Dodge Dart Forum banner

1 - 20 of 20 Posts

·
Administrator
Joined
·
205 Posts
Discussion Starter #1
You all will be seeing this at the top of every page...the link in the banner is safe, and it will take you to the Vertical Scope (the new owner's) page explaining a breach in their security involving many of the forums they operate.

This breach occurred back in February, several months before this site was transferred to their servers. It's highly unlikely that anyone here would be affected in any way at all. BUT, VS wants to be sure it doesn't happen again, so, as the letter says, they're updating and revamping their security across all their sites--which now includes us. The upcoming password change is all we're likely to see of it, from what I can tell.

That's about all I know for now, but hit me up here if you have any questions. I'll be glad to find out anything I can for you.

Neil
 

·
Premium Member
Joined
·
412 Posts
Verticalscope.com / Dodge-Dart.org hacked again/still?

Did Verticalscope.com get hacked again? I just got an email from someone named "Khanh" in an email thread containing my payment information for my Dodge-Dart.org Supporting Memeber Subscription. This "Khanh" was asking for my username, IP address and email address linked to my Dodge-Dart.org account.
 

·
Premium Member
Joined
·
412 Posts
@pkgmsu2000 this is serious. This guy was responding to the email that had all my paypal information, kinda need to know WTF is going on. Seeing I didn't join until AFTER the above listed breach. If they are still compromised, we all need to know. @WERA689
 

·
Premium Member
Joined
·
6,049 Posts
@pkgmsu2000 this is serious. This guy was responding to the email that had all my paypal information, kinda need to know WTF is going on. Seeing I didn't join until AFTER the above listed breach. If they are still compromised, we all need to know. @WERA689
VerticalScope didn't even own the Forum Foundry sites yet when the breach in question occurred. Personally, I worry more about PayPal. They've locked down my account for "suspicious activity" at least a dozen times now. I've given up and decided to leave it locked down, because it's almost impossible to actually cancel a PayPal account.
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #6
@pkgmsu2000 this is serious. This guy was responding to the email that had all my paypal information, kinda need to know WTF is going on. Seeing I didn't join until AFTER the above listed breach. If they are still compromised, we all need to know. @WERA689
I'm not sure I can see any way the two are related, MJZ. When Vertical Scope was breached, this forum was on physically (and electronically) separate servers, in another part of the world, under different ownership. Any changes to passwords and such are just part of their efforts to ensure that it doesn't happen again.
As for your Supporting Membership payments through PayPal...the auto-renew on that should have been rejected by PayPal, as the old owners are no longer the correct account for these. You'd have to sign up for a new membership via the same post link you followed the first time, which would then go to Vertical Scope's account. If you wish to forward me what you received, I'll be glad to take a look at it for you. You can either PM me here, or you can send it to [email protected].
 

·
Registered
Joined
·
5,313 Posts
whenever the new owners took over, i think this site has been running extremely sluggish, with pages taking a long time to load, especially with pictures. if guys are doing maintenance, its really slowing the site down.
 

·
Premium Member
Joined
·
412 Posts
I'm not sure I can see any way the two are related, MJZ. When Vertical Scope was breached, this forum was on physically (and electronically) separate servers, in another part of the world, under different ownership. Any changes to passwords and such are just part of their efforts to ensure that it doesn't happen again.
As for your Supporting Membership payments through PayPal...the auto-renew on that should have been rejected by PayPal, as the old owners are no longer the correct account for these. You'd have to sign up for a new membership via the same post link you followed the first time, which would then go to Vertical Scope's account. If you wish to forward me what you received, I'll be glad to take a look at it for you. You can either PM me here, or you can send it to [email protected].
I think you are missing what I'm saying. I joined recently. Well after Vertical Scope took over and well after the breach. The payment I made for the Supporting Member through Paypal, was recently, so it went to Vertical Scope. I will forward you the email I received, but it's looking like you guys might have been breached, again, recently.
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #9
Ok, I just got it. At first glance, it looks legit to me....though I'm not (yet) familiar with Khanh....I'm still getting to know the people at VS though, so that's not a major concern just yet.

What I'm seeing is that the email address from the eCheck isn't the same one that's on your account, so they couldn't match up the payment to your account here when they went to go verify it when you contacted them. I do, however, see that your account was credited with the Supporting Member tag on June 28, 2016. To my eyes, that all adds up to a big "No Problem Here", but I'll try to verify that Khanh is one of ours for you. ;)

Neil
 

·
Premium Member
Joined
·
412 Posts
Ok, I just got it. At first glance, it looks legit to me....though I'm not (yet) familiar with Khanh....I'm still getting to know the people at VS though, so that's not a major concern just yet.

What I'm seeing is that the email address from the eCheck isn't the same one that's on your account, so they couldn't match up the payment to your account here when they went to go verify it when you contacted them. I do, however, see that your account was credited with the Supporting Member tag on June 28, 2016. To my eyes, that all adds up to a big "No Problem Here", but I'll try to verify that Khanh is one of ours for you. ;)

Neil
But that's just the thing... I didn't contact them. At all. I paid, waited, checked in with a few admin here and everything got squared away. I never emailed or attempted to contact anyone at Vertical Scope.
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #11
Still seems like VS got your payment, and didn't know who to credit it to. The payment didn't come from your personal email address, and that email wasn't referenced in the confirmation email sent to VS. It appears that they recognized this and reached out to you to make sure the correct account was credited. Since that's already been taken care of by the local staff, there shouldn't be any need to reply. Note that the email from Khanh wasn't to your email of record on your account here...it was to the email address the payment came from at 'codezero'.
 

·
Premium Member
Joined
·
412 Posts
Still seems like VS got your payment, and didn't know who to credit it to. The payment didn't come from your personal email address, and that email wasn't referenced in the confirmation email sent to VS. It appears that they recognized this and reached out to you to make sure the correct account was credited. Since that's already been taken care of by the local staff, there shouldn't be any need to reply. Note that the email from Khanh wasn't to your email of record on your account here...it was to the email address the payment came from at 'codezero'.
So ask for my Email, Username and IP address? What would Vertical Scope need with my IP address? And nowhere did it say they wanted to make sure my account was credited, he wanted to manually change my password on me, after getting my email, username and ip address... seems VERY fishy.
 

·
Premium Member
Joined
·
3,619 Posts
So ask for my Email, Username and IP address? What would Vertical Scope need with my IP address? And nowhere did it say they wanted to make sure my account was credited, he wanted to manually change my password on me, after getting my email, username and ip address... seems VERY fishy.
GIve em your social too! ;)
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #14
Email and username makes perfect sense to me....that's the only way they could properly identify your account here! IP would only serve to verify that the account matches all the info we have. IP addresses are actually pretty weak in that regard, as they rotate among different users all the time...unless you have a static IP with your ISP, it will change every time you log into your ISP. This is even more variable when using a mobile browser. I've seen accounts with literally dozens of posting IP addresses in their histories, and this is quite normal.

IMHO, the only reason you're concerned here is that you bypassed the confirmation and identification of the correct account by having a mod update your member status manually. Had you not done that, this email would have been the correct path to correcting and properly updating your account here. Again, to me, it has every indication of being a case of VS being proactive in making sure you were properly credited for your membership, as opposed to having your money floating around in VS books with no idea to whom it belongs, or how to properly assign it.
 

·
Premium Member
Joined
·
412 Posts
Email and username makes perfect sense to me....that's the only way they could properly identify your account here! IP would only serve to verify that the account matches all the info we have. IP addresses are actually pretty weak in that regard, as they rotate among different users all the time...unless you have a static IP with your ISP, it will change every time you log into your ISP. This is even more variable when using a mobile browser. I've seen accounts with literally dozens of posting IP addresses in their histories, and this is quite normal.

IMHO, the only reason you're concerned here is that you bypassed the confirmation and identification of the correct account by having a mod update your member status manually. Had you not done that, this email would have been the correct path to correcting and properly updating your account here. Again, to me, it has every indication of being a case of VS being proactive in making sure you were properly credited for your membership, as opposed to having your money floating around in VS books with no idea to whom it belongs, or how to properly assign it.
Let me know if or when you locate this "Khanh" person and verify his involvement / employment with Vertical Scope.
Thank you.
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #16
I have requested that confirmation back with your first message. I'll reply here when I've heard back.
 

·
Administrator
Joined
·
205 Posts
Discussion Starter #17
I have verified that the email you received was indeed from the Vertical Scope accounting department, and was sent for precisely the reasons I suspected and related above. To wit: your PayPal email address and your forum email address are not the same, therefore, they contacted you through your PayPal account address to ask which forum account you were paying for. The need for that was addressed when the local staff changed your account to reflect the payment, making accounting's inquiry irrelevant.
 

·
Registered
Joined
·
132 Posts
Your skepticism was highly called for MJZ. I would have acted the same way. ANYONE asking for an IP address should instantly raise a red flag for any user, even if ISP's do assign public IP's to customers via DHCP. Most broadband users in the U.S. don't "log-in" to the ISP (no authentication required beyond the initial modem activation); we live in an ever-connected world. DHCP lease expiration/renewal is probably going to cause IP's to change more often than coming offline and online.

Regardless, we all need to change our passwords not just here but for any other accounts that we have weak passwords and/or haven't changed passwords in over, let's say, a year. BTW, strong passwords of 16 characters or longer are considered "secure". (Not really, but kinda sorda. Lol)
 
1 - 20 of 20 Posts
Top