Last week an account of a long standing member was accessed by a scammer, the email address and were password changed, locking the member out of the account.
The scammer then posted an ad on the marketplace, and managed to scam someone out of a large amount of money.
This is an awful situation, and one that I would like to not happen again.
As an example, last week a massive amount of userdata (70 million+ accounts) was leaked from eyewear firm Luxottica (which makes eyewear under the brands Ray-Ban, Oakley, Chanel, Prada, Versace, Dolce and Gabbana, Burberry, Giorgio Armani, Michael Kors, and many others. The company also operates Eyemed)
Ideally, use the password management options in your browser or use a password manager to help create secure unique passwords for each site you visit. (About Password Managers)
You can also turn on two factor authentication in your account (What is 2FA)
Quote from the above linked article:
This one is particularly important:
I’ve installed a Password tools add-on, which allows us to specify certain restrictions on passwords. (For example, the longer it is, the more difficult it is to crack), and also warn members when their password is weak.
I will see if I can adjust the templates of the Marketplace to warn people about not using Friends and Family.
Any questions, please ask
The scammer then posted an ad on the marketplace, and managed to scam someone out of a large amount of money.
This is an awful situation, and one that I would like to not happen again.
How to keep your Basenotes account secure
This information applied to any site - but ideally you should use a different password for each site. The reason being, if one site has its database breached, then someone could log in to any of the other sites you are a member of with the same password.As an example, last week a massive amount of userdata (70 million+ accounts) was leaked from eyewear firm Luxottica (which makes eyewear under the brands Ray-Ban, Oakley, Chanel, Prada, Versace, Dolce and Gabbana, Burberry, Giorgio Armani, Michael Kors, and many others. The company also operates Eyemed)
However, more recently, the database was leaked in its entirety for free on April 30th and May 12th, 2023, on different hacking forums, making the data far more accessible to threat actors. Andrea Draghetti, the leading researcher of the Italian cybersecurity firm D3Lab, analyzed the leaked data and confirmed to BleepingComputer that it contains 305 million lines, 74.4 million unique email addresses, and 2.6 million unique domain email addresses.
Ideally, use the password management options in your browser or use a password manager to help create secure unique passwords for each site you visit. (About Password Managers)
You can also turn on two factor authentication in your account (What is 2FA)
Quote from the above linked article:
2FA will stop most hacking attempts in their tracks, because the second factor depends on something being with you: your phone, your fingerprint or your security key.
How to avoid getting scammed in the marketplace
Linked at the top of each marketplace listing is links to the FAQ , which includes how to protect yourself as a buyer.This one is particularly important:
- Paypal offers Protection for Buyers for items not received and items significantly not as described. You cannot use this if you pay for the item as a ‘Gift’ or ‘Friends and Family’. (some sellers may ask for this in their conditions, and it is your responsibility to decide whether you wish to do this. In these cases the seller may add on the extra Paypal fees to the final price.)
What we are doing going forward.
Anyone who hasn’t logged in for over a year, will be asked to reset their password using a link sent to their email address. This will ensure that older dormant accounts can’t be hacked into unless the hacker also has access to the members email.I’ve installed a Password tools add-on, which allows us to specify certain restrictions on passwords. (For example, the longer it is, the more difficult it is to crack), and also warn members when their password is weak.
I will see if I can adjust the templates of the Marketplace to warn people about not using Friends and Family.
Any questions, please ask
