Shopping Discussion

Possible serious NCIX data breach

  • Last Updated:
  • Jan 6th, 2019 2:43 am
Tags:
Deal Fanatic
User avatar
Dec 25, 2012
5205 posts
4328 upvotes
Toronto
Yeah that has been going around for a while, doubt it has anything to do with NCIX.
Deal Fanatic
User avatar
Dec 19, 2003
7931 posts
45 upvotes
Burnaby
Aetoro wrote: https://www.privacyfly.com/articles/ncix_breach/




copying this from bapcsales reddit

https://www.reddit.com/r/bapcsalescanad ... ta_breach/





If you ever shopped with NCIX I recommend cancelling your credit cards and change your passwords!

I really think this should be pinned

EDIT: Wait I created this post... why am I not the OP anymore wtf
you need to edit your post because it contains outdated and erroneous info
https://www.reddit.com/r/bapcsalescanad ... ?context=3
Jeff selling the server is likely to be using an alias and is not the same person as Jeff Chiang
stop cyberbullying the poor guy and just focus on the true culprit, the guy that bought the servers and try to resell them.
Retired RFD Moderator
Jr. Member
Mar 3, 2012
124 posts
27 upvotes
Montreal, QC
My CC was used online last week by someone in Toronto (PRESTO).
Think it's probably caused by NCIX breach.

Take care.
Deal Addict
Jun 24, 2015
4015 posts
1172 upvotes
Woodbridge, ON
Poutinesauce wrote: Well, he really stated that in the thread title, was a password that he only used for NCIX.

Just because it's a scam that happened before with other data leaks, doesn't mean that it can't happen with NCIX. Because scammers will just try to use whatever tactic works, at least for a small amount of people.

I agree we don't yet have credible evidence, but people should remain vigilant.

If you receive something like that, the only proper thing to do is ignore it.

Although I admit I would really be tempted to reply with a picture of tubgirl.
I got the same email too. now i never dealt with NICX but I did buy computer parts from a local online web site, could it be possible ncix was using their data base for third party stores? other than that i never give out this email address to anyone.
Hi
Deal Addict
Aug 12, 2004
4458 posts
2111 upvotes
Calgary
geokilla wrote: So no more updates on the NCIX security breach?
All I can say is, in the past 2-3 months I had multiple incidents.

- I have had someone log in on and old newegg.com account (before newegg.ca) and changed the email logged in. I contacted newegg customer service proved I was the owner, and had the account banned.
- someone logged in to my Bodog poker account (he gambled my money on it and won, I caught the withdrawal attempt to bitcoin waller and cancelled it, changed emails and passwords, I actually profited like 50$)
- someone logged in to my Gear best account. I got an email from Gear best went in, changed email, deleted address.. (why is the site censored here???)

Most of these were older accounts that I have not changed passwords recently or used in years and some I didn't even remember, and none of my cc info and even address is current. And I hadn't bought anything at NCIX for about 3-4 years. And since the logins are successful, who knows what older accounts may have been compromised I know nothing about.

Whether this was a result the NCIX breach or another breach in the past, I cannot really know. All I know is constantly change your passwords and even emails at least once a year and stay vigilant.
Deal Expert
Jan 7, 2002
21067 posts
15012 upvotes
Waterloo, ON
Firebot wrote: Whether this was a result the NCIX breach or another breach in the past, I cannot really know.
Exactly. If you used the same password with more than just NCIX then the incidents you describe could be related to a breach or breaches at those other sites.

Until multiple people whose NCIX passwords were unique and relatively strong report incidents where the info they had on file with NCIX was used elsewhere, there's no way to conclusively lay blame against anyone associated with NCIX.
All I know is constantly change your passwords and even emails at least once a year and stay vigilant.
Even more important is to ensure that you use strong, unique passwords on every site that stores information that you'd like to keep confidential. Frequent password changing is overrated. Besides people who don't have good passwords in the first place are least likely to change them regularly.
veni, vidi, Visa
Deal Guru
User avatar
Mar 1, 2008
14306 posts
3474 upvotes
Toronto, Ontario
Just saw. Pays to be a criminal in Canada.
here is the decision made by the judge

[32] I am unable to accept most of the rest of the evidence in Warner Affidavit #1 as being inadmissible hearsay evidence. Even if I exercised my discretion to accept the evidence as permissible hearsay evidence, I would determine that the evidence is unreliable.

[33] It is clear that the genesis of the proposed action is a blog post made by Mr. Doering. Mr. Warner has no personal knowledge of any of the facts in support of the claim. Rather, he relies on the information contained in that blog post. He swears that he believes Mr. Doering’s statements to be a faithful and accurate account (para. 11). He goes on: “In particular, I believe that some or a majority of the mishandling of [Netlink’s] customer databases, including my own private information, took place during the course of [Netlink’s] bankruptcy and under Bowra’s supervision and control.” This last statement is incorrect since Mr. Doering does not make any such statement in his blog post. Mr. Warner’s beliefs are not facts, but rather argument and conjecture.

[34] Mr. Warner relies on two more sources of information in his affidavit:

a) an article or blog post of Daniel Dent who says he attended a preview and sale held by Able; and

b) a YouTube video made by Linus Sebastian who says he attended the sale by Able.
Deal Expert
Jan 7, 2002
21067 posts
15012 upvotes
Waterloo, ON
geokilla wrote: Just saw. Pays to be a criminal in Canada.
Huh? What evidence is there of any of the following...
(a) that there was criminal intent in buying the NCIX servers/HDDs with unencrypted customer data?
(b) that anyone has given or sold this data to third parties with the intention of committing criminal acts with it?
(c) that anyone has made money from that data, e.g. by using it to defraud former NCIX customers and/or commit identity theft, etc.?

Under our [and the rest of the developed world's] criminal justice system a judge has to rule based on the evidence presented to them. The judge ruled that the "evidence" presented to him was " inadmissible hearsay." Further, even if he were to allow it, it wasn't reliable. because the allegations were made by someone with "no personal knowledge of any of the facts." Further still, the claims made "are not facts, but rather argument and conjecture."

You may be persuaded by the "fake news" in Warner's blog. You may not like this situation, believing that someone got away with a crime of some sort. But until some real evidence based on facts is presented by people who have personal knowledge of those facts and who can be cross-examined, etc. there's nothing to see here--other than in this instance the Canadian criminal justice system worked exactly as it should.
veni, vidi, Visa
Deal Guru
User avatar
Jun 27, 2004
12679 posts
2074 upvotes
Vancouver.bc.ca
Yeah, it sucks, but I can't say that I disagree with the judge. It should have been someone with first hand experience to file the action. I guess he should have gotten better legal counsel.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)