Warning: Scam email from HIDS4U
Discussion
Hi,
Another Bout of these are going around, different website this time - https://frcl.massif-jurassien.fr/cli/www.hids4u.co... I've deleted my token that fetches my data.
I've heard they are claiming the breach was many years ago but I only changed my email address to the one I'm receiving these on two months ago to this day so that's a load of bull, this is a very recent breach like weeks ago!
Don't think there's much I can do now its out there tho!
Matt
Another Bout of these are going around, different website this time - https://frcl.massif-jurassien.fr/cli/www.hids4u.co... I've deleted my token that fetches my data.
I've heard they are claiming the breach was many years ago but I only changed my email address to the one I'm receiving these on two months ago to this day so that's a load of bull, this is a very recent breach like weeks ago!
Don't think there's much I can do now its out there tho!
Matt
Denis O said:
I got this email at about 14.00 today and thought it looked iffy so sent an email to HIDS asking for advice. I didn't get a reply but just now a general email, from the real HIDS, came through explaining the situation.
The irony is that good old BT, put the phishing email straight into my inbox and the genuine email went into spam, although BT's usage of spam controls is a whole different thread.
Just use gmail. You can use it to collect mail from a BT inbox. I cant remember the last time I got spam in my gmail inbox. The irony is that good old BT, put the phishing email straight into my inbox and the genuine email went into spam, although BT's usage of spam controls is a whole different thread.
Durzel said:
edit: Interestingly I got this email after I'd asked them to delete my account and any data they store about me, which they confirmed they had done.... so...
You realise that the hackers aren't really tapped in "live" to the data every time they send an email, right?Once upon a time someone got past their security and dumped the whole customer database, then sold it on. You can buy massive databases of data like this, often with salted passwords etc included as well.
carl_w said:
Yep, and allow google to parse all of your e-mail text to build up a profile of you to sell your data to advertisers.
https://www.theverge.com/2017/6/23/15862492/google...1) doesn't bother me.. ad blocker, etc
2) they are stopping scanning
3) see 1) - they get far more from other aspects of the web than needing to scan your email.
To be honest if advertising has to exist in some form, and obviously it does, I'd much rather it be targeted based on my actual interests than indiscriminate. Why would that be a bad thing?
(I honestly don't care about Google profiling me. Numerous other entities do it and most people are oblivious or accepting of it - e.g. loyalty cards, etc. I'm not that interesting and most people aren't. Google really does not care about you or I specifically, you (and I) just aren't that important)
(I honestly don't care about Google profiling me. Numerous other entities do it and most people are oblivious or accepting of it - e.g. loyalty cards, etc. I'm not that interesting and most people aren't. Google really does not care about you or I specifically, you (and I) just aren't that important)
fwaggie said:
For the techies amongst you, you can see the files that make up this hacked website by looking at
https :// www.onr-inc.com / cli / www.hids4u.co.uk / (URL mangled to protect people, even though this URL just gives a directory file listing)
Worth sending a copy of the CSV to Troy Hunt to add to https://haveibeenpwned.com/ - he usually prefers where credentials have been exposed but it might be of interest.https :// www.onr-inc.com / cli / www.hids4u.co.uk / (URL mangled to protect people, even though this URL just gives a directory file listing)
I'd recommend anybody with any interest in the security of their online activities to sign up to the notification service of the above site. You can get an instant report of where your email address/passwords have been found in the past.
Durzel said:
(I honestly don't care about Google profiling me. Numerous other entities do it and most people are oblivious or accepting of it - e.g. loyalty cards, etc. I'm not that interesting and most people aren't. Google really does not care about you or I specifically, you (and I) just aren't that important)
Agreed 100%. They are interested in the overall data, not the individual.Example of Facebook:
http://www.bbc.co.uk/news/business-39947942
Unless you spend your life browsing through TOR and only reading with no trackable interaction, then your options for preservation of private data are limited.
Even then they will be able to track an abstract level of user behaviour and profile it.
Gareth79 said:
Worth sending a copy of the CSV to Troy Hunt to add to https://haveibeenpwned.com/ - he usually prefers where credentials have been exposed but it might be of interest.
I'd recommend anybody with any interest in the security of their online activities to sign up to the notification service of the above site. You can get an instant report of where your email address/passwords have been found in the past.
Troy was aware of the issue last week.I'd recommend anybody with any interest in the security of their online activities to sign up to the notification service of the above site. You can get an instant report of where your email address/passwords have been found in the past.
I'm getting pissed off with HIDS4U now, they are not replying to me raising the issue to them and also have not provided any details about what information has been compromised. Is there a formal system to report these guys that would be effective, in this case there are obviously repeated instances of breeches of security and they obviously need to be forced to ensure that their system is secure.
gavgavgav said:
I'm getting pissed off with HIDS4U now, they are not replying to me raising the issue to them and also have not provided any details about what information has been compromised. Is there a formal system to report these guys that would be effective, in this case there are obviously repeated instances of breeches of security and they obviously need to be forced to ensure that their system is secure.
Report it to the ICO - https://ico.org.uk/concerns/handling/HIDS4U have proved themselves to be useless in handling this issue, from my initial emails to them alerting them to the issue and their lack of response when the media approached them. They deserve to be looked at by the ICO.
Prizam said:
My company wrote this. Thought I'd make an account to let you know that if you tweet the ICO, they're more likely to respond much quicker - and publicly Your Dad said:
gavgavgav said:
I'm getting pissed off with HIDS4U now, they are not replying to me raising the issue to them and also have not provided any details about what information has been compromised. Is there a formal system to report these guys that would be effective, in this case there are obviously repeated instances of breeches of security and they obviously need to be forced to ensure that their system is secure.
Report it to the ICO - https://ico.org.uk/concerns/handling/HIDS4U have proved themselves to be useless in handling this issue, from my initial emails to them alerting them to the issue and their lack of response when the media approached them. They deserve to be looked at by the ICO.
Got to say - the ICO process for reporting a concern is a joke, downloading PDF's and word documents and emailing it to them. Embarrassingly out of date practices in that organisation. (hint - the PDF after I filled it out would not same the data - use the word doc if you can, I had to type it all out twice)
Hi All
My name is Pete from HIDS4U. I have read through this thread and following some of the comments, I just wanted to give everyone here the full information as it seems it hasn't got through to everyone via our normal communication channels.
Security
At times like this, it's very easy for everyone to assume that we do not take data security seriously and we've just been hanging everyone's personal data out on a low hanging branch for anyone to pick off. Please be assured this is not in any way the case. We always maintain our website with all the latest security patches and regularly check it for any signs of breaches. However, despite our best efforts, no system is 100% foolproof. Just look at the big names that have had data breaches in recent times such as Bupa, Three, Tesco Bank, Morrison's, Yahoo, Sony Playstation, HMRC and even The Pentagon!
It is for this reason, that we do not store anyone's credit card information so that in the very unfortunate event of a data breach, they can't get direct access to your money!
Following this breach, we have added additional security measures which include anti-phishing email DNS settings, active web firewall and a total review of our website code to identify any new security measures needed. We hired a specialist website security company to investigate and scan the website and we are now as confident as anyone can be that our website is as secure as can be.
No company can ever 100% guarantee that they are hacker proof, but we have as much security as is possible for us to implement.
Our response
There have been a few people on here suggesting we have not responded well to this situation. For this I do apologise, we have reacted as fast and as quickly as we possibly could but understand in the chaos this created, some of you feel the responses weren't to your expectations. The minute we were made aware of the situation, we were flat out trying to shut it down as quickly as possible. Our first priority was to get the phishing websites shut down which involved locating the servers throughout the World, contacting the hosting companies and getting them shut down. While this can appear easy on paper, when you are dealing with companies literally across the Globe (different time zones and languages), it's not quite that simple. Also in most cases, the scammers had hacked someone else's website to host the phishing pages. This means the hosting companies can't simply take down the site as they don't have the access or authority to do so. Instead they must inform the website owner that their site is hacked and hopefully they will act in good time. That time to respond was unfortunately out of our control. However we did manage to shut most of them down within a few hours to minimise the impact.
Simultaneously they signed our email address up to approximately 5000 mailing lists so our email inbox was flooded with thousands of emails that we had to clear out, without deleting real emails that were dotted sporadically within the masses.
Then there were the 100+ phone calls per hour we were receiving (understandably!) about the situation.
And finally, we still had to process customer queries regarding normal daily business (albeit this did get pushed to secondary priority as we dealt with the immediate security issue)
While we would love to have a huge team of customer service representatives to field all of this, we simply don't. We are a small company with limited resources. We simply had to work through all of the tasks ahead of us as best and as quick as we could. If one or 2 emails got missed, we very much apologise, this was not in anyway intentional.
As far as we are aware, we responded to every single email, and continue to do so. We have a phone number on our website and we can be contacted through our Facebook page. We welcome any form of communication and will always respond. Those that are saying they didn't get a response, please call us so we can look into whether we received your emails and give you any information you need. Please also note that due to this situation, a number of our emails have been put into junk/spam folders, please do check there. However we provide a variety of contact options, so please use them if you need any more information.
Specific Thread Queries
Lastly I want to cover off some of the specific queries people have raised through this thread:
gavgavgav - As mentioned above, we have a number of contact options, if you would like specific information please contact us. However you mention we did not provide any details about what information was compromised. This was detailed on our warning email but for clarification they obtained order information, so names, addresses and emails. As also mentioned in our warning email and again above, we do not store CC details so they do not have access to this.
Your Dad - As far as we are aware, we have not been contacted by the media. If we were, dealing with tasks like taking down and preventing further phishing attacks, as well as implementing additional security measures, took priority, sorry.
E36GUY - The initial "wave" of the phishing scam only went to customers from 5+ years ago. As we wanted to notify people asap, this is the information we were working on at the time. Subsequently we found out it was newer than this so sent a follow up email to everyone on our database. We now believe it was in fact a recent breach.
MrJingles705 - All passwords are encrypted so they would not be able to get this data, or even if they got the encrypted data, they would not be able to use it. However, it's never a bad thing to update passwords on a regular basis.
Durzel - We sent the warning email to everyone on our database to warn of the issue. We did not remove anyone as we believed it more important to notify everyone affected. However I can assure you all your data has been deleted from all our systems. You will not receive any more emails from us except in a response to any direct emails you send us.
I do hope the above clarifies the situation and answers your questions. However please do get in contact with us if you need any further information.
Kind regards
Pete
HIDS4U
My name is Pete from HIDS4U. I have read through this thread and following some of the comments, I just wanted to give everyone here the full information as it seems it hasn't got through to everyone via our normal communication channels.
Security
At times like this, it's very easy for everyone to assume that we do not take data security seriously and we've just been hanging everyone's personal data out on a low hanging branch for anyone to pick off. Please be assured this is not in any way the case. We always maintain our website with all the latest security patches and regularly check it for any signs of breaches. However, despite our best efforts, no system is 100% foolproof. Just look at the big names that have had data breaches in recent times such as Bupa, Three, Tesco Bank, Morrison's, Yahoo, Sony Playstation, HMRC and even The Pentagon!
It is for this reason, that we do not store anyone's credit card information so that in the very unfortunate event of a data breach, they can't get direct access to your money!
Following this breach, we have added additional security measures which include anti-phishing email DNS settings, active web firewall and a total review of our website code to identify any new security measures needed. We hired a specialist website security company to investigate and scan the website and we are now as confident as anyone can be that our website is as secure as can be.
No company can ever 100% guarantee that they are hacker proof, but we have as much security as is possible for us to implement.
Our response
There have been a few people on here suggesting we have not responded well to this situation. For this I do apologise, we have reacted as fast and as quickly as we possibly could but understand in the chaos this created, some of you feel the responses weren't to your expectations. The minute we were made aware of the situation, we were flat out trying to shut it down as quickly as possible. Our first priority was to get the phishing websites shut down which involved locating the servers throughout the World, contacting the hosting companies and getting them shut down. While this can appear easy on paper, when you are dealing with companies literally across the Globe (different time zones and languages), it's not quite that simple. Also in most cases, the scammers had hacked someone else's website to host the phishing pages. This means the hosting companies can't simply take down the site as they don't have the access or authority to do so. Instead they must inform the website owner that their site is hacked and hopefully they will act in good time. That time to respond was unfortunately out of our control. However we did manage to shut most of them down within a few hours to minimise the impact.
Simultaneously they signed our email address up to approximately 5000 mailing lists so our email inbox was flooded with thousands of emails that we had to clear out, without deleting real emails that were dotted sporadically within the masses.
Then there were the 100+ phone calls per hour we were receiving (understandably!) about the situation.
And finally, we still had to process customer queries regarding normal daily business (albeit this did get pushed to secondary priority as we dealt with the immediate security issue)
While we would love to have a huge team of customer service representatives to field all of this, we simply don't. We are a small company with limited resources. We simply had to work through all of the tasks ahead of us as best and as quick as we could. If one or 2 emails got missed, we very much apologise, this was not in anyway intentional.
As far as we are aware, we responded to every single email, and continue to do so. We have a phone number on our website and we can be contacted through our Facebook page. We welcome any form of communication and will always respond. Those that are saying they didn't get a response, please call us so we can look into whether we received your emails and give you any information you need. Please also note that due to this situation, a number of our emails have been put into junk/spam folders, please do check there. However we provide a variety of contact options, so please use them if you need any more information.
Specific Thread Queries
Lastly I want to cover off some of the specific queries people have raised through this thread:
gavgavgav - As mentioned above, we have a number of contact options, if you would like specific information please contact us. However you mention we did not provide any details about what information was compromised. This was detailed on our warning email but for clarification they obtained order information, so names, addresses and emails. As also mentioned in our warning email and again above, we do not store CC details so they do not have access to this.
Your Dad - As far as we are aware, we have not been contacted by the media. If we were, dealing with tasks like taking down and preventing further phishing attacks, as well as implementing additional security measures, took priority, sorry.
E36GUY - The initial "wave" of the phishing scam only went to customers from 5+ years ago. As we wanted to notify people asap, this is the information we were working on at the time. Subsequently we found out it was newer than this so sent a follow up email to everyone on our database. We now believe it was in fact a recent breach.
MrJingles705 - All passwords are encrypted so they would not be able to get this data, or even if they got the encrypted data, they would not be able to use it. However, it's never a bad thing to update passwords on a regular basis.
Durzel - We sent the warning email to everyone on our database to warn of the issue. We did not remove anyone as we believed it more important to notify everyone affected. However I can assure you all your data has been deleted from all our systems. You will not receive any more emails from us except in a response to any direct emails you send us.
I do hope the above clarifies the situation and answers your questions. However please do get in contact with us if you need any further information.
Kind regards
Pete
HIDS4U
Edited by brightwheels on Tuesday 12th September 14:54
Gassing Station | General Gassing | Top of Page | What's New | My Stuff