HACKED ACCOUNTS?

muzeONE

muzeONE

Gold Member
Joined
Mar 29, 2014
Messages
2,697
Just noticed a string of hacked accounts posting knives for sale in the Knife Exchange over the past couple days. Should I be concerned? Has there been some sort of data breach?
 
muzeONE said:
Just noticed a string of hacked accounts posting knives for sale in the Knife Exchange over the past couple days. Should I be concerned? Has there been some sort of data breach?
Click to expand...


Report them if you see them.

Apparently there were data breaches elsewhere and people that used the same info like usernames and passwords at multiple places are being affected.

Doesn't hurt to change things up to be on the safe side.
 

Attention - Hacked Accounts.

It would appear BF's members are being targeted. @unwisefool account was recently hacked, IP location after the hack is Romania. A few days ago @kagato82 account was hacked, IP location after the hack is Romania. The hacker copied and pasted an older for sale thread...
www.bladeforums.com www.bladeforums.com
 
muzeONE said:
Just noticed a string of hacked accounts posting knives for sale in the Knife Exchange over the past couple days. Should I be concerned? Has there been some sort of data breach?
Click to expand...

If you use a strong password on BF, and you don't use the same password on any other site, then your account is safe.

Create and use strong passwords - Microsoft Support

Follow these tips to improve the safety and security of your online accounts by creating strong passwords and keeping them secure.
support.microsoft.com support.microsoft.com

The people who have been hacked did not meet both of those criteria.
 
Reused passwords are one of the biggest reasons accounts get compromised.

I HIGHLY recommend using a password manager. Password managers keep track of your passwords and not only ensure that passwords aren't reused but generate very strong passwords. For example: U8HxpF@&2b32gyVV62FH5@q6Wt36Hwg1

Lastly, not sure if it's related, but a critical vulnerability was recently identified that affects Java databases.
 
Another recommendation would be for buyers to use the search function in the Exchange before sending funds… especially when F&F is specifically requested as the form of payment.

Hackers are copying and pasting older for sale threads from different members then posting the thread with the hacked account… use the search function to see if the knife was previously listed.
 
Thanks I have been wondering what was happening.
I would use 2 step verification here but my email is a yahoo account and that will really jam me up.
J
 
Just changed my password and activated 2 step verification using 2FAS but it sounds like that will NOT "fix" the cuttiing/pasting of old threads problem.

Perhaps a verification system needs to be put into place in order to allow the posting of any new ads . . . is that possible?
 
Last edited:
sgt1372 said:
Just changed my password and activated 2 step verification using 2FAS but it sounds like that will NOT "fix" the cuttiing/pasting of old threads problem.

Perhaps a verification system needs to be put into place in order to allow the posting of any new ads . . . is that possible?
Click to expand...

It's probably possible but I think it would cause more complaints and headaches than it would solve. There is not always a mod online, so the ads would be on hold until they can be approved and that could take as little as a few minutes to half a day or more. Some For Sales forums can fill up the first page or more in a day, so that'd be a lot of unhappy campers.

Boru's advice above is solid. Search that and the member in question to see if there's a great deviation in their post from their previous posts.

Also, some of the ones I have seen, especially one from the last day or so, have been quite ridiculous. It was a knife (that other members have said) commonly goes for $1,000 and the seller listed at $140 initially and then $240 after the price was questioned. Common sense can go a long way. If it's too good to be true then it probably is.
 
Can more info be provided about what's going on in terms of the "hacked" accounts?

For example, are the actual owners of those accounts actually being "locked out" of their accounts by the hacker, such that sending a PM would just go to the hacker and not the actual owner?

If so, are the accounts that are known to have been hacked being closed so that they cannot be used? If not, why not?

As for Boru's advice, I personally will not even consider buying a knife from anyone using F&F unless I know or have previously done business w/that person but if that person's acct has been hacked and not closed, how do I know who I'm actully dealing with?

Also his suggestion to research past ads just puts the burden on the buyer to try to find out if the sale is genuine or not but, even if done, this does not gurantee that the sale still isn't a fake, especially since the search fx on this forum leaves a lot to be desired.

If this becomes a more serious problem, I think it's the forum's responsibility to put greater safeguards in place, even if it becomes inconvenient. Otherwise, it could cause have a "chilling effect" on any transactions happening on the Exchange because of a lack of confidence in the ads that are posted.

Requiring eveyone to use 2FA to log in seems to me a better solution in order to prevent accounts here from being hacked and to provide greater confidence that the account has not be hacked and that the ads posted are genuine.

This approach also would not require any mod to approve ads before they are posted.

In any event, I just changed my password and activated 2FA. So, while I haven't posted an ad for awhile, when I do again, people can rest assured that it's me their dealing w/and not a hacker.
 
Last edited:
I'll repeat here what I said on the other thread: I can tell everyone right now that I do NOT sell my knives. So, if any post uses my name saying that they have a knife or scales for sale, do not believe it! It is definitely a hacker.
 
sgt1372 said:
Can more info be provided about what's going on in terms of the "hacked" accounts?

For example, are the actual owners of those accounts actually being "locked out" of their accounts by the hacker, such that sending a PM would just go to the hacker and not the actual owner?
Click to expand...

They are. (There are a few other threads on the subject here in Tech that may have more info.)

sgt1372 said:
If so, are the accounts that are known to have been hacked being closed so that they cannot be used? If not, why not?
Click to expand...

They are being locked by the Mods as soon as it is brought to their attention.

They are even warning folks in the sales threads that hackers post not to send money.


sgt1372 said:
As for Boru's advice, I personally will not even consider buying a knife from anyone using F&F unless I know or have previously done business w/that person but if that person's acct has been hacked and not closed, how do I know who I'm actully dealing with?
Click to expand...

Avoiding F&F is a sound method.

Unless you know them personally, you will just have to do the due diligence that was required before this mess started. This crap just makes it more prudent to check out their BF history.

sgt1372 said:
Also his suggestion to research past ads just puts the burden on the buyer to try to find out if the sale is genuine or not but, even if done, this does not gurantee that the sale still isn't a fake, especially since the search fx on this forum leaves a lot to be desired.
Click to expand...

Perhaps, but nothing was guaranteed previously. Researching the other party has always been a decent way to protect oneself. While annoying, at least there is somewhat of a pattern to look out for. For now.

sgt1372 said:
If this becomes a more serious problem, I think it's the forum's responsibility to put greater safeguards in place, even if it becomes inconvenient. Otherwise, it could cause have a "chilling effect" on any transactions happing on the Exchange because of a lack of confidence in the ads that are posted.
Click to expand...

BF is simply the venue and has no other involvement in the transaction.

How much responsibility does the forum hold for your run of the mill scammers and thieves?

This breach was not caused or occured on BF, it was elsewhere and (likely) because people used the same usernames and passwords.



sgt1372 said:
Requiring eveyone to use 2FAS to log in seems to me a better solution in order to prevent accounts here from being hacked and greater confidence that the account has not be hacked and that the ads posted are genuine.

This approach also would not require any mod to approve ads before they are posted.

In any event, I just changed my password and activated 2FAS. So, while I haven't posted an ad for awhile, when I do again, people can rest assured that it's me their dealing w/and not a hacker.
Click to expand...


I do agree that if a measure were to be implemented, this would be better than requiring mod approval for a sales thread.

Changing your password and keeping them unique is smart as well.


Hackers, scammers and other scumbags will always be looking for new ways to take from the vulnerable.


I wonder if other hobbyists forums or places that have a for sale section are seeing something similar.
 
benchwarmer380 said:
I wonder if other hobbyists forums or places that have a for sale section are seeing something similar.
Click to expand...

Probably.

I am a member of other sites where you can buy/sell things w/other members but these other sites are very narrowly focused and don't get the type of traffic that BF does.

However, now that I'm aware of the problem here, I'm going to be more wary of engaging in any transactions on any of those sites w/o being able to verify the authenticity of the ad and the ID of the seller.
 
Last edited:
sgt1372 said:
Probably.

I am a member of other sites where you can buy/sell things w/other members but these other sites are very narrowly focused and don't get the type of traffic that BF does.

However, now that I'm aware of the problem here, I'm going to be more wary of engaging in any transactions on any of those sites w/o being able to verify the authenticity of the ad and the ID of the seller.
Click to expand...

BF accounts are likely a target because one of the more popular knife retailers was hacked early in 2021.
The hackers got access to several months worth of transactions. There's a thread about it buried in the GBU forum.
 
I believe I just got scammed by a hacked account. The person is selling under the name "Guncleana." He had 3 knives listed individually. Cannot reply in listing -only PM. I believe he used photos from another listing here. Not sure where to post this...
 
KerSharp said:
I believe I just got scammed by a hacked account. The person is selling under the name "Guncleana." He had 3 knives listed individually. Cannot reply in listing -only PM. I believe he used photos from another listing here. Not sure where to post this...
Click to expand...
If you paid F&F you did, the Guncleana Guncleana account was hacked as you suspected.
 
These hacked accounts are now requesting “PayPal Goods and Services”. A lot of these hacked accounts have a good amount of positive feedback too. Every sale is a risk at this point. It’s safe to assume that all these too good to be true listings are scams.

Are these hackers going after accounts with ton of good feedback but are also inactive?
 
Some programs like Bit Defender have functions to run a query against your email accounts to check if your information has been compromised.
 
You must log in or register to reply here.
Back
Top