Recent Events, Account Security and Protecting Yourself - Official Message

[jim881]

He should be able to log back in now. Please let him know.

Why can't we see his posts....any of them. I believe this isn't sorted at all and people to be very wary there is a strong possibility a MODERATOR ACCOUNT has been seized, just because a MOD says it it doesn't mean its been sorted.

 

[Ecko]

Why can't we see his posts....any of them. I believe this isn't sorted at all and people to be very wary there is a strong possibility a MODERATOR ACCOUNT has been seized, just because a MOD says it it doesn't mean its been sorted.

I removed the temp ban on him and he is showing as clear to me. I currently do not have an answer as why his posts are not showing at this time.

 

[Ecko]

I would advise everyone to tread with caution on transactions for a little while till this is cleared up.

 

[jim881]

I would advise everyone to tread with caution on transactions for a little while till this is cleared up.

Tread with caution!!! It should be ceased with immediate effect and the site shut until this mess is sorted.

 

[cacatman]

What Happened

As some of you are already aware, last night / early this morning, 3 accounts on the forum were compromised @QLR1 @GRFMotorsports @subysti2007. Using these accounts the scammer than proceeded to engage in several deals for Oakley items, receiving payments from several members primarily through PayPal Friends and Family. If you engaged in a deal last night with one of those members along these terms, you are unfortunately likely a victim. Please see the steps below we've outlined for what you can do to potentially receive your money back and how to protect yourself in the future.

As many of you have also pointed out, clearly this scammer was researched and prepared. They appear to have read the forum and knew what pairs to post / prices / values etc. This just means they were a better scammer than most and thats unfortunately why they were able to success (at least initially). As with anything on the internet there are varying levels of complexity.

How this Happened / What we are doing
1) We have already secured the accounts of the members, reverting their emails to the original accounts and resetting all passwords on their accounts. We have been in contact with 2 of 3 of the members @QLR1 and @GRFMotorsports already and confirmed with them they are in control. Since we have not heard from @subysti2007, we have restricted his account. However you should proceed with caution until the all clear is given.

2) We have investigated the logs and as of our initial investigation there is no evidence that the forum security was compromised at either the server or forum level. We already have confirmed that there has been no unauthorized access privileged server accounts/databases. However we are still proceeding to conduct a full database and site audit row by row to confirm our initial conclusion and ensure we are protecting the community. I will also note that in addition to SSL/HTTPS on the forum all passwords are stored hashed and encrypted, never in plain text. Meaning even our server team can never see your password.

3) So how did this happen? The scammer who gained access appears to have had access to either the comprised accounts password or underlying email addresses. This likely occurred due to a compromised password being reused across accounts. Over the years data breaches (Equifax, Target etc.) have leaked HUGE amounts of data online for scammers to buy/sell/use. Some never get used, some do. Scammers thrive on a password being used over and over again and it looks like this is that type of situation. We have already informed the affected accounts to reset their passwords across emails/any other similar accounts. But also see below for some tips we can all use to protect ourselves.

How to protect your accounts and security online

These tips are not just for the affected members but can be followed by everyone on any website.

1) Change your account password - This is an easy first step to confirm your account security and prevent any authorized access, should the scammer have additional passwords at their disposal. Which leads in to #2.

2) Use strong passwords and change them on a periodic basis/when you're alerted of a breach - Breaches do happen, and if they occur, by law you should be alerted. When you get one of those emails make sure to not just ignore it but change your password on any account its being used (not just the important ones like your bank). This incident is a great example of how a simple Oakley Forum account can still reap benefits for members

For strong passwords - check out this site: Strong Random Password Generator

3) Use 2 Factor Authentication - We offer 2FA on the forum under the Account Security option area. This means when you login, in addition to your password an addition token will be required. There are several options for getting this token including an App or Email. However this is just another layer of security, should you wish to use it.

4) Secure your email - An email account is the easiest way to gain access to tons of other accounts since a simple reset link lets a scammer set a new password, lock you out and change it to their email. Especially for emails, use a secure password and change it often!!

5) Beware of PayPal F&F!! I know we say this all the time and are a broken record but this is a clear example where scammers love F&F. 3% fees are not worth it. Yes these were trusted members and I do understand that but you don't ever really know who's on the other side of that keyboard. Especially in the coming days be very wary of any members trying to use F&F!!

What to do if you are a victim

1) File a dispute - As Mods have already suggested, reach out to your credit card company/bank and request a chargeback/file a dispute. You will likely need to wait for the charge to post before being able to do this so it may take 1-2 days.

2) Be wary of any similar requests in the coming days and be sure to keep an eye on any suspicious behavior. This person clearly knew Oakleys and our community. This scammer was prepared, and unfortunately it paid off. But we can be diligent and stop it from happening again.

If you are aware or suspicious of any other potentially compromised accounts, please reach out to me via PM. Happy to answer any questions here.

Can you publicise what the PayPal F & F email account was used? or were they different???

 

[jim881]

Where are the mods that are actually engaged !?!?

98% of the mod team are just dudes that don't even engage in this entire forum - the only way they know something is up is when they receive an email notification from someone who reported a post or tagged them...

we need to clean house...

Luckily @Ecko has engaged with the forum at the right time and given advice to be wary on transactions due to the fact ANYONE can be hacked.....

 

[Wicked]

hopefully mines doesn’t get axed. If i started selling R1s you know it aint me. If i start selling frogs for like 600 each well maybe @Wicked hacked into my account

Just FYI......I’d ask more for frogs

 

[OakleyBoss]

Yes

Luckily @Ecko has engaged with the forum at the right time and given advice to be wary on transactions due to the fact ANYONE can be hacked.....

Agreed, big thank you to @Ecko. It appears that the scammer was stopped early and the accounts have been secured. Working with both members to confirm.

Also am very happy to see a lot of members changing their passwords / enabling 2FA. Looking at additional options including more complex password security, forum wide password reset etc.

Still as of this moment there is no evidence of any data breach/ leaked on the Oakley Forum side. This appears to be a bad actor with reused password data / phishing. We are working through banning IP ranges etc. as well.

But in the mean time please BE EXTRA CAREFUL with any transactions on the forum!

 

[jim881]

@OakleyBoss
I think it's time for more drastic action's to protect members of the forum. Can't you pull the plug on the whole site until a thorough investigation has taken place? If this carries on no-one will trust anyone and members will leave. I'm no IT bloke but this person seems to be able to access quite a few accounts, including MODERATOR.
Also why can't we see waveclouds posts any of them?

 

[fredam2008]

@OakleyBoss and Mods

We can prevent these such scammers in here by:

1. Educate all the users (everyone) by changing their password and enable 2-factor authentication method. This is not enabled by default. To do this, you need to go to your Profile - > Security and Pasword and Enable 2-Factor. Note, it is much safer to use the mobile app than email for obtaining the code, email can easily get compromised, unless your phone got stolen.
2. Be vigilant and know who you're dealing with. If the person you are dealing with here sounds like Clown or aint too good to be true then report them to the admin here.

If you want to catch this morons, log an incident case and engage with the Web site hosting provider of this forum to investigate the logs from their database and web servers. This can easily be tracked, they will only ask you of the thread and time window of the incident and they can trace these morons ip address location world wide. Trust me I know what I am saying as I work in the IT Security industry for years! If you need any help let me know. I can assist you.