We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Consumer Action Group Hacked!
Options
Comments
-
I wouldn't waste your energy on it, OP. I had the same thing with the site Cable Forum and even though at least a dozen people reported the exact same thing they refused to admit their site had been hacked (even though they actually had been hacked in the past and had malware put onto their site).
Anorhter CF user posted this about it: Cable Forum0 -
I wouldn't waste your energy on it, OP. I had the same thing with the site Cable Forum and even though at least a dozen people reported the exact same thing they refused to admit their site had been hacked (even though they actually had been hacked in the past and had malware put onto their site).
Another CF user posted this about it: Cable Forum
The point I am trying to make with CAG and LB is that we know it's happening so why not warn members that it has been done or when they are made aware that it has been done. Frankly it undermines their integrity when they act in a similar fashion as Companies who screw up and try to avoid the responsibility. Somehow it's not the same as an elephant in a room but one that has been squeezed into a mini with the driver saying I have plenty of legroom.0 -
I think you will find that CAG did own up to a breach some months ago. They published it on their website whilst they were still considering whether they had been breached or not and then e-mailed caggers once they were certain. Maybe you missed their e-mail because it ended up in your spam box?
Of course there is always a possibility they have suffered another breach since then, I don't know. All I know is I received a couple of e-mails some months ago and have since changed my e-mail address on CAG and received no more.
You can complain to the ICO of course. I am not sure what the legislation says on leaks where the individual whose data that has been leaked cannot be identified from that data, but I suspect that the individual would have to be identifiable from that data in order for a complaint under the Data Protection Act to succeed.
Unfortunately, we live in an imperfect world and even with the best of intentions and correctly implementing recognised security methods, breaches can still occur.
Bulletin board software is prone to hacks and forum owners cannot really be held to blame for fundamental flaws in the software they purchase and implement in good faith.
I trust that you don't use the same password on CAG as you do on other websites and that you choose a suitably complex password that cannot be cracked from the MD5 hash that CAG uses to store your password?
I would also hope you considered other possibilities on how your email address has been obtained? Logins to CAG are not under any secure HTTPS protocol so your email address could have been stolen that way.
I would agree that my experience with CAG was not a pleasant one but I have learnt from that experience and taken extra measures to protect myself and my data.
I no longer use my own domain for e-mail addresses on web forums following the CAG breach but now use a free web-based e-mail service that offers disposable addresses, two-factor security for logins and encrypted HTTPS access. I use random characters in the email address, that in no way identify me or my username.
I never complained to the ICO about any breach at CAG but I do have a complaint with the ICO at the moment - for a barristers chambers where neither the chambers nor the barristers within it are registered under the Data Protection Act. Those barristers are working with persons currently charged with a multi-million pound fraud when they worked at a soclitors practice. They have obtained personal documents, such as bank account statements, passports, credit card details etc etc.
Now I will expect the ICO to take action on that. By comparison, your small problem with CAG is just that, tiny.0 -
Not quite a real life lol but the quoted replies by Conniff on the first page did earn a snort.0
-
I have had a similar problem. I have my own domain name which allows limitless email addresses and just like Paul Varjak I have just had a series of phishing emails with a virus file attached sent to my unique CAG email address. I informed them of this via their online contact form upon receiving the 3rd email. I got no reply or acknowledgement.
So after a couple of days and upon receiving a 4th email with a virus I decided to start following thread.
" Hi There
I have had a number of phishing emails with virus file attachments sent to me in the last couple of weeks (4 in total so far). This is not unusual in this day and age you say but, and this is important, they are only being sent to my unique CAG email address.
Now this is a concern but it is not unusual that email addresses are leaked by workers or people who have access to the database, including hackers. I have had my details leaked by at least 2 financial institutions and I suspect the FSA and or COLP to boot as they were given a unique address that somehow my personal details, with the unique email addresses got into the hands of [problem]mers (why is an anagram of sacmmers or specifically sacm a problem?) organisations. I actually found out who the culprit was from Saxo bank. It was one of their former marketing managers and I got emails from every company he made his way through over the next 3 years before it got sold to a number of different target lists for overt [problem]mers.
I note that even CAG is not immune to the [problem]mers as there is a company calling themselves Reclaim the Right ltd has been doing the rounds with sient and [problem] calls in recent years. The virus emails, which all seem to be the standard delivery or missed delivery notice, in my case Amazon LOL are the cover to try and push through the virus files.
So beware and may I suggest that people with a point to raise should consider buying their own domain or sub domain and get an email service from a provider and mail client software. This way you too can issue unique email addresses to your various internet accounts and will find out who is leaking your details. This type of personal security allows you to verify who is sending emails to you and if there is a leak, you will have the evidence to prove where the leak originated"
At first one of the site team Conniff posted a reply stating that the issue was with a random blanket attack using smiff1 smiff2 etc. It was just what I considered as a patronising blow off.
So when I tried to reply I found that the thread was yanked by Conniff. I was obviously not happy with this or the fact that it had been pulled just as they had placed a dismissive reply and I had not been contacted by CAG regarding my complaint or that it is apparent that something had gone very wrong. This along with the fact that my details on the CAG website were used in this attempted multiple attack. I was and I am still annoyed because these details are something that should be secure and they were given in good faith and trust. Keeping this in mind this is what ensued.
From : Conniff
To : mdfrance
Date : 2013-10-01 11:37
Title : Email addresses and Phishing
Good Morning,
You thread has made allegations that staff have 'leaked' unique email addresses.
I will send your thread up to the administrator so they can comment.
In the meantime, I have unapproved your post.
Regards
Conniff
Site Team
================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 12:09
Title : Re: Email addresses and Phishing
With all due respect it could have been stolen though hacking from your server or that of a partner who has been given the mailing list. Which also means it was sold or stolen by from them. I find it surprising that you have chosen to unapprove the thread, at least if any other CAG users received the same phishing/virus attack they can inform you and it will allow CAG to take appropriate action and warn site users. Next time I suggest that the Administrators reply to my internal contact message instead of the requirement for me to announce these targeted attacks on the forum. Would you not rather the problem be announced and discussed here rather than somewhere else where there is no control over what is discussed and portrayed.
================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 12:57
Title : Re: Email addresses and Phishing
If you had taken the time to do a search of the forums, you would have been presented with a thread that was started last June on the very subject by the site owner, you will also notice that
I am also included in those that have notified the spam / phishing being sent to their address.
This forum does NOT sell, give away or share information or 'mailing lists' as you call them, or any other information of a personal nature.
Regards
Conniff
Site Team
================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 13:17
Title : Re: Email addresses and Phishing
There is no need to be defensive or in fact be confrontational in tone because it is counterproductive. If this is your stance then all I can say is that either CAG has been hacked or you have someone who is leaking information. I think that it is the former rather than latter. So let me point something out and make myself perfectly clear. I HAVE BEEN TARGETED and the email address to which it has been aimed HAS BEEN OBTAINED FROM THE CAG. Needless to say getting stroppy will only inflame the issue and I will have no choice than to COMPLAIN TO THE ICO so get off the high horse and tell the owner because you are not helping at all and in fact making it far worse.
================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 13:20
Title : Re: Email addresses and Phishing
I find your pm rather offensive and it has been passed to the administrator.
Regards
Conniff
================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 15:01
Title : Re: Email addresses and Phishing
I knew this was coming. You are exhibiting the attitude of a typical forum administrative troll. Likes to patronise, boss around and offend and takes dramatic and outraged offence and makes it about themself when given the same treatment in return. I found your attitude dismissive and patronising and I took offence and sincerely hope you make it clear what you are offended by in my previous message as it was MY personal details which have been compromised that in turn led to an attempted email virus attack and I believe probably all the members have been subjected to similar emails. I have every right to be annoyed, especially when I have made every effort to make every online account that I use secure and managed in a way that allows me to raise an alert when something goes wrong. It becomes even more annoying when those whose servers have been compromised becomes dismissive and try to deny the fact!
What's next, do you really want the last word on being pretentiously offended!!. I suggest you detach yourself from your little power trip and return to the the real matter to hand and think about the urgency of warning the owners and members of the email phishing/virus issue and possible security breach and that their details may have been illegally obtained rather than concentrating on the pretence of your not so fragile ego.
In fact as you have displayed that you are not capable of dealing with this logically and courteously, I suggest that instead of a compiling another unsuitable and inflammatory retort that will will end in an official complaint to the ICO, is is best that you get the owners to contact me directly as your own attitude has made this matter far worse and believe you don't realise what a serious and damaging an issue this is.
================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 15:29
Title : Re: Email addresses and Phishing
How dare you. If you want the owner to contact you, then I suggest you request that from him personally.
================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 17:02
Title : Re: Email addresses and Phishing
How dare I, How dare you,Who do you think you are? I'm afraid you are being very foolish.
You have just proven my point about forum admin trolls in 3 words and proven that you are not capable of having a position of responsibility on this site and frankly a disgrace to the site and what it aims to achieve. In any other profession you would be for the chop, that is if you were in a real[/Ul job. It is obvious that you have no interest in the safety of the members personal details but your own self importance and petty ego
As a result I now wish to make a formal complaint regarding your unprofessional conduct and formally request your removal from the site team and any involvement with policy issues, complaints and interfering with threads. Also directly due to your objectionable, dismissive and frankly disgraceful attitude I WILL raise a formal complaint with the ICO and prepare to publish these messages on other boards and state that CAG it is no longer a safe and trustworthy site to use. So unless the you get the owner to contact me by tomorrow morning, the complaint to the ICO will be lodged and posts on other sites made and it will be apparent that you are to blame for the necessity to do so.
That was the end of that conversation and I sent a message through the main CAG contact page
I request that either of the directors, Mr Gander and Mr Martin contact me within the next 24hrs regarding my CAG unique email address being obtained by internet attackers and used to send phishing/virus emails. Unfortunately due to the behaviour of one of the site team the situation has deteriorated to the point that I wish to make an official complaint.
As a result of their attitude I also wish to raise a formal complaint against Conniff, one of the site team and their attitude toward my complaint and a subsequent email exchange which indicates that they are not capable or understands the seriousness of this issue. What's more, after my last message, my password was somehow expired requiring a renewal. Could be a coincidence but I very much doubt it
Due to that persons idiotically dismissive and disingenuous behaviour I have decided to compile a formal complaint to the ICO and I am preparing a new post for other sites outlining my complaint regarding the CAG website, with the exchange of messages and warning that the site may have been compromised and details of members obtained. ..
Sometimes the snotty and superior attitude of an admin troll is extremely counterproductive and can not just fan the flames but throw petrol on them. I suggest that you remove all admin privileges from this person. How they handled this has not only undermined the integrity of CAG but every bit of advice that they may have given themselves. Furthermore, their singular arrogant foolishness may very well lead to serious damage to the reputation of CAG for which it may take some time to repair, if at all.
Sincerely
As you see they have not replied. I may have been harsh but it was my details that have ended up in the hands of internet attackers and CAG are responsible, in this there is no doubt. Frankly given the way it was handled it was through shear self constraint that expletives were not used.
I have witnessed a number of exchanges in recent years of what I call is a victim troll. They are determined to get a rise out of someone so they can take the moral high ground. The worst of all are mediators or long term contributors, a fair number of which use the position of responsibility for a ego trip while acting like an asinine jobsworth. Funny thing is the longer in the position the more snotty and impolite they get but offended in such a melodramatic way when they are treated the same way.
All I can say if this is what CAGGERS have to contend with when something goes wrong then more fool Messrs Gander (or is it Brooke-Gander) and Martin as they are allowing unsuitable people to act on their behalf. What is worse is that at least the members email addresses have ended up in crooks hands and they are trying to avoid responsibility. If it were any other site they would be up in arms. Hypocritical is not a strong enough word but for now it will do.
P.S. A big question is this, if they were aware of the hack, why didn't I get an email warning me of this instead of a snippy comment saying "if you had taken the time to do a search on the forums" when I informed them what has happened to me!
Think you need to get out more personally, what drivel0 -
Switch your PC off and leave the room...much safer.0
-
Was it really necessary to quote the entire post?
Has the OP even considered that he might have an issue at his end or even a MITM that caused the email address to become spammed?
Surely it is best to flag it up to other users just incase the issue is with the site.If you find you are drinking too much give this number a call. 0845 769 75550 -
Oh wow, nice card. so I am intellectually challenged now with no concept of your situation, how is that possible when I dont know your situation? How do you kow I am not disabled and do have concept of this?I would love get but I can't because i'm disabled and the PC is my view to the wider world. But of course intellectually challenged people like you have no concept of this.
Just for you I will rephrase my comment, you are wasting your time, do something more constructive0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards