Recent Events, Account Security and Protecting Yourself - Official Message

[OakleyBoss]

@OakleyBoss has any thought been put into proactively running your members emails and hashed credentials through a compromised account check? (Like SpyCloud)

Some common security practices when sites like this have had multiple compromises via Account Take Over — is to force password changes for your entire user base. That is onerous for sure, but perhaps a little bit of filtering, you can get a data centric list of all -potentially- compromised accounts??
—From that smaller data set, then you can force password changes, or force 2SV or OTP for those high risk accounts.

Thoughts?

For musing: The most secure system is a system that nobody can use

Great minds think alike! We ran through an initial exercise last week of identifying high-risk accounts (on a number of criteria and being purposefully vague for obvious reasons) and forcing a reset across all of them, a good amount went through. Will also look at running through a 3rd party service!

 

[TheDukeOfIce]

Great minds think alike! We ran through an initial exercise last week of identifying high-risk accounts (on a number of criteria and being purposefully vague for obvious reasons) and forcing a reset across all of them, a good amount went through. Will also look at running through a 3rd party service!

Great to hear! Thank you for the proactive work and protecting the community.

There is also some cool software for determining risk of accounts, stuff like logging in from a new IP, Captcha to break Cred Stuffing, others cool tricks that might help to bolster the defenses and monitoring.

Kudos for your public addressing and quick remediation steps! Very reassuring to see the work being put into the backend as well as informing the users of best practices.

 

[Atticus]

Can someone confirm if this thread was deleted?

 

[OakleyBoss]

What Happened

As some of you are already aware, last night / early this morning, 3 accounts on the forum were compromised @QLR1 @GRFMotorsports @subysti2007. Using these accounts the scammer than proceeded to engage in several deals for Oakley items, receiving payments from several members primarily through PayPal Friends and Family. If you engaged in a deal last night with one of those members along these terms, you are unfortunately likely a victim. Please see the steps below we've outlined for what you can do to potentially receive your money back and how to protect yourself in the future.

As many of you have also pointed out, clearly this scammer was researched and prepared. They appear to have read the forum and knew what pairs to post / prices / values etc. This just means they were a better scammer than most and thats unfortunately why they were able to success (at least initially). As with anything on the internet there are varying levels of complexity.

How this Happened / What we are doing
1) We have already secured the accounts of the members, reverting their emails to the original accounts and resetting all passwords on their accounts. We have been in contact with 2 of 3 of the members @QLR1 and @GRFMotorsports already and confirmed with them they are in control. Since we have not heard from @subysti2007, we have restricted his account. However you should proceed with caution until the all clear is given.

2) We have investigated the logs and as of our initial investigation there is no evidence that the forum security was compromised at either the server or forum level. We already have confirmed that there has been no unauthorized access privileged server accounts/databases. However we are still proceeding to conduct a full database and site audit row by row to confirm our initial conclusion and ensure we are protecting the community. I will also note that in addition to SSL/HTTPS on the forum all passwords are stored hashed and encrypted, never in plain text. Meaning even our server team can never see your password.

3) So how did this happen? The scammer who gained access appears to have had access to either the comprised accounts password or underlying email addresses. This likely occurred due to a compromised password being reused across accounts. Over the years data breaches (Equifax, Target etc.) have leaked HUGE amounts of data online for scammers to buy/sell/use. Some never get used, some do. Scammers thrive on a password being used over and over again and it looks like this is that type of situation. We have already informed the affected accounts to reset their passwords across emails/any other similar accounts. But also see below for some tips we can all use to protect ourselves.

How to protect your accounts and security online

These tips are not just for the affected members but can be followed by everyone on any website.

1) Change your account password - This is an easy first step to confirm your account security and prevent any authorized access, should the scammer have additional passwords at their disposal. Which leads in to #2.

2) Use strong passwords and change them on a periodic basis/when you're alerted of a breach - Breaches do happen, and if they occur, by law you should be alerted. When you get one of those emails make sure to not just ignore it but change your password on any account its being used (not just the important ones like your bank). This incident is a great example of how a simple Oakley Forum account can still reap benefits for members

For strong passwords - check out this site: Strong Random Password Generator

3) Use 2 Factor Authentication - We offer 2FA on the forum under the Account Security option area. This means when you login, in addition to your password an addition token will be required. There are several options for getting this token including an App or Email. However this is just another layer of security, should you wish to use it.

4) Secure your email - An email account is the easiest way to gain access to tons of other accounts since a simple reset link lets a scammer set a new password, lock you out and change it to their email. Especially for emails, use a secure password and change it often!!

5) Beware of PayPal F&F!! I know we say this all the time and are a broken record but this is a clear example where scammers love F&F. 3% fees are not worth it. Yes these were trusted members and I do understand that but you don't ever really know who's on the other side of that keyboard. Especially in the coming days be very wary of any members trying to use F&F!!

What to do if you are a victim

1) File a dispute - As Mods have already suggested, reach out to your credit card company/bank and request a chargeback/file a dispute. You will likely need to wait for the charge to post before being able to do this so it may take 1-2 days.

2) Be wary of any similar requests in the coming days and be sure to keep an eye on any suspicious behavior. This person clearly knew Oakleys and our community. This scammer was prepared, and unfortunately it paid off. But we can be diligent and stop it from happening again.

If you are aware or suspicious of any other potentially compromised accounts, please reach out to me via PM. Happy to answer any questions here.

Quoting this original guidance and reviving this thread for relevance. Additionally, we are working on strengthening the 2 Factor Authentication options to include text message and remove the email option.

 

[OakleyBoss]

All of those threads have been deleted - consolidated with the central thread on this to keep it all together.

 

[Walter Langkowski]

OFFICIAL PAYPAL.ME Iinks page for cross reference

In this thread I will attempt to compile a list of PayPal.me links for any user that wants to join this list pm me and I will add your link, this is intended to help other members varify that they are sending funds to the correct person incase of an account breach. I will verify each link to...

www.oakleyforum.com

 

[Wicked]

All of those threads have been deleted - consolidated with the central thread on this to keep it all together.

So no one knows what happened?

 

[TheStig]

So no one knows what happened?

Like the Alien Ship that crashed at Area 51

 

[OakleyBoss]

So no one knows what happened?

There are still logs of them for investigations, actions have also been taken against the IP, also tracked and correlated with any accounts effected. Purposefully being vague but appropriate actions are being taken.

 

[Wicked]

There are still logs of them for investigations, actions have also been taken against the IP, also tracked and correlated with any accounts effected. Purposefully being vague but appropriate actions are being taken.

That’s not what I meant.