• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Archived

This topic is now archived and is closed to further replies.

High Grade Comics Hacked?

Started by skypinkblu,

96 posts in this topic

skypinkblu

skypinkblu

Posted
Posted

I just got this email in answer to the one that I responded to about changing my password. I said I didn't ask to have my password changed.

 

I signed up on Bob's site eons ago, so I have no idea what my password was. I also don't know if it's phishing (the email) or others got it, too?

 

Just in case, here is a heads up and the email I got from High Grade Comics.

 

Dear Sharon,

 

The purpose of this email is to inform you that HighGradeComics.com suffered an attack by hackers over the weekend. While we can confirm that the attack did not compromise our server, we believe that the hackers were able to pull the names, email addresses, and passwords of some of our customers. You are receiving this email because we believe you were one of the customers who may have been affected.

 

The good news is that we have identified the security vulnerability that the hackers exploited, and closed it. We do not believe it will be possible for anyone to launch a similar attack and succeed in the future. However, as a safety precaution we have reset your password. You should have received an email to this effect a few moments ago.

 

More importantly, if you use the same email address and password combination for any other web sites, we strongly recommend that you update your passwords for all of those sites. This will prevent anyone from attempting to impersonate you on another site using this email / password combination.

 

We are truly sorry for this inconvenience and, as stated above, we are doing everything we can to ensure that the problem does not happen again. Please let us know if you have any further questions.

 

Sincerely,

 

Bob Storms

HighGradeComics.com

Link to comment
Share on other sites
robocard

robocard

Posted
Posted

I received both emails as well. I am in the same boat as Sharon and have a ton of sites to change to be on the safe side. Hacking a comic site, even a good one, would seem to be on the lower end of what to hack.

 

Probably someone Bob did not smile for at the last convention.

 

 

 

:jokealert:

Link to comment
Share on other sites
TheWatcher

TheWatcher

Posted
Posted

It's legit. Talked to Bob's wife and she said that the site had been hacked over the weekend and that some emails and passwords may have been compromised. The email was generated by their IT guy, I believe, for anyone registered on the site. Bob is in New Orleans right now, so I'm sure he'll chime in when he gets a chance

Link to comment
Share on other sites
zosocane

zosocane

Posted
Posted
Same, would be great to have some more information. The email doesn't explain much.

 

Not sure what there is to explain? I got the same message. Site hacked, the prudent thing to do is change your password on other sites. I don't think Bob's site stores credit card information. I'm impressed how quickly and transparently Bob responded -- unlike how some multinational firms "respond" where you hear about a hack through second-hand sources (e.g., media).

Link to comment
Share on other sites
The-Collector

The-Collector

Posted
Posted
Same, would be great to have some more information. The email doesn't explain much.

 

Not sure what there is to explain? I got the same message. Site hacked, the prudent thing to do is change your password on other sites. I don't think Bob's site stores credit card information. I'm impressed how quickly and transparently Bob responded -- unlike how some multinational firms "respond" where you hear about a hack through second-hand sources (e.g., media).

 

i wonder if they got our addresses as well...

 

For one I would like this answered.

Link to comment
Share on other sites
skypinkblu

skypinkblu

Posted
  • Author
Posted
Any IT guys on here that can suggest defensive actions beyond changing one's password?

 

I'm not an IT person, but I'm running Malwarebytes and then I'll do an antivirus scan. I'm also looking for anything new added.

I'm sure an IT expert will know more.

 

Link to comment
Share on other sites
asteroid-comix

asteroid-comix

Posted
Posted
Any IT guys on here that can suggest defensive actions beyond changing one's password?

 

I'm not an IT person, but I'm running Malwarebytes and then I'll do an antivirus scan. I'm also looking for anything new added.

I'm sure an IT expert will know more.

Likely a situaiton where someone did something to comprimise HG's database, either somehow got a connection to it or did something like what's called an sql injection attack. My guess is it was their database only and nothing that would be passed on to a user, so malware/anti-virus isn't needed in this situation (although a good idea as a normal part of life). As long as Bob didn't store CC numbers with the data that they got, which I think is against security agreements with folks like authorize.net, everyone should be fine. I thought the email gave pretty good info on making sure to change anywhere else that you use the same password/user name. That is a risk if you use it on multiple sites.

 

We may all get some spam that we don't want over the next several months though. :sick:

Link to comment
Share on other sites
Mark 1

Mark 1

Posted
Posted
If someone gets your login info they cannot use it to infect your computer.

 

No, but they can use it to buy a lot of stuff under your name. You might not end up having to pay for it but certainly wouldn't be fun.

Link to comment
Share on other sites
Go to topic listing