Shopping Discussion

Possible serious NCIX data breach

  • Last Updated:
  • Jan 6th, 2019 2:43 am
Deal Fanatic
User avatar
Nov 4, 2008
6483 posts
Richmond Hill

Possible serious NCIX data breach

Just saw this over in Reddit: ... ta_breach/ ... 93677.html

It's an interesting read, but the tl;dr is as follows:
- guy finds old NCIX servers for sale on CL
- data was not wiped, passwords are known
- lots of customer data

Not sure how legit this article is, but it is kind of scary to read
Last edited by aeba7 on Sep 20th, 2018 7:54 pm, edited 2 times in total.
When given enough time, all threads on RFD can and will go off on a tangent.
221 replies
Deal Fanatic
User avatar
Sep 1, 2004
5801 posts
It wouldn't surprise me if its true :|
Deal Fanatic
Sep 13, 2007
9710 posts
Maybe Linus will shed some light
Telus $45 25GB
Jr. Member
Jan 20, 2013
168 posts
Cold Lake
Jesus Christ, its literally everything.

Names, Credit cards, addresses, SIN numbers for employees.

If you have ever bought from NCIX, get a new card.
Jul 21, 2015
266 posts
Toronto, ON

I know a lot of RFD'ers used to shop there, not much you can do about it aside from the usual:
Change any password that might be the same as any NCIX one, check you credit card statement for rouge charges, follow your credit report, etc.

Update: There's a lot more info in the reddit thread: ... ta_breach/ , including updates on reporting to RCMP and various other agencies.
If you still have a credit card that you used for a purchase (you can search your emails for 'ncix "credit card address"'), call your bank/cc and have them reissue a new one).

Update 2: RCMP says they recovered at least some of the hardware, and are investigating: ... 9558329344
Last edited by antithesis99 on Sep 21st, 2018 6:31 pm, edited 2 times in total.
Deal Addict
User avatar
Dec 11, 2003
2213 posts
ahhhh, dammmmnnnn. I don't remember the password that I used.
P10 2.4 THz CPU || 8 TB Ram || WD 300 TB HD || Nvidia w/ 32 TB Memory

"You're only as dumb as you look"
Deal Addict
User avatar
Sep 28, 2004
1504 posts
Doesn't matter if you change your password now. According to the article, data (CC numbers, passwords) was stored unencrypted, has already been sold to multiple foreign buyers, and includes backups dating back to 2007.
User avatar
Jul 14, 2015
77 posts
Toronto, ON
The nciwww file contained 291 tables from their NCIX US store and had multiple versions of the file with data going back to 2007. The version I spent time analyzing was dated between November 2013 to February 2015. All the various versions of the MDF database files had been unencrypted with the last file being dated in 2017 for most of the databases. The nciwww database contained a thousand records from affiliates listing plain text passwords, addresses, names, and some financial data. In another table of information, I found customer service inquiries including messages and contact information. There were also three hundred eighty-five thousand names, serial numbers with dates of purchase, addresses, company names, email addresses, phone numbers, IP addresses and unsalted MD5 hashed passwords. The database also contained full credit card payment details in plain text for two hundred and fifty-eight thousand users between various tables.
I then opened one of the Canadian databases titled OrdersSql_Data, it contained many versions going back 15 years with the most recent dated in 2017. The version I opened contained three million, eight hundred forty-eight thousand records covering January 2007 through July 2010. Contents included names, company names, items purchased with serial numbers, addresses, phone numbers, and payment data. I also opened a more recent version of the file and it contained the addition of email addresses. As time ticked by, I quickly looked at more databases and discovered data from a financing program, employee records and vendor pricing. There were also countless database files that I didn’t have time to open and I can only imagine what other damaging data was housed within. At this point I had about an hour left to analyze data and decided I would open a couple more drive images. I discovered several XVA and VHD files that are used by a virtualization program called XenServer, all of which contained more confidential data such as their company emails and source code. There was an also entire group of disk drives that I was unable to examine as I ran out of time, but Jeff was kind enough to explain in detail what they contained. The hard drives contained intellectual property from NCIX’s ventures into manufacturing and other confidential documents from their network storage devices.
copying this from bapcsales reddit ... ta_breach/
Richmond RCMP wants nothing to do with it directly. They pushed me to Canadian Anti Fraud Centre and said they'd get involved if the case is referred.

u/writertravis needs to file a report with all the details that were gathered. This is insane.

UPDATE Logged this with the Canadian Anti Fraud Centre. They were confused as to why the RCMP didn't take action on my initial report as CAFC isn't an investigating agency. That said, the rep I spoke with was amazing and reiterated my initial hunch that this should be on Richmond RCMP given the location of NCIX headquarters and the location of the sale of the hardware (I reported the Craigslist ad and PrivacyFly article to the CAFC to include in their report, too).

TL;DR - Call the RCMP and get them on this. Given the connection with US data and potential international sale, the CAFC rep noted that the FBI would probably be interested in this, too.
Guess what. Jeff Chiang is the CEO of VLCanada. He would have access to all of this as he was the "managing director" of NCIX. Great job VLCanada and Jeff for screwing us all over and selling out our personal information.

EDIT 1 - Ughhhh makes me so mad I ever bought from NCIX knowing their director was so criminal
EDIT 2 - Write to the manufacturers and tell them what a shady company VLCanada is and get them removed as a vendor! Not sure what else as a community can do to protect us from their shady operation.

Taken from their website, these vendors are on their front page:
Cable Mod

To whom it may concern,

Jeff Chiang, CEO from VLCanada and Director of NCIX, has sold my private data through craiglist, which is detailed in this blog:

Such companies should not be allowed to sell your products, and to prevent another similar data breach of my personal data, and the data of others, I request you stop selling them your products. Please support local companies in Canada such as Memory Express, Canada Computers, Mike's Computer Shop, and Newegg (Add your favorite reseller here) and remove VLCanada from your reseller list.

Sincerely, A very concerned shopper.
If you ever shopped with NCIX I recommend cancelling your credit cards and change your passwords!

I really think this should be pinned

EDIT: Wait I created this post... why am I not the OP anymore wtf
Last edited by Aetoro on Sep 20th, 2018 4:16 pm, edited 3 times in total.
Deal Fanatic
User avatar
Nov 21, 2002
9763 posts
Moderators should add a clear warning In BOLD at the top of this section of forums as this is a clear security breach for many rfder's who may still have cc cards that were used before the store went bankrupt. They got cc, your login,passwords/security code, phone/home address and credit info like sin if your making payments to ncix or were an employee etc. Not just from your last transactions but from years of being a member and buying from them. Shared login details with other merchants would need to be changed etc

Were talking a serious breach where the personal info is already gone. This will probably hit the news. You don't often get such a detailed discovery before it becomes headline news.

Deal Fanatic
User avatar
Nov 21, 2002
9763 posts
Rfd should add a highlighted warning to all rfd'ers at the top of this forum, in its header, informing about this security breach. Since that site, before it closed, had many members who ordered from posts in this forum, from that retailer. It would be a considerate and responsible action to help inform its members. Since it doesn't appear to be headline news at this time.
Deal Addict
Apr 5, 2016
4578 posts
We are all screwed lol.
Current Fido and Rogers customer.
Ex Koodo customer.
Deal Addict
User avatar
Jun 3, 2011
2195 posts
So is calling the bank and getting a new number assigned to existing account a good idea? What if the card expiry and cvv have changed? Also, should one contact equifax or transunion even if sin was not compromised?