• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Archived

This topic is now archived and is closed to further replies.

High Grade Comics Hacked?

Started by skypinkblu,

96 posts in this topic

skypinkblu

skypinkblu

Posted
  • Author
Posted
I got the email and have no recollection of signing up at that site. I've never purchased anything from this site

 

:shrug:

I signed up for you.

 

You must have signed up for me, too...because I'm pretty sure, I've only purchased from Bob in person;)

 

But I changed my Amazon Password in case. Good advice from people here. The only problem is, it's so convoluted I'll never remember it;)

 

The Password, not the advice;)

Link to comment
Share on other sites
Jeffro.

Jeffro.

Posted
Posted
I got the email and have no recollection of signing up at that site. I've never purchased anything from this site

 

:shrug:

I signed up for you.

 

You must have signed up for me, too...because I'm pretty sure, I've only purchased from Bob in person;)

 

But I changed my Amazon Password in case. Good advice from people here. The only problem is, it's so convoluted I'll never remember it;)

 

The Password, not the advice;)

 

Sometimes I think it's best to select the forgot password link every time I want to sign in to these commerce sites. I would think that by doing that, it would be pretty secure because you are using a new completely random password each time.

Link to comment
Share on other sites
Sqeggs

Sqeggs

Posted
Posted
I got the email and have no recollection of signing up at that site. I've never purchased anything from this site

 

:shrug:

I signed up for you.

 

You must have signed up for me, too...because I'm pretty sure, I've only purchased from Bob in person;)

 

But I changed my Amazon Password in case. Good advice from people here. The only problem is, it's so convoluted I'll never remember it;)

 

The Password, not the advice;)

 

Sometimes I think it's best to select the forgot password link every time I want to sign in to these commerce sites. I would think that by doing that, it would be pretty secure because you are using a new completely random password each time.

 

If you use a Mac, you get a randomly generated pw that (through iCloud) you can use across devices. Seems like a good way to do it so you don't fall into the trap of relying on a single pw for many sites.

Link to comment
Share on other sites
lizards2

lizards2

Posted
Posted
Should I be more concerned I did not get an email? (shrug)

 

I'm registered and have a want list yet have not purchased anything off the site. Perhaps it was a focused hack after the individuals with purchase history?

 

I registered to make semi-low-ball bids after Bob claimed he priced high but had some incredible wiggle-room on most books. I dreamt my bids would somehow be accepted, but never were. Never purchased anything, but I got the email too. Several of those books sit on the site with larger prices today.

 

did he counter at all?

Yes. But, we were too far apart for me to contemplate going farther.

 

To his credit, I think he recognizes the general cheapness of the CGC Boards. I bid on his current eBay auctions, but the best I've done is runner-up.

Link to comment
Share on other sites
comicwiz

comicwiz

Posted
Posted

I consider myself tech savvy, and I had my PayPal account hacked about a month and a half ago. They transferred everything from my balance all in one shot into a shell acount, and it was a significant dollar amount.

 

To this day, I still am not 100% sure how they did it. It was both eye-opening and mind-numbingly frustrating.

 

A week prior, I received a spoof PayPal message saying my account was suspended, asking me to confirm my account information. Normally I ignore these messages, but the timing was uncanny and too coincidental. I got my back up to this particular message because of two reasons. One, they were asking for my social insurance number, which I have a right to refuse. The second is that a few days prior, I had filed a dispute against a seller who I'd sent money to and didn't send me my merch - my first dispute in over 15 years of using PayPal.

 

I did not click any links or provide them any information. Instead, I called PayPal and began reading them the riot act. Thinking, that the dispute resolution process was the culprit, I railed on them for asking me for this information and suspending my account, not realizing that it was a scam message.

 

About a week later, I logged-on to my computer in the early AM to get some work done before getting the kids ready for school. My saving grace was that I had a complaint filed because otherwise I wouldn't have checked my PayPal account. I log-in and see my account empty, and a transaction that occurred before 9AM EST from a guy out in Spain. I can't tell you how nerve wracking that whole situation was. The first PayPal guy was not helpful, and told me I had to wait 48 hours for them to look into and investigate. I was flustered, needing to get back to work, and getting nowhere with him, so I hung up.

 

The next day (a Saturday) I called again and when the guy started saying they had to look into it, I asked him if he was qualified to check the referral log and IP for the fraudulant transaction. I then instructed him on exactly how to differentiate the IP activity for that transaction, and to compare it with all other activity on the account. He said, yeah I definitely see what you're talking about. I told him to also lock that account, and that if PayPal wouldn't look into it themselves, that I would instruct Interpol to ask for it by warrant. This person was a criminal and had committed a high dollar amount theft. I guess he didn't like how that was sounding so he immediately refunded me the money, and told me PayPal would take care of it.

 

I've since activated a PIN number on login. It's a second step, and a bit of a hassle as you need to wait for a text that sends you a six digit passcode, but I won't take any more chances.

 

Now if this kind of thing is happening with PayPal, I can totally understand how a comic collectibles site would be compromised. The only sure fire way to eliminate the risk of being hacked is to pull your internet plug out of the wall and use a vivid imagination to surf the web.

Link to comment
Share on other sites
Ken Aldred

Ken Aldred

Posted
Posted

The password I used was specific to the HGC site and I only ever used Paypal, so I should be okay.

 

Like you, it's pretty much a redundant account for me now, anyway.

Link to comment
Share on other sites
zuulioso

zuulioso

Posted
Posted
I consider myself tech savvy, and I had my PayPal account hacked about a month and a half ago. They transferred everything from my balance all in one shot into a shell acount, and it was a significant dollar amount.

 

To this day, I still am not 100% sure how they did it. It was both eye-opening and mind-numbingly frustrating.

 

A week prior, I received a spoof PayPal message saying my account was suspended, asking me to confirm my account information. Normally I ignore these messages, but the timing was uncanny and too coincidental. I got my back up to this particular message because of two reasons. One, they were asking for my social insurance number, which I have a right to refuse. The second is that a few days prior, I had filed a dispute against a seller who I'd sent money to and didn't send me my merch - my first dispute in over 15 years of using PayPal.

 

I did not click any links or provide them any information. Instead, I called PayPal and began reading them the riot act. Thinking, that the dispute resolution process was the culprit, I railed on them for asking me for this information and suspending my account, not realizing that it was a scam message.

 

About a week later, I logged-on to my computer in the early AM to get some work done before getting the kids ready for school. My saving grace was that I had a complaint filed because otherwise I wouldn't have checked my PayPal account. I log-in and see my account empty, and a transaction that occurred before 9AM EST from a guy out in Spain. I can't tell you how nerve wracking that whole situation was. The first PayPal guy was not helpful, and told me I had to wait 48 hours for them to look into and investigate. I was flustered, needing to get back to work, and getting nowhere with him, so I hung up.

 

The next day (a Saturday) I called again and when the guy started saying they had to look into it, I asked him if he was qualified to check the referral log and IP for the fraudulant transaction. I then instructed him on exactly how to differentiate the IP activity for that transaction, and to compare it with all other activity on the account. He said, yeah I definitely see what you're talking about. I told him to also lock that account, and that if PayPal wouldn't look into it themselves, that I would instruct Interpol to ask for it by warrant. This person was a criminal and had committed a high dollar amount theft. I guess he didn't like how that was sounding so he immediately refunded me the money, and told me PayPal would take care of it.

 

I've since activated a PIN number on login. It's a second step, and a bit of a hassle as you need to wait for a text that sends you a six digit passcode, but I won't take any more chances.

 

Now if this kind of thing is happening with PayPal, I can totally understand how a comic collectibles site would be compromised. The only sure fire way to eliminate the risk of being hacked is to pull your internet plug out of the wall and use a vivid imagination to surf the web.

 

It's called Two Factor Authentication and I highly recommend it on any account you can get it on. It requires that you have a device in hand as well as a username and password. There is an android/ios app called "Authenticator" that has a code that is valid for 30 seconds then it changes. When you are trying to log into a site that supports it it prompts you for the code and you have to enter it to gain access.

 

I wish more financial institutions did this.

Link to comment
Share on other sites
Dark Prime 0

Dark Prime 0

Posted
Posted
I got the email and have no recollection of signing up at that site. I've never purchased anything from this site

 

:shrug:

I signed up for you.

 

You must have signed up for me, too...because I'm pretty sure, I've only purchased from Bob in person;)

 

But I changed my Amazon Password in case. Good advice from people here. The only problem is, it's so convoluted I'll never remember it;)

 

The Password, not the advice;)

i always write everything down on a post it note and have them all in a draw. it can be a pain to look through them all to find the one i want but they are all unique. make sure you write down all info though. site, user name, password, and security question w answers

 

also for the security questions never pick the right answer, always do odd ball ones. like "what was your 1st pet?" i've put cow, goat, child, chair, leg and others

 

i generaly have a default password on sites that i'm not putting my CC with just to make it easy to remember. the ones with CC's all get unique passwords and SQ answers

Link to comment
Share on other sites
blazingbob

blazingbob

Posted
Posted

Afternoon all.

 

I'm sorry for the lateness in responding on the forums with this.

 

For those who have posted the email my website was hacked into over the weekend while I was attending the Wizard New Orleans show.

 

I was first alerted by a X-men #1 6.5 being ordered by Josh of Comiclink using an old account.

 

Immediately after this purchased I was alerted that the same IP address was logging in using a different account name.

 

All information was forwarded to my Web Developer team and I was notified that we were hacked, how they got in and what they captured.

 

We identified how they got in, this has been corrected.

 

We identified what queries they ran and the information they captured - Name/mailing address/user id/passwords were captured.

 

No credit card information was captured.

 

Because user id/passwords were captured we reset all user accounts that had passwords on file. If you use the same email/password combination for other website you should immediately change that password. This type of hack seemed to target User id/passwords. You may have been in my system with a email address because we've communicated but unless you registered you wouldn't have had a password on file.

 

The sequence of how the emails were sent out was not correct. The 2nd email should have gone out first followed by the password reset. I was driving when this occurred and all hell broke loose on my phone and email account. I am sorry about how you were notified.

 

I have responded to all emails about the password being reset before the 2nd email came out.

 

I am currently working on all requests by customers who haven't remembered their password.

 

I have responded to all customers who requested that their accounts be deleted.

 

Bob

 

 

 

 

Link to comment
Share on other sites
blazingbob

blazingbob

Posted
Posted
If someone gets your login info they cannot use it to infect your computer.

 

No, but they can use it to buy a lot of stuff under your name. You might not end up having to pay for it but certainly wouldn't be fun.

 

Because all user passwords have been reset that "someone" cannot order under your name.

 

Bob

Link to comment
Share on other sites
JayT

JayT

Posted
Posted
If someone gets your login info they cannot use it to infect your computer.

 

No, but they can use it to buy a lot of stuff under your name. You might not end up having to pay for it but certainly wouldn't be fun.

 

Because all user passwords have been reset that "someone" cannot order under your name.

 

Bob

 

I think the implication is that if someone uses the same log and password as on the site, it can be used to log in to other places such as Amazon, Paypal, Banking, social media etc.

Link to comment
Share on other sites
Go to topic listing