What Happened
As some of you are already aware, last night / early this morning, 3 accounts on the forum were compromised @QLR1 @GRFMotorsports @subysti2007. Using these accounts the scammer than proceeded to engage in several deals for Oakley items, receiving payments from several members primarily through PayPal Friends and Family. If you engaged in a deal last night with one of those members along these terms, you are unfortunately likely a victim. Please see the steps below we've outlined for what you can do to potentially receive your money back and how to protect yourself in the future.
As many of you have also pointed out, clearly this scammer was researched and prepared. They appear to have read the forum and knew what pairs to post / prices / values etc. This just means they were a better scammer than most and thats unfortunately why they were able to success (at least initially). As with anything on the internet there are varying levels of complexity.
How this Happened / What we are doing
1) We have already secured the accounts of the members, reverting their emails to the original accounts and resetting all passwords on their accounts. We have been in contact with 2 of 3 of the members @QLR1 and @GRFMotorsports already and confirmed with them they are in control. Since we have not heard from @subysti2007, we have restricted his account. However you should proceed with caution until the all clear is given.
2) We have investigated the logs and as of our initial investigation there is no evidence that the forum security was compromised at either the server or forum level. We already have confirmed that there has been no unauthorized access privileged server accounts/databases. However we are still proceeding to conduct a full database and site audit row by row to confirm our initial conclusion and ensure we are protecting the community. I will also note that in addition to SSL/HTTPS on the forum all passwords are stored hashed and encrypted, never in plain text. Meaning even our server team can never see your password.
3) So how did this happen? The scammer who gained access appears to have had access to either the comprised accounts password or underlying email addresses. This likely occurred due to a compromised password being reused across accounts. Over the years data breaches (Equifax, Target etc.) have leaked HUGE amounts of data online for scammers to buy/sell/use. Some never get used, some do. Scammers thrive on a password being used over and over again and it looks like this is that type of situation. We have already informed the affected accounts to reset their passwords across emails/any other similar accounts. But also see below for some tips we can all use to protect ourselves.
How to protect your accounts and security online
These tips are not just for the affected members but can be followed by everyone on any website.
1) Change your account password - This is an easy first step to confirm your account security and prevent any authorized access, should the scammer have additional passwords at their disposal. Which leads in to #2.
2) Use strong passwords and change them on a periodic basis/when you're alerted of a breach - Breaches do happen, and if they occur, by law you should be alerted. When you get one of those emails make sure to not just ignore it but change your password on any account its being used (not just the important ones like your bank). This incident is a great example of how a simple Oakley Forum account can still reap benefits for members
For strong passwords - check out this site: Strong Random Password Generator
3) Use 2 Factor Authentication - We offer 2FA on the forum under the Account Security option area. This means when you login, in addition to your password an addition token will be required. There are several options for getting this token including an App or Email. However this is just another layer of security, should you wish to use it.
4) Secure your email - An email account is the easiest way to gain access to tons of other accounts since a simple reset link lets a scammer set a new password, lock you out and change it to their email. Especially for emails, use a secure password and change it often!!
5) Beware of PayPal F&F!! I know we say this all the time and are a broken record but this is a clear example where scammers love F&F. 3% fees are not worth it. Yes these were trusted members and I do understand that but you don't ever really know who's on the other side of that keyboard. Especially in the coming days be very wary of any members trying to use F&F!!
What to do if you are a victim
1) File a dispute - As Mods have already suggested, reach out to your credit card company/bank and request a chargeback/file a dispute. You will likely need to wait for the charge to post before being able to do this so it may take 1-2 days.
2) Be wary of any similar requests in the coming days and be sure to keep an eye on any suspicious behavior. This person clearly knew Oakleys and our community. This scammer was prepared, and unfortunately it paid off. But we can be diligent and stop it from happening again.
If you are aware or suspicious of any other potentially compromised accounts, please reach out to me via PM. Happy to answer any questions here.
As some of you are already aware, last night / early this morning, 3 accounts on the forum were compromised @QLR1 @GRFMotorsports @subysti2007. Using these accounts the scammer than proceeded to engage in several deals for Oakley items, receiving payments from several members primarily through PayPal Friends and Family. If you engaged in a deal last night with one of those members along these terms, you are unfortunately likely a victim. Please see the steps below we've outlined for what you can do to potentially receive your money back and how to protect yourself in the future.
As many of you have also pointed out, clearly this scammer was researched and prepared. They appear to have read the forum and knew what pairs to post / prices / values etc. This just means they were a better scammer than most and thats unfortunately why they were able to success (at least initially). As with anything on the internet there are varying levels of complexity.
How this Happened / What we are doing
1) We have already secured the accounts of the members, reverting their emails to the original accounts and resetting all passwords on their accounts. We have been in contact with 2 of 3 of the members @QLR1 and @GRFMotorsports already and confirmed with them they are in control. Since we have not heard from @subysti2007, we have restricted his account. However you should proceed with caution until the all clear is given.
2) We have investigated the logs and as of our initial investigation there is no evidence that the forum security was compromised at either the server or forum level. We already have confirmed that there has been no unauthorized access privileged server accounts/databases. However we are still proceeding to conduct a full database and site audit row by row to confirm our initial conclusion and ensure we are protecting the community. I will also note that in addition to SSL/HTTPS on the forum all passwords are stored hashed and encrypted, never in plain text. Meaning even our server team can never see your password.
3) So how did this happen? The scammer who gained access appears to have had access to either the comprised accounts password or underlying email addresses. This likely occurred due to a compromised password being reused across accounts. Over the years data breaches (Equifax, Target etc.) have leaked HUGE amounts of data online for scammers to buy/sell/use. Some never get used, some do. Scammers thrive on a password being used over and over again and it looks like this is that type of situation. We have already informed the affected accounts to reset their passwords across emails/any other similar accounts. But also see below for some tips we can all use to protect ourselves.
How to protect your accounts and security online
These tips are not just for the affected members but can be followed by everyone on any website.
1) Change your account password - This is an easy first step to confirm your account security and prevent any authorized access, should the scammer have additional passwords at their disposal. Which leads in to #2.
2) Use strong passwords and change them on a periodic basis/when you're alerted of a breach - Breaches do happen, and if they occur, by law you should be alerted. When you get one of those emails make sure to not just ignore it but change your password on any account its being used (not just the important ones like your bank). This incident is a great example of how a simple Oakley Forum account can still reap benefits for members
For strong passwords - check out this site: Strong Random Password Generator
3) Use 2 Factor Authentication - We offer 2FA on the forum under the Account Security option area. This means when you login, in addition to your password an addition token will be required. There are several options for getting this token including an App or Email. However this is just another layer of security, should you wish to use it.
4) Secure your email - An email account is the easiest way to gain access to tons of other accounts since a simple reset link lets a scammer set a new password, lock you out and change it to their email. Especially for emails, use a secure password and change it often!!
5) Beware of PayPal F&F!! I know we say this all the time and are a broken record but this is a clear example where scammers love F&F. 3% fees are not worth it. Yes these were trusted members and I do understand that but you don't ever really know who's on the other side of that keyboard. Especially in the coming days be very wary of any members trying to use F&F!!
What to do if you are a victim
1) File a dispute - As Mods have already suggested, reach out to your credit card company/bank and request a chargeback/file a dispute. You will likely need to wait for the charge to post before being able to do this so it may take 1-2 days.
2) Be wary of any similar requests in the coming days and be sure to keep an eye on any suspicious behavior. This person clearly knew Oakleys and our community. This scammer was prepared, and unfortunately it paid off. But we can be diligent and stop it from happening again.
If you are aware or suspicious of any other potentially compromised accounts, please reach out to me via PM. Happy to answer any questions here.
Last edited:
