geekhack
geekhack Community => Off Topic => Topic started by: merlin64 on Tue, 19 September 2017, 13:35:27
-
tl;dr: My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours.
With SA Oblivion currently running, I decided to jump in, unfortunately I wasn't able to access my account due to my email address no longer accessing a MassDrop account.
I checked my email history and saw that in early September, I received two emails from Massdrop saying that my email was changed. A corresponding password change email was sent to me as well.
The email it was changed to was: vladsevostyanov3@gmail.com
I contacted MassDrop last week and have since gotten in touch with a representative. As of this post, I have still not received access to my account with the same email.
Fortunately, I discovered that my phone is perpetually logged into my MassDrop account. I was able to access my old account through it and noticed that in account settings, a "NEW" address was added. It used my same exact name, but the address was:
600 Markley St, Port Reading, NJ 07064
Google search reveals this to be involved in other related "scams":
https://community.ebay.com/t5/Member-To-Member-Support/600-Markley-St-Port-Reading-NJ-07064-1813/qaq-p/26047898
It's also about 11 miles from the MassDrop New Jersey fulfillment center lol.
Some quick research from that location reveals it to be Meest America Inc. They are apparently a "delivery/fulfillment service".
http://meest.us/pro_nas.html
I suppose I could give them a call and give them a "friendly" but stern talking to lol.
Regardless, if this turns out to be a legit business that MassDrop is partnering with, I see no reason why my account settings were tampered with. I can possibly understand an address change to facilitate "faster delivery", but changing my email reeks of scam.
Anyway I would highly recommend everyone who is in the MassDrop ecosystem to just check their account. Verify things are as it should be, and please change your password if it's a fairly weak one.
For more info on Meest, please checkout the podcast by Reply All: https://gimletmedia.com/episode/99-black-hole-new-jersey/
-
OMG... Not another one..
how do i delete account.. is there an account delete ?
I hope it's not the situation where some disgruntled massdrop buyer paid for hackers on dat dark net.
hahahaha
/Rembr r00tworm
/Ripster did it
hahahaha Just kiddn' guys
-
tp4, no it was those hot russian females who hacked me.
-
tp4, no it was those hot russian females who hacked me.
hahahaha, I was just kidding....
-
tp4, no it was those hot russian females who hacked me.
tp4 rushes to setup Massdrop account with really obvious password.
-
tp4, no it was those hot russian females who hacked me.
tp4 rushes to setup Massdrop account with really obvious password.
the password is..
iloveergodox10000
-
tp4, no it was those hot russian females who hacked me.
tp4 rushes to setup Massdrop account with really obvious password.
the password is..
iloveergodox10000
more like tpvegan4lifelol
-
My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours...
Sorry to hear about that. When this happens to friends, though, my first question is, "Did you use a plain-English, or otherwise simple password, that was easy for hacker bots to guess?" If so, you may want to look at that rather than any security lapse at MD.
Personally, whenever I need a new password, I use Steve Gibson's Secure Password Generator (https://www.grc.com/passwords.htm). It creates unique strings of random text in three formats (depending on each site's requirements) where you can copy and use strings of as many characters as you wish. I also then always add a prefix or suffix of a few characters I've memorized (e.g. part of a significant name or address), so my password manager (or browser, etc.) doesn't even contain them in their entirety.
-
My massdrop account was hacked. Email, password and address changed. Might be a good idea to check yours...
Sorry to hear about that. When this happens to friends, though, my first question is, "Did you use a plain-English, or otherwise simple password, that was easy for hacker bots to guess?" If so, you may want to look at that rather than any security lapse at MD.
Personally, whenever I need a new password, I use Steve Gibson's Secure Password Generator (https://www.grc.com/passwords.htm). It creates unique strings of random text in three formats (depending on each site's requirements) where you can copy and use strings of as many characters as you wish. I also then always add a prefix or suffix of a few characters I've memorized (e.g. part of a significant name or address), so my password manager (or browser, etc.) doesn't even contain them in their entirety.
I normally have a 10 character password consisting of lower case and upper case letters, with symbols and numbers mixed in. I admit I was lax on my Massdrop account as I only used an 8 character password. When I signed up I was only evaluating Massdrop and never intended to get deep into the hobby.