ANOTHER STOLEN POST PICTURE, WHAT IS HAPPENING ON HERE?

[Ucsdryder]

I always wonder how they get your password… Are you using a password that is "password"

 

[JAYgs8163]

My gunbroker accout was stolen and listings posted...still had my address on it when I got back in to it with money order as the only payment accepted. Some one had done a buy it now and when I contacted then to not send payment they had already paid with zelle... Gunbroker FINALLY got back to me on it and cancelled all of the other auctions after they had ended. I was able to get with everyone and explain what happened and helped the one that got scammed with emails back and forth with gunbroker for his bank, hope he got his money back. My lesson learned is to make passwords hard to guess/random and change them every once in a while

My GB ID was hijacked on Saturday also. Look at the screen shot below. I was able to grab this real quick before I got locked out. Had to shutdown all my credit cards associated with my GB acct. I am unable to login to GB and states my ID and Email are "Not associated" with any GB accounts. My name is J** Stu***. Look at the name that came up in my account when I logged in:


I saw that name and logged out and then tried to log back in and GB stated "no account associated with this ID or email." I emailed GB and have yet to hear back and I can't find any customer service #s either or fraud reporting link. Anyways, terrible service by GB and I'm afraid to even go back in as they tell me I need to join again. I've been using GB for over 15 years.

 

[Reelamin]

I can say people are amazing in their ignorance to stupidity. They want to throw money at things without a second thought. I have family members who don't blink just do no matter how much they are told and shown what not to do. Life is just way too **** easy in the USA for 80 percent of the population.

 

[CMP70306]

I always wonder how they get your password… Are you using a password that is "password"

Usually it's the same email and password are used on another site that got hacked so they know the password you used and simply try it at different places until it works.

 

[piute]

Automated Ads are easily tracked and make much of our information public. Many "secure web sites" are quite questionable.
Coincidence here, I think not! , my 2cnt's.

 

[SDPlinker]

I used to pretty much trust buying and selling here 100% in the past i recieved items by the time my payment probably actually arrived in their mailbox.
Times have defenitly changed lately.

Same here! Been getting progressively worse. Quite a few of the good folks have left and, well you know! There was a guy that popped up here that ripped me off 10 years ago, I have tracked him through 3 different states. Was unrelated to what we do here but when I was on to him he disappeared.

 

[SixDemonBag]

Usually it's the same email and password are used on another site that got hacked so they know the password you used and simply try it at different places until it works.

Not just this, personal email addresses, passwords, physical addresses associated with names and phone numbers are hacked from from low budget sites that can't afford proper cybersecurity protection. That data is then sold on the dark web.

A lot of people then get phished, (an email to urgently change their password) and then do so not realizing that the URL they clicked is really a link to the bad guy's server, the user "changes" the password then the hacker has the password and the hacker then changes it on the actual host website and then they own you until you find out later that you've been scammed. Most of your password management and reset is done via your email so that is the weak link. Multi-factor authentication (MFA)/Two factor authentication (TFA) helps prevent phishing that but it can be exploited if your TFA is your email!

I use a Yubikey for two factor authentication. YUBIKEY WEBSITE. Even if I get careless and click on the phishing link, the Yubikey (token from here on out) won't authenticate with the phisher's server or client because it isn't associated and the password reset request fails during the MFA/TFA process.

Yes it sucks having a hardware token for things at times but it beats getting hacked, credit card numbers stolen, your data on the dark web, identity theft, cats and dogs living together, etc.

Websites and applications that support Yubikey are HERE and growing

There are tons of articles out there on how to beef up your cyber-self security using tokens and it is probably worth reading into. These are mean times and the adversary is getting craftier every minute.

 

[Desert Demon]

Don't reuse the same password for anything. That's internet security 101. Too many people reuse the same password for everything—and the target (or name any other breech) gets hacked and simple data mining and brute force attempts will get into your accounts if you were lazy and used the same password.