Quidco security breach

billycasper_2

apologies if this is in the wrong place ..
I have just had an email from quidco who have informed me that someone hacked an e-mail account at quidco and accessed an archive of bank details. it would appear that it was just a list of accounts with no names or addresses attached.
would quidco be liable for any fraud on that account? and
is that possible if there are no names attached?

Thomas_Hardy

Has Quidco been negligent? Unlikely, these things happen all the time.

billycasper_2

negligent ???.. saving a list of bank accounts unsecured in an e-mail?..mmm

visidigi

did anyone else get an email about this apart from the OP? Seems strangely open in detail to be honest - I'm a member, but no sign of any email in my inbox...

billycasper_2

The e-mail was sent to me and approx 100 other people and relates to accounts when quidco first opened.
strangely open ??? Is that me or quidco?
quidco first sent a generic email about a breach. On further questioning they admitted bank details were compromised but as yet i am waiting for confirmation that no other details were compromised with it..
it would appear that a founding member of quidco had his email hacked. ..
i would guess you have been lucky if you have not received the e-mail..

Dear Member,

We have reason to believe that an individual, separate to our company, has obtained information relating to your Quidco account.

This individual cannot use the information obtained in any way and no action needs to be taken on your part. Regardless of this, we are taking the incident very seriously and a criminal investigation into this matter is under way.

Data protection is an issue we take extremely seriously. Personal information held by us is stored in a way that is compliant with standards demanded of us by regulatory bodies.

We would like to apologise for any concern this may cause you, whilst reassuring you no action is required on your part. If you have any questions regarding this, please contact us by replying direct on this ticket. We will be happy to answer any questions you have on this matter.

Kind regards,

Dominic Butterell
Customer Operations Director

Slowhand

visidigi wrote: »

did anyone else get an email about this apart from the OP? Seems strangely open in detail to be honest - I'm a member, but no sign of any email in my inbox...

Nothing here either.

dalesrider

billycasper wrote: »

would quidco be liable for any fraud on that account? and
is that possible if there are no names attached?

If you are talking about your bank account then NO Quidco would not be liable.
That is for your bank to deal with.
Unless you have a card set up for instore purchase, then the only fraud would be DD or S/O.
Both of which can be claimed back with no issues via your bank.

billycasper_2

thank you. dalerider. luckily the account is an old savings account so any dd would be rejected..
at least i think it was an old savings account. still waiting on details

visidigi

billycasper wrote: »

The e-mail was sent to me and approx 100 other people and relates to accounts when quidco first opened.
strangely open ??? Is that me or quidco?
quidco first sent a generic email about a breach. On further questioning they admitted bank details were compromised but as yet i am waiting for confirmation that no other details were compromised with it..
it would appear that a founding member of quidco had his email hacked. ..
i would guess you have been lucky if you have not received the e-mail..

Dear Member,

We have reason to believe that an individual, separate to our company, has obtained information relating to your Quidco account.

This individual cannot use the information obtained in any way and no action needs to be taken on your part. Regardless of this, we are taking the incident very seriously and a criminal investigation into this matter is under way.

Data protection is an issue we take extremely seriously. Personal information held by us is stored in a way that is compliant with standards demanded of us by regulatory bodies.

We would like to apologise for any concern this may cause you, whilst reassuring you no action is required on your part. If you have any questions regarding this, please contact us by replying direct on this ticket. We will be happy to answer any questions you have on this matter.

Kind regards,

Dominic Butterell
Customer Operations Director

The email you've quoted doesn't say what you're saying in the opening post. Thats what I mean about strangely open - the opening post contains details which no self respecting PR or press office would release.

Where are you getting the information its bank accounts etc which have been compromised?

billycasper_2

if you READ the post it says quidco FIRST sent a generic e-mail and on FURTHER questioning admitted what details had been compromised..
they aren't going to lie and so told me everything. I would post the next 6 e-mails between us but it would be awfully long.

dsu

This would appear to link to the ongoing HUKD security crisis and all the stuff being exposed on dealselecta. There is currently a members only thread on quidco and quite a few on HUKD in the public forum.

Sorry I cannot post links but look on the website dealselecta dot com for the following threads in bold!

Dealselecta HotUKDeals-Exposed---Part-III

_Dealselecta_Admin wrote:

They don't appear to give a damn about HUKD personal data, hence why it's not surprise I'm looking at a quidco bacs payment run file right now.

This identifies account/sort code/name and amounts. - A dark day for quidco beckons!

I dont know if the admin at dealselecta was passed this Quidco information or found it himself. You would hope the latter as he is generally a whiteknight good guy who is just a disgruntled ex-employee of HUKD and nothing too sinister. However, quidco seem to think there are criminals at large.



If you are interested in your data security and also the honesty of the Nikkel empire (HUKD/quidco etc), there is plenty to read on dealselecta.


Dealselecta - HUKD.ie / hotukdeals data breach almighty **** up thread:
User names and easily decryptable passwords for most the admin team and some leaked by a developer error. All available on google cache for sometime.

Dealselecta - HUKD - Compromised Yet Again
2nd Major Public security breach. Basically, complete negligence let someone log into the admin account and access everything! The same hack was used for a few days after.

HUKD twitter accounts and internal Skype accounts have been hacked and details on dealselecta.

Dealselecta - HotUKDeals Exposed - Part II - Placement of Deals and Relationships
All about less than honest deals, spam culture and (now confirmed) moderators using multiple accounts to post deals, vote them hot and place positive comments to bump threads

Dealselecta - Hotukdeals Exposed Part III -
"Allegations and evidence of Data Abuse" used to harass ordinary members

Dealselecta - Hotukdeals Exposed Part I -
a bit noisey but more on dishonesty, mod multis and some really nasty backroom !!!!!ing from staff.

You can try discussing some of this stuff with quidco and hotukdeals. However, I saw flat denials with the former and mass thread deletions and banning with the latter.

As always twitter seems to force some respose..

e.g. March 1st BEFORE the current leak

Keith Tan ‏@KeithLTan 1 Mar
@quidco Are there any concerns for data security at Quidco? HUKD has been compromised due to developer errors. You used the same developer ?

Quidco ‏@quidco 1 Mar
@KeithLTan There's no need for concern at all. We do not have anything linked with HUKD, the rumors were started by a troll. Sorry!

So they dismiss what now seems to be totally legitimate concerns as trolling!

I'm just a concerned ordinary user of quidco/hukd/dealselecta/ and i guess now MSE! Forgive me if I do have another account but I cannot seem to find or remember it. Sorry again for no links or pictures