Author Topic: CHANGE YOUR PASSWORD! DDF Account Hackers Buying/Selling Gift Cards! (Read 12752 times)

jj1000 · « **on:** August 25, 2023, 06:57:31 PM »

Update: Now 4 accounts have been hacked and one user is out $400 from this scam, all users should change their passwords to something more secure.

2 large DDF accounts have been hacked and the hacker is buying and selling gift cards.

The two that we are aware of are @jewdkoff & @yitzyul

We have reset those account passwords.

And we will work on upgrading password requirements on new DDF accounts.

But PSA, please update your passwords to something complex so it doesn't get hacked and abused.

Alexsei · « **Reply #1 on:** August 25, 2023, 07:15:26 PM »

How do they hack? Data breach or vulnerability?

Davidthebest · « **Reply #2 on:** August 25, 2023, 07:16:44 PM »

Quote from: jj1000 on August 25, 2023, 06:57:31 PM

2 large DDF accounts have been hacked and the hacker is buying and selling gift cards.

The two that we are aware of are @jewdkoff & @yitzyul

We have reset those account passwords.

And we will work on upgrading password requirements on new DDF accounts.

But PSA, please update your passwords to something complex so it doesn't get hacked and abused.

Did someone fell a victim in terms of being robbed ?

jj1000 · « **Reply #3 on:** August 25, 2023, 07:36:06 PM »

Quote from: Alexsei on August 25, 2023, 07:15:26 PM

How do they hack? Data breach or vulnerability?

Unknown.

Quote from: Davidthebest on August 25, 2023, 07:16:44 PM

Did someone fell a victim in terms of being robbed ?

Yea

One user is out $400.

Dan · « **Reply #4 on:** August 25, 2023, 07:42:22 PM »

Quote from: Alexsei on August 25, 2023, 07:15:26 PM

How do they hack? Data breach or vulnerability?

I'd assume username/email/passwords that are easily available all over the deep web.
Nothing to indicate any sort of widespread breach or vulnerability.

CountValentine · « **Reply #5 on:** August 26, 2023, 01:41:22 PM »

Does DDF monitor failed logins to combat brute force attempts?

yfr bachur · « **Reply #6 on:** August 26, 2023, 02:16:57 PM »

Quote from: CountValentine on August 26, 2023, 01:41:22 PM

Does DDF monitor failed logins to combat brute force attempts?

Only on DDF does 24/6 mean 24/5/half/half

Moshe Green · « **Reply #7 on:** August 26, 2023, 03:40:26 PM »

Selling $250 Best Buy gift cards for $200. PM me for bit address.

AMH · « **Reply #8 on:** August 26, 2023, 08:55:46 PM »

Wow was actually thinking of buying

Thanks @jj1000

JMHO · « **Reply #9 on:** August 26, 2023, 09:23:13 PM »

Quote from: Moshe Green on August 26, 2023, 03:40:26 PM

Selling $250 Best Buy gift cards for $200. PM me for bit address.

Please post here:
https://forums.dansdeals.com/index.php?topic=57906.new#new

Definitions · « **Reply #10 on:** August 26, 2023, 09:34:25 PM »

You should pin this to the goods for sale board

myb821 · « **Reply #11 on:** August 26, 2023, 09:38:08 PM »

Quote from: Dan on August 25, 2023, 07:42:22 PM

I'd assume username/email/passwords that are easily available all over the deep web.
Nothing to indicate any sort of widespread breach or vulnerability.

My account was one that was hacked and I would guess this was it. I had a very simple password that has been my password on DDF since day 1 and was a simple password I used for a bunch of things back in the day.

yelped · « **Reply #12 on:** August 26, 2023, 10:40:59 PM »

Can we implement 2FA (preferably using TOTP) here easily?

Dan · « **Reply #13 on:** August 26, 2023, 10:50:13 PM »

Quote from: yelped on August 26, 2023, 10:40:59 PM

Can we implement 2FA (preferably using TOTP) here easily?

I think so, but should we do that or attempt to reset everyone's passwords?

yelped · « **Reply #14 on:** August 26, 2023, 11:08:37 PM »

Quote from: Dan on August 26, 2023, 10:50:13 PM

I think so, but should we do that or attempt to reset everyone's passwords?

Did the hacker change the email address on file for each account they hacked? If so, can be pretty annoying to get back in. You should have everyone reset to a stronger password (at least 10 characters, 3 out of the following 4: uppercase, lowercase, digit, and/or special character, stress the importance of not reusing passwords and using random characters or pass phrases if you don't want to use a password manager).

2FA (not to email or phone) is a much better protection in the real world.

flyingace · « **Reply #15 on:** August 26, 2023, 11:25:09 PM »

I no longer use my original email due to it being hacked. How can I reset my password?

herb · « **Reply #16 on:** August 27, 2023, 01:11:38 AM »

Wow! I almost bought as well! So scary because I always try to do some basic checking before buying and everything about his account checks off

lcm · « **Reply #17 on:** August 27, 2023, 01:16:48 AM »

Err, I use tapa mainly.
Direct link to change password?

jye · « **Reply #18 on:** August 27, 2023, 03:39:05 AM »

This should be stickies on the buy/sell thread

myi · « **Reply #19 on:** August 27, 2023, 05:05:59 AM »

Quote from: herb on August 27, 2023, 01:11:38 AM

Wow! I almost bought as well! So scary because I always try to do some basic checking before buying and everything about his account checks off

Hence for the reason I always advise members to reach out via whatsapp and get a sense for the guy who I'm buying from. (Yes the hacker can have whatsapp as well. But I dought they'll know which area code is being used. Prob come with some Indian area code. Lol.
And over time I accumulated many members phone numbers. So should the same account offer to message me from a different number. That's already a red flag.

Also when sending money I always look to see the name and see if things match up properly.
Nothing is full proof. You got to just be extra cautious.

Topic Wiki

Author Topic: CHANGE YOUR PASSWORD! DDF Account Hackers Buying/Selling Gift Cards! (Read 12752 times)