Forum Feedback How are account hacking still happening?

Status
Not open for further replies.
iPwnz

iPwnz

Brutally Honest
Keymaster
I just came across this FS thread by Ayaskant. I've personally never dealt with him before but I know that he's a regular here with lots of sales.
Anyway the immediate red flag to me is not the lack of gpuz screenshot but the background. Notice how the background images are different? There was absolutely no need to do this if it was a legit deal. I speak from the experience of having been scammed in a similar way. Seller used different background to show me a working product and there was no id on paper in the images (though this rule/caution is easy to bypass if you have an aide with the same product to help you) and I was desperate and in a hurry to buy it. I remember advising and warning other members many months ago to be careful about this (my post should be there somewhere). And the exact thing happened in this thread. As for the image which has the id on paper the box could be empty for all we know. I say "could" because we don't have proof that it has the gpu.
ayaskant scammed.png

This is the second time I've come across a fishy FS thread this week. I've reported the first one which also was for a gpu. The post didn't have a gpuz screenshot and seller didn't give any sort of warranty. This is not only fishy but also unacceptable.

Anyway, didn't the forum take measures after the past incidents? Like changing password and the 2FA? How are the accounts still getting compromised and what steps will be taken to prevent this in the future?
 
  • Like
Reactions: avinandan012, distroquerim, Kaleen Bhaiya and 5 others
Is it possible to make 2fa(even just email 2fa) mandatory if user wants to participate in sale/trade forums.
Many users don't ever participate in buy/sell/trade part of the website, they shouldn't have much issue(ideally 2fa for everyone).

Also, is it possible to send email alerts if new unknown login is detected? (Not sure if such a system is in place)
 
  • Like
Reactions: DrkLord
2FA has been enabled for quite some time now, although it is not mandatory. Admin has been alerted about the same, and he'll see if it can be made mandatory. I'm not sure what else can be done from the backend, so will wait for @renegade to respond.
 
  • Like
Reactions: ibose, DrkLord and D C
iPwnz said:
I just came across this FS thread by Ayaskant. I've personally never dealt with him before but I know that he's a regular here with lots of sales.
Anyway the immediate red flag to me is not the lack of gpuz screenshot but the background. Notice how the background images are different? There was absolutely no need to do this if it was a legit deal. I speak from the experience of having been scammed in a similar way. Seller used different background to show me a working product and there was no id on paper in the images (though this rule/caution is easy to bypass if you have an aide with the same product to help you) and I was desperate and in a hurry to buy it. I remember advising and warning other members many months ago to be careful about this (my post should be there somewhere). And the exact thing happened in this thread. As for the image which has the id on paper the box could be empty for all we know. I say "could" because we don't have proof that it has the gpu.
View attachment 124775
This is the second time I've come across a fishy FS thread this week. I've reported the first one which also was for a gpu. The post didn't have a gpuz screenshot and seller didn't give any sort of warranty. This is not only fishy but also unacceptable.

Anyway, didn't the forum take measures after the past incidents? Like changing password and the 2FA? How are the accounts still getting compromised and what steps will be taken to prevent this in the future?
Click to expand...
Thanks for the analysis of the image dude. Proactive users like you and others who commented on the aforementioned sale thread are very important for the fight against fraud.
 
  • Like
Reactions: Kaleen Bhaiya, tommy_vercetti, enthusiast29 and 1 other person
Got banner message regarding enabling 2fa. Thank you mods/admins.

If possible, do add a message 'Use unique password if possible, avoid reusing passwords. Change password if reused, for better security'
 
  • Like
Reactions: DrkLord
I had enabled 2FA when this had happened last time. Maybe a lot of people didn't see that thread, so didn't enable it till now. The banner will help make people aware and do the needful this time.
 
  • Like
Reactions: DrkLord
There seems to be a 30 day login expiration, right? Can this be removed so that I don't have to relogin from the same device every month?
 
I mean does it expire after 30 days of inactivity or 30 days regardless? I prefer the former if possible. Yes I'm lazy.
 
vishalrao said:
I mean does it expire after 30 days of inactivity or 30 days regardless? I prefer the former if possible. Yes I'm lazy.
Click to expand...
It's the latter. It's a way to sort of prevent session hijacking.
Many applications using Oauth2 keep session refresh tokens to re-create a fresh session if and when needed. Such as when auth token is invalidated. Idk if they're using the same thing but perhaps not that's why you need to login again after 30 days.

In any case it is an additional benefit over MFA.
 
  • Like
Reactions: vishalrao and D C
Thanks for being proactive @iPwnz I was going through his thread and knew ayaskant as being an old timer here. But didn't knew why his thread was closed. Guess, this msg here filled up the gap.
 
KnightstarK said:
Might be overkill, but after the NVIDIA FE 3060Ti incident last night, I'd be in favor of 2FA before EVERY "For Sale" post.
Click to expand...
I like this suggestion. Just hope your phone number/email also doesn't get hacked lol. Also sounds simple enough to implement.
 
  • Like
Reactions: sanjeevram
Status
Not open for further replies.
Top Bottom