Market section - scams with compromised accounts

ryanrulez4ever said:
i doubt if the TE DB itself was compromised,...
Click to expand...
Still, truly hope the passwords here are stored hashed/salted and not as plain text.

codelad said:
Still, truly hope the passwords here are stored hashed/salted and not as plain text.
Click to expand...
On a similar note, could any of the mods clarify as to whether there is any data retention policy w.r.t. private conversations here? Concerned about this, since conversations may include transactional (and possibly confidential) data. And especially concerned, since these conversations appear undeletable.

As someone who is paranoid in the best of times, afraid these recent happenings have put me on edge.
 
Mods have enabled mod approvals before posting FS threads.
Still I would suggest restrict members from posting more than 2 FS sales per month for next few months to curb such practices.

A Market Lockdown is required when people are getting duped for GPU specific sales due to GPU shortages globally and criminals taking undue advantage.

A word of caution! Dont even fall for unreal prices be it any component. Discuss or better let go the deal rather than suffering later. In these tough covid times, money is dear for family and emergencies while technology can always wait..
 
Last edited:
Could it have been some kind of an inside job? I mean some member from our forum itself who somehow managed to get hands on a few TE credentials..
Since they knew how to post sale threads with username pic n all
 
goDofWar_skr said:
Could it have been some kind of an inside job? I mean some member from our forum itself who somehow managed to get hands on a few TE credentials..
Click to expand...
It could have been plausible but the fact a mod's account was compromised makes me think otherwise.

One can just read the rules and see couple of open sale threads to figure out how to add photos with usernames and all.
 
goDofWar_skr said:
Could it have been some kind of an inside job? I mean some member from our forum itself who somehow managed to get hands on a few TE credentials..
Since they knew how to post sale threads with username pic n all
Click to expand...
If any Mod was trying to scam, I'm sure he would have been much more successful at it ;)
 
xkcd0137 said:
WOW! WTF!!

@shallg mate, I am sure this was the same guy who tried to dupe me. Kindly share his account details publicly. Hope you get your money back, mate.

I don't think its safe at all to buy a used GPU from the used market now unless mods do their due diligence before approving the thread, but then even some mod accounts have been compromised!!
Click to expand...
Fruadent upi 8881501467@paytm
 
shallg said:
Switch off
Click to expand...
Seems it was switched on around 5pm
Screenshot_20210416-174016_Brave.png
 
xkcd0137 said:
Have you tried calling on this number?

Are these same people or different people??
This IFSC is of SBI branch in Reddiarpalayam, Pondicherry.
Click to expand...
My guy said the phone is out of order. And make payment using Paypal.
Which did remove some of the red flags
 
iPwnz said:
So why is startekselva still banned but amandeep unbanned?
Click to expand...
Coz I got busy :bookworm: Done now.
vishalrao said:
Mods @Renegade please also check forum software xenforo for any reported bugs? I am concerned this is a data leak like what we recently saw with some major sites.
Click to expand...
There is no data leak on TechEnclave. Even if it were, the passwords cannot be read by anyone. They are bcrypt hashed and stored in DB. Only admins can change anyone's password but even they cannot read it. I am the only admin who has logged into the forum in last few years and I use 2FA.

Also there is no evidence that a xenforo forum has ever been hacked before. Not because of the forum software vulnerability anyway. On the server side we follow standard best practices to restrict network traffic and use security hardened operating system images and security patches. Not saying that it can't be hacked, just that all precautions do get taken.

I believe data leaks are mostly inside jobs.
 
Last edited:
Renegade said:
Coz I got busy :bookworm: Done now.

There is no data leak on TechEnclave. Even if it were, the passwords cannot be read by anyone. They are bcrypt hashed and stored in DB. Only admins can change anyone's password but even they cannot read it. I am the only admin who has logged into the forum in last few years and I use 2FA.

Also there is no evidence that a xenforo forum has ever been hacked before. Not because of the forum software vulnerability anyway.
Click to expand...
So did you get to know what was the reason for the compromise of accounts of a staff member and some members with good number of positive feedbacks? ..or the investigation is still ongoing?
 
iPwnz said:
So why is startekselva still banned but amandeep unbanned?
Click to expand...
Being a victim I want it answered from a staff member. After all to the best of my knowledge I was dealing with Amandeep. And a staff member did not come out saying that the deal is legit. So a hacker or no hacker is still under question. Unless the staff knows something we don't.
 
@xkcd0137 - Someone logged into the account, then changed the email ID, then verified the new email ID and then changed the password. Same MO for all the compromised accounts. Nothing more to investigate.
 
So how did Amandeep regained access to his account at 11pm, i.e. 3hrs after the incident? Saying "good job bro you did not fall for their fake sale thread" ? I'm not saying he is guilty just yet. But again it all should be logical. I mean he was able to regain access to his account with changed passwords and changed email to verify within hours of the incident.
 
Back
Top