Had a data breach ?

[MrJ2U]

 

 

Luckily I checked because this evening purchases were made from somebody who stole my information.

 

I've changed my password, took of the credit card on file, and cancelled the orders.

 

You may want to check your Shoppee account.

I found out from messenger about the orders.

 

 

[CharlieH]

This does mot mean that Shopee has been breached. I have seen this numerous times where Google is saying this or that password has been exposed elsewhere on the internet.

It is generally referring to people who use the same password on different sites, then suggests you change one of them.

[Kildonan]

Yes, I got double orders turning up, one after the other, on the same day! Just as well I have learned my lesson  NOT TO PAY IN ADVANCE, as the time taken to get your money back is months! Everything now Cash On Delivery! 

[MrJ2U]

6 minutes ago, CharlieH said:

This does mot mean that Shopee has been breached. I have seen this numerous times where Google is saying this or that password has been exposed elsewhere on the internet.

It is generally referring to people who use the same password on different sites, then suggests you change one of them.

Anyway I was alarmed.

 

Just thought I'd mention it just in case this isn't an isolated incident.

[CharlieH]

8 minutes ago, MrJ2U said:

Anyway I was alarmed.

 

Just thought I'd mention it just in case this isn't an isolated incident.

A simple Google security check.

 

Just a good reminder to people NOT to use the same password on different sites. Personally I use a password manager and that takes care of all that now.

[MrJ2U]

2 minutes ago, CharlieH said:

A simple Google security check.

 

Just a good reminder to people NOT to use the same password on different sites. Personally I use a password manager and that takes care of all that now.

Which one?

 

I think I need that.

[CharlieH]

2 minutes ago, MrJ2U said:

Which one?

 

I think I need that.

I use one called "last pass" as its the last pass you"ll ever need, just one to remember ????

 

https://www.lastpass.com/

[MrJ2U]

11 minutes ago, CharlieH said:

I use one called "last pass" as its the last pass you"ll ever need, just one to remember ????

 

https://www.lastpass.com/

Thanks.

 

Definitely worth a try.

[BritManToo]

I use the same password on everything.

If someone wants to order free stuff for me I don't mind.

If someone wants to use my Facebook page feel free.

Nothing encrypted or locked on my PC, totally happy for anyone to view, nothing of interest to find.

 

Too many people over concerned with security for trivial things.

Back in the UK HM Tax and NI are so secure I can't pay contributions or tax bills.

Why would I care if someone wants to make my NI or tax payments for me?

Make my day!

[MrJ2U]

1 minute ago, BritManToo said:

I use the same password on everything.

If someone wants to order free stuff for me I don't mind.

If someone wants to use my Facebook page feel free.

Nothing encrypted or locked on my PC, totally happy for anyone to view, nothing of interest to find.

 

Too many people over concerned with security for trivial things.

Back in the UK HM Tax and NI are so secure I can't pay contributions or tax bills.

Why would I care if someone wants to make my NI or tax payments for me?

Make my day!

They used my credit card to buy camera equipment.

 

I wasn't to happy about that.

[BritManToo]

Just now, MrJ2U said:

They used my credit card to buy camera equipment.

 

I wasn't to happy about that.

Don't let online shopping sites keep you CC/DC details.

(Doesn't every purchase require you to enter the 3 digit number on the back of the card?)

Use COD.

[MrJ2U]

Yup!

 

Ive deleted my cc in the account.

 

Especially here in Thailand.

 

In the US you have limited liability for fraudulent charges.

 

[FritsSikkink]

3 hours ago, BritManToo said:

I use the same password on everything.

If someone wants to order free stuff for me I don't mind.

If someone wants to use my Facebook page feel free.

Nothing encrypted or locked on my PC, totally happy for anyone to view, nothing of interest to find.

 

Too many people over concerned with security for trivial things.

Back in the UK HM Tax and NI are so secure I can't pay contributions or tax bills.

Why would I care if someone wants to make my NI or tax payments for me?

Make my day!

Typical noob answer, they can empty your bank account pretty easy.

[gearbox]

6 hours ago, MrJ2U said:

Anyway I was alarmed.

 

Just thought I'd mention it just in case this isn't an isolated incident.

You should be alarmed...it means that particular username/password combo is compromised and widely known.  If they guess for example that you have a Shopee account they would have been able to log in as you.

You can check your Shopee user name in how many breaches was involved here:

 

https://haveibeenpwned.com/

 

Unfortunately it doesn't show the exact web sites compromised, as often these are combined and aggregated,  and then sold on the back market.

 

You should try to figure out where you have used this username/password, then go to these sites and change the password with an unique password.

 

For best results use a password manager, and let the manager to generate unique machine passwords for you for each site,  these are currently unbreakable.

 

[fangless]

9 hours ago, BritManToo said:

I use the same password on everything.

If someone wants to order free stuff for me I don't mind.

If someone wants to use my Facebook page feel free.

Nothing encrypted or locked on my PC, totally happy for anyone to view, nothing of interest to find.

 

Too many people over concerned with security for trivial things.

Back in the UK HM Tax and NI are so secure I can't pay contributions or tax bills.

Why would I care if someone wants to make my NI or tax payments for me?

Make my day!

Jeremey Clarkson once thought the same as you and published his details in his newspaper column.

A prankster set up a Direct debit to a charity and took £500 out of his account.

BBC NEWS | Entertainment | Clarkson stung after bank prank

[mtls2005]

11 hours ago, CharlieH said:

This does mot mean that Shopee has been breached. I have seen this numerous times where Google is saying this or that password has been exposed elsewhere on the internet.

 

Yes, this is the excuse Lazada (and Shopee and LINE) used late last year for their MASSIVE  (13 million accounts in Thailand) data breach.

 

 

 

“Our investigation shows that the leak did not come from Lazada but a third-party provider,” Pimchaya Boonyarathapan, a Lazada public relations official, told Thai Enquirer.

 

When asked who was the third party provider, the rep said she did not know.

 

https://www.thaienquirer.com/20953/lazada-suffers-data-hack-of-13-million-accounts/

 

 

 

Edited August 20, 2021 by mtls2005

[mtls2005]

12 hours ago, MrJ2U said:

In the US you have limited liability for fraudulent charges.

 

You can of course use a U.S.-issued credit card here, obviously choose one without the 3% foreign transaction surcharge, and afford yourself all the same protections. 

 

No annual fee: https://www.bankofamerica.com/credit-cards/products/travel-rewards-credit-card/

 

$95 annual fee (100,000 point sign up bonus):  https://creditcards.chase.com/rewards-credit-cards/sapphire/preferred

 

 

 

[jobsworth]

17 hours ago, CharlieH said:

A simple Google security check.

 

Just a good reminder to people NOT to use the same password on different sites. Personally I use a password manager and that takes care of all that now.

until the password manager gets hacked.

 

[chilly07]

COD is the answer!

[MrJ2U]

12 hours ago, gearbox said:

You should be alarmed...it means that particular username/password combo is compromised and widely known.  If they guess for example that you have a Shopee account they would have been able to log in as you.

You can check your Shopee user name in how many breaches was involved here:

 

https://haveibeenpwned.com/

 

Unfortunately it doesn't show the exact web sites compromised, as often these are combined and aggregated,  and then sold on the back market.

 

You should try to figure out where you have used this username/password, then go to these sites and change the password with an unique password.

 

For best results use a password manager, and let the manager to generate unique machine passwords for you for each site,  these are currently unbreakable.

 

Gotta get myself a password manager.

[MrJ2U]

5 hours ago, mtls2005 said:

 

You can of course use a U.S.-issued credit card here, obviously choose one without the 3% foreign transaction surcharge, and afford yourself all the same protections. 

 

No annual fee: https://www.bankofamerica.com/credit-cards/products/travel-rewards-credit-card/

 

$95 annual fee (100,000 point sign up bonus):  https://creditcards.chase.com/rewards-credit-cards/sapphire/preferred

 

 

 

I've got that.

 

I wasn't sure it covered foreign companies like Shoppee, Lazada, etc.

 

I'll call them.

 

I've got Chase Sapphire preferred.

[ericthai]

On 8/19/2021 at 10:26 AM, MrJ2U said:

Yup!

 

Ive deleted my cc in the account.

 

Especially here in Thailand.

 

In the US you have limited liability for fraudulent charges.

 

I started using virtual credit cards. I use a free service and have multiple cards. I use one card for ebay. when I make a purchase I change the limit on the card from $0 to the amount I need, make the purchase and then turn the card back to $0. I use another one for Netlfix, the netflix card only allows 1 transaction a month of no more than $15. I use them for trail memberships too. They are linked to my credit card which I have fraud protection on that too. I like this as my CC info is not being used all over the net. Sometimes it is a pain to login change the allowed amount and then go and change it back to $0 afterward. The nice thing is using it for free trails, no more forgetting to cancel before XX amount of days or getting overbilled by a company. 

[MrJ2U]

Just now, ericthai said:

use another one for Netlfix

Thanks, reminded me I need to change that password to.

 

Ugh.

 

I'm getting a password manager tomorrow.

 

 

Some good ideas about the virtual cc.

Thanks buddy.

[ericthai]

24 minutes ago, MrJ2U said:

Thanks, reminded me I need to change that password to.

 

Ugh.

 

I'm getting a password manager tomorrow.

 

 

Some good ideas about the virtual cc.

Thanks buddy.

send me a message and I'll send you a link where we both can get $5 

[david555]

1 hour ago, ericthai said:

I started using virtual credit cards. I use a free service and have multiple cards. I use one card for ebay. when I make a purchase I change the limit on the card from $0 to the amount I need, make the purchase and then turn the card back to $0. I use another one for Netlfix, the netflix card only allows 1 transaction a month of no more than $15. I use them for trail memberships too. They are linked to my credit card which I have fraud protection on that too. I like this as my CC info is not being used all over the net. Sometimes it is a pain to login change the allowed amount and then go and change it back to $0 afterward. The nice thing is using it for free trails, no more forgetting to cancel before XX amount of days or getting overbilled by a company. 

Same way i do , a much more effort , but the safest way , limiting the limit in the time you do not need to order or pay , same i do for PayPal , no automatic payments , and for Lazada pay on delivery .....

[mtls2005]

Use unique passwords

Change them often

Use 2FA for EVERYTHING, incl. log-in.

Have notifications turned on for EVERYTHING

 

 

 

 

 

[MrJ2U]

9 hours ago, ericthai said:

send me a message and I'll send you a link where we both can get $5 

I just bought Dashlane last night.  Transfered all my password through chrome.

 

Found two of my accounts on the Dark Web.

 

Thanks anyway.