Paypal Warning!!

[Edge]

Guys please use me as an eexample and CHANGE your password on Paypal from that which you used on RWG1 or TRC.

Long story short someone hacked one of my PP accounts and my TRC account and posted watches for sale that I don't have. I was locked out of my account until this afternoon and returned to find that apparantly I sold a fiddy and a 1665 last night at 2am my time, while I was fast asleep.

ALL buyers will receive their money back when I regain access to my PP account and the only one to lose out of this will be me. £467 that was in my account and also $200 for a dial which was a deal I will honour despite lack of access to the funds.

I hope that this is a lesson to you all and that you change your passwords NOW!!

 

[crumpdaddy]

Oh sh*t man.....I am sorry to hear this.
It's a shame people have to resort the sh*t like this.
Off to paypal to change my mess RIGHT NOW!

 

[takashi]

Lesson learnt, don't use the same password for different sites. Change your password often too. As far as possible, use a good password. For a definition of a good password, google them! :twisted: Feel sorry for that Edge.

 

[sevomd]

Yeah Chris

I saw that sale. I even PM'd him about the watch on TRC, but the response was strange. English wasn't his first language. But could not be sure since the forum name was edgewatches.

Eddy

 

[Edge]

That is my old nick, which I used on RWG1 and TRC. I don't use TRC that much and haven't bothered to change my Nick/Pass in ages.

I read some of the PM's when I regained access to TRC this afternoon and they are SHOCKINGLY bad english some of the words I couldn't decifer, and ALL SALED!! c'mon lol.

I gues you live and you learn i'm out a bit of cash but at least I have learned a valuable lesson. PAYPAL SUCKS!!!

PS my password was 10 alphanumeric characters with a non printable character also so it wasn't easy to crack, the probability of cracking it is astronomical, and should take about 300000000 years.

 

[takashi]

And before you can change your PP password, there are a few security measures, this includes retyping all credit cards details. An email will be sent to you to notify that password has been changed. Hmmm, it's the status quo...

 

[crumpdaddy]

And before you can change your PP password, there are a few security measures, this includes retyping all credit cards details. An email will be sent to you to notify that password has been changed. Hmmm, it's the status quo...

You're right. Just changed my pw, and had an email waiting in my inbox almost instantly.

 

[geopatr69]

:shock: :shock: Sorry to hear that Edge!! That really sucks!! Do you have any idea how they got that information? :shock:

 

[Dutchy]

Edge this is horrible,

Its been mentioned RWG, I fully agree (despite what Edge will say!!!) We have to help him out, he does not deserve this! I for one am 200% willing to help out in any way possible.

Come on guys, who's in to help him out?!!!

 

[Edge]

My primary concern is retribution to the members involved in the TRC scam. I have spoken to paypal and they have assured me all will be fine. The scammers tried to withdraw the funds to another account but that has been reversed and the funds put back into my PP account, the password has been changed, though Only Paypal know what it is lol. So when I gain access to the account in the coming days then I will issue the refunds or if it takes longer than 10 days to regain access the refunds will be automatically issued, so as I said I have made sure all members will get their money back.

ATTENTION cib0rgman, the deal we had for the dial has been honoured and the dial has been sent even though I will never see the $210 that you sent don't worry it will be with you soon.

Chris

 

[Happy T]

Sorry to hear Chris.

Question... do you feel your pass word for PP was farmed from TRC or RGW somehow? I'm not sure I follow how that could happen. How is a PP password associated to these sites directly? Any ideas?

 

[longshot]

Sorry to hear Chris.

Question... do you feel your pass word for PP was farmed from TRC or RGW somehow? I'm not sure I follow how that could happen. How is a PP password associated to these sites directly? Any ideas?

Some peopel use the same password for everything. So I suppose a f*cking low life scum could hack the passwords and email address from the boards and just keep trying them on PalPal until one worked?

Sorry it had to happen to a member here!

But thanks for the heads up, even though I use different passwords it was time to change mine anyway, so I did :wink:

 

[pugwash]

Question... do you feel your pass word for PP was farmed from TRC or RGW somehow? I'm not sure I follow how that could happen. How is a PP password associated to these sites directly? Any ideas?

Here's the Pugwash theory. RWG1 was hacked. We know this as fact. The hackers could have very, very easily added a sniffer on the login page so that anyone logging in after their visit would be giving them their login/password in plaintext for free.

Chris has already said his paypal password was the same as his RWI1 password, and I'd guess his registered email was his paypal email, but that part isn't necessary, as he probaly had mention of his paypal address in a PM or a Post.

This is all much, much easier than cracking the encrypted password database.

 

[daytona4me]

Man... Sorry to hear that Chris, if he was in US I would
help you track him down but sure sounds like he's not.
Someone get ahold of a backup of the site with password info?
If the passwords sit on a site file somewhere unencrypted
that would be a really bad thing!
Let me know if I can help!

Greg

 

[higgy]

WOW so sorry to hear this Edge. Going to PP now...

Higgy 8)

 

[pugwash]

Someone get ahold of a backup of the site with password info?
If the passwords sit on a site file somewhere unencrypted

Read my theory of what happened above your post.

 

[Edge]

Thanks for all of the kind words and support guys.

I thank you al for your help through this. I have received some donations direct from members which I thank them greatly for.

RWG have set up an Edge fund which I cannot thank them enough for, it really is above and beyond, I don't know what to say. I have achieved my main concern which is to make sure that the buyers receive their money back as this is guaranteed within the next 10 days, so now I am trying to sort out my shit and get the deals I had in place honoured without having the cash for them, it's shitty but the right thing to do.

I will keep you guys posted on what's happening thanks a lot for your support.

Chris

 

[daytona4me]

Question... do you feel your pass word for PP was farmed from TRC or RGW somehow? I'm not sure I follow how that could happen. How is a PP password associated to these sites directly? Any ideas?

Here's the Pugwash theory. RWG1 was hacked. We know this as fact. The hackers could have very, very easily added a sniffer on the login page so that anyone logging in after their visit would be giving them their login/password in plaintext for free.

Chris has already said his paypal password was the same as his RWI1 password, and I'd guess his registered email was his paypal email, but that part isn't necessary, as he probaly had mention of his paypal address in a PM or a Post.

This is all much, much easier than cracking the encrypted password database.

Thats funny, you posted at 11:00 & me at 11:01, I was typing mine while you were posting yours :lol: . I had deleted from my post mention of a sniffer because I really dont know much about them & didnt want to sound stupid but the thought did cross my mind.
Many times people keep backups of their site on a different server with less security, they think "It's only a backup" but it is very easy to restore a backup & if that is the case... they could
sit on their pc & take their time hacking it! I had my old IT manager backup our site & put it on a free site. I didnt know it untill I fired him for obvious reasons & when cleaning up his pc & didnt recognize a file name, I googled it & found a similar file just a couple months old sitting out there on a free storage site... ready for download. I couldnt beleive it! Happy that guy is gone.

Happy to hear that people are coming through for Chris!

 

[pugwash]

they could sit on their pc & take their time hacking it!

Sure, if they had a huge botnet and a few months. You can get a few insecure passwords off a database dump, but the complex ones, like Edge's, would take several years or decades to crack with a huge zombie botnet.

He had to have been sniffed by people who compromised the login page on RWG1.

 

[daytona4me]

Well, I'm now using a new password because of all of this.
I found a password generator online here: https://www.grc.com/passwords.htm .
It works so well I cant even use it. :shock:
Maybe others will be more likely to remember the 63 or 64 digit password this thing generates??