For some reason today I was asked to change my password so I reset my password. Then when I use the new password it didn't work either I contacted support and they told me I had to login using Facebook which my account was not set ever set up that way. So I went into this account after logging into Facebook and I have none of my information is accessible
Administrator
User avatar
Jun 17, 2013
7659 posts
12256 upvotes
Scarborough
rilhouse wrote:
Jan 23rd, 2017 9:36 pm
After reseting my password and logging in (with the temp password sent over insecure email) I was not forced to immediately change my password. Very poor password reset flow RFD, especially after a hack. BTW this was on the mobile site. If RFD needs some info Sec help send me a PM, I work in security. Grinning Face
We're working on fixing the redirection after coming in from resetting your password.
sillysimms wrote:
Jan 23rd, 2017 10:57 pm
I've never been logged out or asked to change my password. I'm guessing that is because I had previously changed my password since this happened.
That is exactly why you were not forced to reset your password.
kyfe101 wrote:
Jan 25th, 2017 4:37 pm
For some reason today I was asked to change my password so I reset my password. Then when I use the new password it didn't work either I contacted support and they told me I had to login using Facebook which my account was not set ever set up that way. So I went into this account after logging into Facebook and I have none of my information is accessible
The account you identified was kyfe101. I sent you instructions on how to gain access to your other account.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Deal Fanatic
User avatar
Jan 11, 2008
7123 posts
702 upvotes
GTA
chaosfang wrote:
Jan 26th, 2017 2:15 pm
Did anyone get an email from uypoj@makotek.net with an invoice?? They had my RFD login info in the email itself...

I didn't get that one, but have gotten several that are directly as a result of this hack.

Unfortunately no one has addressed why the email notice that was sent to us about the breach failed to contain all the appropriate information. These type of things seem to happen to a lot of sites, but notification should include all relevant information and this one did not.

Hopefully you didn't open the invoice if it was an attachment.
When your mind says give up, hope whispers "one more try"
Never say never
Newbie
Dec 29, 2011
4 posts
MARKHAM
sillysimms wrote:
Jan 26th, 2017 3:31 pm
I didn't get that one, but have gotten several that are directly as a result of this hack.

Unfortunately no one has addressed why the email notice that was sent to us about the breach failed to contain all the appropriate information. These type of things seem to happen to a lot of sites, but notification should include all relevant information and this one did not.

Hopefully you didn't open the invoice if it was an attachment.
No I didn't open the invoice, but it surprised me that it had my login information right in the email! Just a warning to others if this happens to them, just discard the email and change your password(s) - especially if you reuse them.
[OP]
Member
Sep 1, 2011
202 posts
106 upvotes
Toronto
There's some relatively good news for anyone concerned about their privacy. The site where i originally found the hack, and as far as I know, the ONLY site on the clearnet (as opposed to darkweb where it probably lives still, but will be seriously small potatoes to anyone there) to allow public access to database -- has been shut down. Seems like it may have been US law enforcement. I'm honestly surprised that the site was running out of the US at all, but *shrugs* I guess that's where it was.
Deal Fanatic
User avatar
Mar 3, 2002
7414 posts
2003 upvotes
sillysimms wrote:
Jan 22nd, 2017 1:17 pm
I have no doubt some will take up the offer...I know I'm not the only one contacted, since all email addresses were breached. It was a bcc email.
I had Mpow contact me before, asking me to post deals for them on RFD in exchange for free products.
So, this type of situation doesn't surprise me, and I have no doubt other companies are approaching RFD members as well.
Please do not PM me for assistance unless it's to reply to a PM I sent. I try to help when I can on the forums. Thank you. OBi200/202 Freephoneline setup guide can be found here (v. 1.32). Related OBi200 discussion can be found here. For OBi202, click here.
Moderator
User avatar
Jul 5, 2004
21854 posts
1840 upvotes
Webslinger wrote:
Jan 27th, 2017 12:03 pm
I had Mpow contact me before, asking me to post deals for them on RFD in exchange for free products.
So, this type of situation doesn't surprise me, and I have no doubt other companies are approaching RFD members as well.
Yep, it happens a lot.
Toronto Maple Leafs tickets for sale. PM me for details
Administrator
User avatar
Jun 17, 2013
7659 posts
12256 upvotes
Scarborough
Shaner wrote:
Jan 27th, 2017 4:24 pm
Yep, it happens a lot.
It's been going on for a long time but in the past 1-2 years got a lot worse. It's the reason why we end up black listing a lot of these overseas retailers. If more users would report this activity to us we'd be able to stop them a lot faster.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Newbie
Mar 1, 2008
2 posts
Toronto
I require some assistance from a Mod or an RFD Administrator if possible. I have sent 3 emails over the past 2 weeks to support@redflagdeals.com and have not received any response to-date.

My original RFD username is and always has been: "Montward" and I have been a long-standing and contributing member since Oct 2, 2005. I had 929 posts and 255 upvotes on RFD mainly under "Hot Deals" forum. For what it's worth, the avatar associated with my original "montward" profile was Mrs. Kravitz, the nosy neighbor in the TV show "Bewitched".

Here is where the real story begins: Of course, when logging in to RFD a few weeks ago, because of this security breach, I was redirected to have the password reset, which I did.

I was having problems initially in re-logging in after entering just my username "montward" along with the temp password. It would not accept just that username. I tried entering my entire email address associated with RFD as the username along with the temp password and it accepted. As it was logging me in, it took a minute to update and I was expecting it to re-direct me to change my password within my profile. Instead, I got a different outcome: When the account profile finally updated, my username popped up showing as "convection" and having now with this post a total of 2 posts made since 2008. The first post was made in 2013 and it shows that user(convection) joined RFD on March 2, 2008. It appears I have somehow been given someone else's RFD profile. I can still find my "montward" profile in forum searches but I cannot seem to gain access to that profile and was instead switched to this "convection" profile. What has happened here and how do I go about restoring my original "montward" RFD account profile?

Again, any help from a Moderator or Administrator would be greatly appreciated. I don't know what else to do here as I am not getting any response from RFD support.

Thank You,

Montward
Moderator
Sep 27, 2003
7766 posts
1304 upvotes
Newmarket
convection wrote:
Jan 28th, 2017 11:59 am
I require some assistance from a Mod or an RFD Administrator if possible. I have sent 3 emails over the past 2 weeks to support@redflagdeals.com and have not received any response to-date.

My original RFD username is and always has been: "Montward" and I have been a long-standing and contributing member since Oct 2, 2005. I had 929 posts and 255 upvotes on RFD mainly under "Hot Deals" forum. For what it's worth, the avatar associated with my original "montward" profile was Mrs. Kravitz, the nosy neighbor in the TV show "Bewitched".

Here is where the real story begins: Of course, when logging in to RFD a few weeks ago, because of this security breach, I was redirected to have the password reset, which I did.

I was having problems initially in re-logging in after entering just my username "montward" along with the temp password. It would not accept just that username. I tried entering my entire email address associated with RFD as the username along with the temp password and it accepted. As it was logging me in, it took a minute to update and I was expecting it to re-direct me to change my password within my profile. Instead, I got a different outcome: When the account profile finally updated, my username popped up showing as "convection" and having now with this post a total of 2 posts made since 2008. The first post was made in 2013 and it shows that user(convection) joined RFD on March 2, 2008. It appears I have somehow been given someone else's RFD profile. I can still find my "montward" profile in forum searches but I cannot seem to gain access to that profile and was instead switched to this "convection" profile. What has happened here and how do I go about restoring my original "montward" RFD account profile?

Again, any help from a Moderator or Administrator would be greatly appreciated. I don't know what else to do here as I am not getting any response from RFD support.

Thank You,

Montward
@TomRFD is this something you can assist with?
RFD Forums Moderator
Corporate Account Manager for a Bell Mobility Reseller
Administrator
User avatar
Jun 17, 2013
7659 posts
12256 upvotes
Scarborough
oconnorm wrote:
Jan 28th, 2017 8:29 am
@TomRFD When do you expect to get this done?
Open a ticket up using our contact us page. We don't handle delete requests through the forum.

http://www.redflagdeals.com/info/contact/
convection wrote:
Jan 28th, 2017 11:59 am
I require some assistance from a Mod or an RFD Administrator if possible. I have sent 3 emails over the past 2 weeks to support@redflagdeals.com and have not received any response to-date.

My original RFD username is and always has been: "Montward" and I have been a long-standing and contributing member since Oct 2, 2005. I had 929 posts and 255 upvotes on RFD mainly under "Hot Deals" forum. For what it's worth, the avatar associated with my original "montward" profile was Mrs. Kravitz, the nosy neighbor in the TV show "Bewitched".

Here is where the real story begins: Of course, when logging in to RFD a few weeks ago, because of this security breach, I was redirected to have the password reset, which I did.

I was having problems initially in re-logging in after entering just my username "montward" along with the temp password. It would not accept just that username. I tried entering my entire email address associated with RFD as the username along with the temp password and it accepted. As it was logging me in, it took a minute to update and I was expecting it to re-direct me to change my password within my profile. Instead, I got a different outcome: When the account profile finally updated, my username popped up showing as "convection" and having now with this post a total of 2 posts made since 2008. The first post was made in 2013 and it shows that user(convection) joined RFD on March 2, 2008. It appears I have somehow been given someone else's RFD profile. I can still find my "montward" profile in forum searches but I cannot seem to gain access to that profile and was instead switched to this "convection" profile. What has happened here and how do I go about restoring my original "montward" RFD account profile?

Again, any help from a Moderator or Administrator would be greatly appreciated. I don't know what else to do here as I am not getting any response from RFD support.

Thank You,

Montward
I just checked and I don't see any support requests coming in from your email, montward's email or anything containing "montward". When you sent in your requests did you receive an auto reply notifying you your request has been received? Send me a PM and I'll see what I can do to help you out.
RFD Staff [Forum Rules] [Facebook] [Twitter].
Sr. Member
User avatar
Oct 1, 2005
971 posts
292 upvotes
Canada's South Coast
TomRFD wrote:
Jan 28th, 2017 6:49 pm
I just checked and I don't see any support requests coming in from your email, montward's email or anything containing "montward". When you sent in your requests did you receive an auto reply notifying you your request has been received? Send me a PM and I'll see what I can do to help you out.
Thank you to Tom and Moderator "WorldIRC" for your assistance in restoring my RFD Montward profile. I was able to access my account with a new temp password received by email however, I am now unable to change my password to a permanent one. When I enter a new password and confirm it by re-typing it in the second block, then, enter my temp password I get an error message saying my new password is the same as my old password (which it is not) and that my current password entered is incorrect. Any advice on how I can successfully change my password? I have tried this several times and entered the temp password correctly.

Thanks again
Last edited by montward on Jan 29th, 2017 9:23 am, edited 1 time in total.
Deal Fanatic
User avatar
Oct 6, 2010
6857 posts
1248 upvotes
Toronto
Hm... Maybe this explains the massive amount of spam recently. I've been hacked on myspace? lol, I wasn't even a member... So much for this pwd
t3359 wrote:
May 13th, 2016 9:56 am
...The magic eight ball would randomly say things and logic would never work. The eight ball is just a gimmick and a waste of time and effort. So equivalently, there is no possibility to "debate" you.
Newbie
Feb 3, 2017
1 posts
TomRFD wrote:
Jan 28th, 2017 6:49 pm
When you sent in your requests did you receive an auto reply notifying you your request has been received?
I just found this thread, and since I sent an email to support yesterday, and didn't get a response, I'm looking for help here. I've created a new account to facilitate that, as I would like access to my old account.

I've been a member since 2009, but have no idea what email address I used to sign up with. None of the ones I've tried are the right one, meaning I can't reset my password and access my account. So, can an admin assist? My initial username was/is Indebted. The email I sent to support yesterday (and to the webmaster) was from L****H*****@rogers.com. If that doesn't help, please PM me (assuming I can send/receive PMs with a new account.

Thanks!
× < >
Rotate image Save Cancel

Top