Jack Torrance Posted December 11, 2008 Share Posted December 11, 2008 Hi all Just wanted to point something out in case you have an issue with this. In a marketing email I just recieved from the club telling me it's time to come home, if you read the foot it tells you they're trialling a new email system. It then goes on to clearly display your username (account number) and password. You can then use this to access all your online personal details. Address, telephone number etc. And most worringly you can access credit card details you have stored online with the club. If this had been intercepted, fraudsters would have had a field day. I've emailed the club to tell them. It would appear it's time for fraudsters to come to my home also. Link to comment Share on other sites More sharing options...
Dazo Posted December 11, 2008 Share Posted December 11, 2008 You think if someone wanted your home address and phone number they would go to the bother of trying to intercept emails ? Link to comment Share on other sites More sharing options...
siegementality Posted December 11, 2008 Share Posted December 11, 2008 You think if someone wanted your home address and phone number they would go to the bother of trying to intercept emails ? If you had read all his post you would see he mentions that it could give someone access to credit card details held by each user, that's not a worry then? Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 You think if someone wanted your home address and phone number they would go to the bother of trying to intercept emails ? Ok, so you're happy with the fact that someone, and there are lots out there with the ability to get hold of other people's emails, can then steal your identity and spend money on your credit/debit card. Just posting to make people aware in case they have an issue with this. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 If you had read all his post you would see he mentions that it could give someone access to credit card details held by each user, that's not a worry then? Absolutely, however it can also cause years of misery if someone steals your identity. I'm particularily concerned as i've seen the problems this can cause. I'm very careful with my own details, even my telephone number that is x directory. The email they've sent out even provides a link so a baddy doesn't even have to look for the site to access. They just click on it and het presto then they have Your name Address Date of Birth Telephone (Landline and mobile) Credit/Debit card details Just brilliant. Link to comment Share on other sites More sharing options...
Cow Posted December 11, 2008 Share Posted December 11, 2008 Absolutely, however it can also cause years of misery if someone steals your identity. I'm particularily concerned as i've seen the problems this can cause. I'm very careful with my own details, even my telephone number that is x directory. The email they've sent out even provides a link so a baddy doesn't even have to look for the site to access. They just click on it and het presto then they have Your name Address Date of Birth Telephone (Landline and mobile) Credit/Debit card details Just brilliant. please let us know when you get (if at all) a response , thanks Link to comment Share on other sites More sharing options...
Gards Posted December 11, 2008 Share Posted December 11, 2008 Thanks for the heads up - just checked the email and I can see the username and password at the bottom too. Luckily I don't have any CC's stored against my account - but changed my password right away. Pretty poor show that - don't know if it's Hearts or Ticketmaster to blame on this one. Link to comment Share on other sites More sharing options...
boabyarsebiscuit Posted December 11, 2008 Share Posted December 11, 2008 Very unhappy. Mr Romanov has missed a big opportunity. After all, he could have sold our details to online criminals and raised money to pay players wages rather than divvying out our details for free. Link to comment Share on other sites More sharing options...
Rodge Posted December 11, 2008 Share Posted December 11, 2008 Looks like the mails are actually coming from Ticketmaster - my one also has my details splashed all over it :xmasunsure: Link to comment Share on other sites More sharing options...
Cow Posted December 11, 2008 Share Posted December 11, 2008 I have just logged on to hearts rewards and removed my card details(they dont actually display all the card numbers but why take the risk) I was going to do the same for hearts world but the card has now expired . I would suggest anyone in doubt should do the same , i have also emailed the club and have asked for a rapid response. Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 same email received here. again with username and password, giving access to all my details. incompetent muppets. name, address, home phone number, mobile number, 4 digits of card number, card expiry date etc etc. Utter incompetence. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 Very unhappy. Mr Romanov has missed a big opportunity. After all, he could have sold our details to online criminals and raised money to pay players wages rather than divvying out our details for free. Maybe he already has comrade...:xmasgrin: Link to comment Share on other sites More sharing options...
Tom Heaney Posted December 11, 2008 Share Posted December 11, 2008 Absolutely, however it can also cause years of misery if someone steals your identity. I'm particularily concerned as i've seen the problems this can cause. I'm very careful with my own details, even my telephone number that is x directory. The email they've sent out even provides a link so a baddy doesn't even have to look for the site to access. They just click on it and het presto then they have Your name Address Date of Birth Telephone (Landline and mobile) Credit/Debit card details Just brilliant. BJ, I agree with your points, however there is an easy way to keep these details private....Dont store them on the site, you dont have to, I certainly dont have a credit or debit card # stored in there Link to comment Share on other sites More sharing options...
Dazo Posted December 11, 2008 Share Posted December 11, 2008 If you had read all his post you would see he mentions that it could give someone access to credit card details held by each user, that's not a worry then? I would imagine existing credit card details if any are encrypted. And no its not a worry for me personally. Does not matter how clever an email interceptor is they can do ****all with 4 digits of a credit card. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 BJ, I agree with your points, however there is an easy way to keep these details private....Dont store them on the site, you dont have to, I certainly dont have a credit or debit card # stored in there I also agree with your points. I've never stored card details online, too risky for the very reason we are seeing here. I provided my personal details because I bought tickets online. I gave my details in good faith trusting that they would be held securely. My trust has now been broken. Picture the scenario. Someone goes in, changes your mailing address and intercepts the email that I imagine will be sent to you to tell you this has been changed. Then they buy loads of stuff and you get charged but you don't find out until you get your statement through by which time the baddy is long gone. or Someone opens a bank account somewhere with your name, DOB and address along with other details they've been able to find elsewhere online. And guess what, you just happened to use the same password for an account elsewhere that they got hold of your username for so now they've stole more stuff from you. Before you know it the police are investigating but no one know's who the real Dazo is. All your cards get cancelled, you've no access to dosh over Christmas and the New Year. Your match tickets for the 3rd Jan have went missing in the post, there's Sheriff Officers at the door because you haven't paid for something that was sent somewhere else Then you've got to prove to the courts you didn't buy all that stuff. You have to write countless letters to credit agencies because the banks won't lend you money for that new house you set your heart on and now someone else has bought it. Your Bank is now arguing that you're liable for a ?2000 bill because you didn't keep your details secure. By the time you've sorted all that out it's Christmas all over again. Link to comment Share on other sites More sharing options...
Dazo Posted December 11, 2008 Share Posted December 11, 2008 I also agree with your points. I've never stored card details online, too risky for the very reason we are seeing here. I provided my personal details because I bought tickets online. I gave my details in good faith trusting that they would be held securely. My trust has now been broken. Picture the scenario. Someone goes in, changes your mailing address and intercepts the email that I imagine will be sent to you to tell you this has been changed. Then they buy loads of stuff and you get charged but you don't find out until you get your statement through by which time the baddy is long gone. or Someone opens a bank account somewhere with your name, DOB and address along with other details they've been able to find elsewhere online. And guess what, you just happened to use the same password for an account elsewhere that they got hold of your username for so now they've stole more stuff from you. Before you know it the police are investigating but no one know's who the real Dazo is. All your cards get cancelled, you've no access to dosh over Christmas and the New Year. Your match tickets for the 3rd Jan have went missing in the post, there's Sheriff Officers at the door because you haven't paid for something that was sent somewhere else Then you've got to prove to the courts you didn't buy all that stuff. You have to write countless letters to credit agencies because the banks won't lend you money for that new house you set your heart on and now someone else has bought it. Your Bank is now arguing that you're liable for a ?2000 bill because you didn't keep your details secure. By the time you've sorted all that out it's Christmas all over again. Identity fraud does happen but I think your being a touch dramatic. Link to comment Share on other sites More sharing options...
Jam Tarts 1874 Posted December 11, 2008 Share Posted December 11, 2008 I would imagine existing credit card details if any are encrypted. And no its not a worry for me personally. Does not matter how clever an email interceptor is they can do ****all with 4 digits of a credit card. An interceptor would also need to know the 3 digit security code, I suppose they could always guess it. Link to comment Share on other sites More sharing options...
Darth Sidious Posted December 11, 2008 Share Posted December 11, 2008 I removed my cards from Hearts Rewards. I pay by card for Hearts TV, will I have to remove it from there? Or anywhere else? Link to comment Share on other sites More sharing options...
JamboJen Posted December 11, 2008 Share Posted December 11, 2008 An interceptor would also need to know the 3 digit security code, I suppose they could always guess it. It's like when people come into my work and contort themselves into weird positions to conceal their PIN. It's only of any use to someone if they have your card (or a cloned version), too. I'm not sure what people are worrying about. Sending your password when you;ve not asked for it is rather stupid, but the card info is the exact same as you get on your Visa receipt when you buy anything on it. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 Identity fraud does happen but I think your being a touch dramatic. Yeah, agree, it's artistic license but it could happen. It's a weak spot in their security and I only wanted to highlight it in case anyone else was concerned. Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 Yeah, agree, it's artistic license but it could happen. It's a weak spot in their security and I only wanted to highlight it in case anyone else was concerned. There seems to be some debate here BJ as to how much a security breach this actually is. Can you post the original email that you received, complete with the personal information that you are talking about, so we can determine how bad this is? :xmasbabe: Link to comment Share on other sites More sharing options...
Ibrahim Tall Posted December 11, 2008 Share Posted December 11, 2008 Correct me if im wrong but upon registering do you not recieve emails telling you your username and password anyway? Would be just as easy to intercept them. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 It's like when people come into my work and contort themselves into weird positions to conceal their PIN. It's only of any use to someone if they have your card (or a cloned version), too. I'm not sure what people are worrying about. Sending your password when you;ve not asked for it is rather stupid, but the card info is the exact same as you get on your Visa receipt when you buy anything on it. I imagine they must look quite funny.:xmaswoot: What I would say though, I bet you wouldn't be happy if someone gave your receipt along with your name adress DOB and phone numbers to a complete stranger. Here's some websites if anyone on here is concerned. Some useful tips and info. If you're not bothered then that's fine too. I don't mind either way. http://www.identity-theft.org.uk/default.asp http://www.getsafeonline.org/ Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 It's like when people come into my work and contort themselves into weird positions to conceal their PIN. It's only of any use to someone if they have your card (or a cloned version), too. I'm not sure what people are worrying about. Sending your password when you;ve not asked for it is rather stupid, but the card info is the exact same as you get on your Visa receipt when you buy anything on it. alog with name, address, mobile and home telephone numbers? Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 There seems to be some debate here BJ as to how much a security breach this actually is. Can you post the original email that you received, complete with the personal information that you are talking about, so we can determine how bad this is? :xmasbabe: Link to comment Share on other sites More sharing options...
JamboJen Posted December 11, 2008 Share Posted December 11, 2008 alog with name, address, mobile and home telephone numbers? Info that you'll get in an email when you buy anything online. As i said, sending your password when you've not asked for it is stupid, because if someone did happen to get into your emails they could log onto your account and read all that info anyway. My point was that with the card details in the email there is little (nothing as far as I know) anyone could do with that without either getting their hands on the card or guessing. Link to comment Share on other sites More sharing options...
Delboy1998 Posted December 11, 2008 Share Posted December 11, 2008 100% wrong, only sent to the supporters e mail address for ease of log in. Also no access to any card details as they're not held by the club. Anyone in the wrong account would need to key in payemnt details to buy anything. Link to comment Share on other sites More sharing options...
Tott Posted December 11, 2008 Share Posted December 11, 2008 100% wrong, only sent to the supporters e mail address for ease of log in. Also no access to any card details as they're not held by the club. Anyone in the wrong account would need to key in payemnt details to buy anything. Not the point. Passwords should not be sent out unless there requested by the user. Link to comment Share on other sites More sharing options...
JamboJen Posted December 11, 2008 Share Posted December 11, 2008 Not the point.Passwords should not be sent out unless there requested by the user. IMO, that is the only mistake, so if people are concerned they should change their passwords. Link to comment Share on other sites More sharing options...
WalterEgo Posted December 11, 2008 Share Posted December 11, 2008 An interceptor would also need to know the 3 digit security code, I suppose they could always guess it. Not necessarily. Not all systems require it, particularly foreign systems. Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 IMO, that is the only mistake, so if people are concerned they should change their passwords. Sending out an automatic logon link is pretty dodgy too. Although I have seen these used elsewhere, they have been for less critical sites (i.e. less personal information stored) - in this case it should be a no-no. Link to comment Share on other sites More sharing options...
JamboJen Posted December 11, 2008 Share Posted December 11, 2008 Sending out an automatic logon link is pretty dodgy too. Although I have seen these used elsewhere, they have been for less critical sites (i.e. less personal information stored) - in this case it should be a no-no. Didn't see that mentioned before. That is also stupid. Am I right in thinking these emails are form ticketmaster and not Hearts? Think it'll be a long wait til ticketmaster reply to any complaints or do anything about the system unfortunately. Seatbooker was better anyway, but that's another thread! Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 Didn't see that mentioned before. That is also stupid. Am I right in thinking these emails are form ticketmaster and not Hearts? Think it'll be a long wait til ticketmaster reply to any complaints or do anything about the system unfortunately. Seatbooker was better anyway, but that's another thread! BJ mentioned it in post 5, if I didn't misinterpret what he said. Link to comment Share on other sites More sharing options...
K1874M Posted December 11, 2008 Share Posted December 11, 2008 It may have been said but your first point of call should be the club and left it with them instead of blabbing on a forum. This is the club you support isnt it? Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 Yes you are correct. There's a link there too. Look, I don't want to get into a debate as to how serious, or otherwise this is. I'm fairly up to speed and reasonably switched on when it comes to online security. My concern is that someone else might not be and may for instance use a password that they use for something else. Fraudsters phishing for stuff don't just use one source, they collate stuff from a variety of sources and can also hide programs in your PC to gather this info. I only wanted to make folk aware, so i'm going to step away from the debate as i've achieved that and we all now know. Individuals can then make their own risk assessment and take action if they wish. Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 It may have been said but your first point of call should be the club and left it with them instead of blabbing on a forum. This is the club you support isnt it? My first port of call was the club I support. Thanks for the advice though. As I haven't recieved a reply from them, I felt it was worth making others aware. Definition of Forum: fo?rum (f?rm, fr-) n. pl. fo?rums also fo?ra (f?r, fr) 1. a. The public square or marketplace of an ancient Roman city that was the assembly place for judicial activity and public business. b. A public meeting place for open discussion. c. A medium of open discussion or voicing of ideas, such as a newspaper or a radio or television program Link to comment Share on other sites More sharing options...
redjambo Posted December 11, 2008 Share Posted December 11, 2008 It may have been said but your first point of call should be the club and left it with them instead of blabbing on a forum. This is the club you support isnt it? The OP was rightly concerned about this issue. We are all adults and have the right to discuss the problem at hand. If you want to go and live in a nanny state, try Cuba. Link to comment Share on other sites More sharing options...
wibble Posted December 11, 2008 Share Posted December 11, 2008 Bad move by the webotrons who are supposed to be "experts" emplyed by the club. Cue bad press galore.:xmaseye: Link to comment Share on other sites More sharing options...
Jack Torrance Posted December 11, 2008 Author Share Posted December 11, 2008 Bad move by the webotrons who are supposed to be "experts" emplyed by the club. Cue bad press galore.:xmaseye: True. Maybe I should have waited until after the Smelltic game.:xmassick: Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 so were the 4 digits of your credit card the last 4? which would include the modulus checksum? how do you extrapolate back to full 16/19 numbers with any degree of certainty Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 so were the 4 digits of your credit card the last 4? which would include the modulus checksum? how do you extrapolate back to full 16/19 numbers with any degree of certainty full name, address, mobile and home telephone number also on there. Breach of Data Protection by Hmfc/Ticketmaster. Link to comment Share on other sites More sharing options...
Guest S.U.S.S. Posted December 11, 2008 Share Posted December 11, 2008 so were the 4 digits of your credit card the last 4? which would include the modulus checksum? how do you extrapolate back to full 16/19 numbers with any degree of certainty You dont, unless your a super villan. Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 full name, address, mobile and home telephone number also on there. Breach of Data Protection by Hmfc/Ticketmaster. Dunno didn't get one of the emails so to be unkickback like can't comment. Must attend too many matches to qualify as a potential customer.:xmastongue: Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 Dunno didn't get one of the emails so to be unkickback like can't comment. So I noticed. :xmascrazy::xmasgrin: Link to comment Share on other sites More sharing options...
Captain Canada Posted December 11, 2008 Share Posted December 11, 2008 Unlike many others on here, I'm grateful the O.P. for pointing this out. I think ridiculing someone for trying to help his fellow supporters is pathetic. Link to comment Share on other sites More sharing options...
brownkg Posted December 11, 2008 Share Posted December 11, 2008 So I noticed. :xmascrazy::xmasgrin: back to your usual Pot-kettle style of debate I see. As ever on here an issue grows arms and legs with a wholesale rush to jump on the bandwagon Link to comment Share on other sites More sharing options...
Guest S.U.S.S. Posted December 11, 2008 Share Posted December 11, 2008 Unlike many others on here, I'm grateful the O.P. for pointing this out. I think ridiculing someone for trying to help his fellow supporters is pathetic. I think ridiculing someone for ridiculing someone is pathetic. Link to comment Share on other sites More sharing options...
K1874M Posted December 11, 2008 Share Posted December 11, 2008 Unlike many others on here, I'm grateful the O.P. for pointing this out. I think ridiculing someone for trying to help his fellow supporters is pathetic. Thanks. Link to comment Share on other sites More sharing options...
The Don Posted December 11, 2008 Share Posted December 11, 2008 Have checked my email and the source code and can confirm the emails are sent from Ticketmaster NOT Hearts. Complaints should be made to Ticketmaster, however the club should be made aware of this also. Sending out unencrypted passwords can be deemed a breach of security. There are hundreds of possible ways a 3rd party can obtain these details either direct from the source or from a users pc. I wont bore you all with the hows and means to do it, but it is incredibly easy. My advice to everyone who has recieved this email is to log on immediately and change your password. Link to comment Share on other sites More sharing options...
Guest JamboRobbo Posted December 11, 2008 Share Posted December 11, 2008 back to your usual Pot-kettle style of debate I see. As ever on here an issue grows arms and legs with a wholesale rush to jump on the bandwagon just pointing out you were happy to comment earlier in the thread, then suddenly you felt this apparent obligation to not say anything cause you hadn't received the email. And it was a light hearted point - did you not see the smiley. :xmasgrin: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.