PSA: Massdrop account hacked, please check yours

[merlin64]

tl;dr: My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours.

With SA Oblivion currently running, I decided to jump in, unfortunately I wasn't able to access my account due to my email address no longer accessing a MassDrop account.

I checked my email history and saw that in early September, I received two emails from Massdrop saying that my email was changed. A corresponding password change email was sent to me as well.

The email it was changed to was: vladsevostyanov3@gmail.com

I contacted MassDrop last week and have since gotten in touch with a representative. As of this post, I have still not received access to my account with the same email.

Fortunately, I discovered that my phone is perpetually logged into my MassDrop account. I was able to access my old account through it and noticed that in account settings, a "NEW" address was added. It used my same exact name, but the address was:

600 Markley St, Port Reading, NJ 07064

Google search reveals this to be involved in other related "scams":

https://community.ebay.com/t5/Member-To-Member-Support/600-Markley-St-Port-Reading-NJ-07064-1813/qaq-p/26047898

It's also about 11 miles from the MassDrop New Jersey fulfillment center lol.

Some quick research from that location reveals it to be Meest America Inc. They are apparently a "delivery/fulfillment service".

http://meest.us/pro_nas.html

I suppose I could give them a call and give them a "friendly" but stern talking to lol.

Regardless, if this turns out to be a legit business that MassDrop is partnering with, I see no reason why my account settings were tampered with. I can possibly understand an address change to facilitate "faster delivery", but changing my email reeks of scam.

Anyway I would highly recommend everyone who is in the MassDrop ecosystem to just check their account. Verify things are as it should be, and please change your password if it's a fairly weak one.

For more info on Meest, please checkout the podcast by Reply All: https://gimletmedia.com/episode/99-black-hole-new-jersey/

[tp4tissue]

OMG... Not another one..

how do i delete account.. is there an account delete ?

I hope it's not the situation where some disgruntled massdrop buyer paid for hackers on dat dark net.

hahahaha

/Rembr r00tworm
/Ripster did it

hahahaha   Just kiddn' guys

[merlin64]

tp4, no it was those hot russian females who hacked me.

[tp4tissue]

tp4, no it was those hot russian females who hacked me.

hahahaha,  I was just kidding....

[rowdy]

tp4, no it was those hot russian females who hacked me.

tp4 rushes to setup Massdrop account with really obvious password.

[tp4tissue]

tp4, no it was those hot russian females who hacked me.

tp4 rushes to setup Massdrop account with really obvious password.

the password is..

iloveergodox10000

[jonathanyu]

tp4, no it was those hot russian females who hacked me.

tp4 rushes to setup Massdrop account with really obvious password.

the password is..

iloveergodox10000

more like tpvegan4lifelol

[ander]

My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours...

Sorry to hear about that. When this happens to friends, though, my first question is, "Did you use a plain-English, or otherwise simple password, that was easy for hacker bots to guess?" If so, you may want to look at that rather than any security lapse at MD.

Personally, whenever I need a new password, I use Steve Gibson's Secure Password Generator. It creates unique strings of random text in three formats (depending on each site's requirements) where you can copy and use strings of as many characters as you wish. I also then always add a prefix or suffix of a few characters I've memorized (e.g. part of a significant name or address), so my password manager (or browser, etc.) doesn't even contain them in their entirety.

[merlin64]

My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours...

Sorry to hear about that. When this happens to friends, though, my first question is, "Did you use a plain-English, or otherwise simple password, that was easy for hacker bots to guess?" If so, you may want to look at that rather than any security lapse at MD.

Personally, whenever I need a new password, I use Steve Gibson's Secure Password Generator. It creates unique strings of random text in three formats (depending on each site's requirements) where you can copy and use strings of as many characters as you wish. I also then always add a prefix or suffix of a few characters I've memorized (e.g. part of a significant name or address), so my password manager (or browser, etc.) doesn't even contain them in their entirety.

I normally have a 10 character password consisting of lower case and upper case letters, with symbols and numbers mixed in. I admit I was lax on my Massdrop account as I only used an 8 character password. When I signed up I was only evaluating Massdrop and never intended to get deep into the hobby.