Jump to content
IGNORED

VG+ hacked


Nate Dogg III
 Share

Recommended Posts

I spoke to a gent from CIFAS today (they maintain the National Fraud Database)and explained the situation and the type of data stolen. In the absence of any documentation (passport etc.) being lost he said that the odds were pretty slim of me experiencing any issues. He suggested that if an attempt at identity theft was going to happen it will most likely happen in the near future though. His advice was not to worry about it too much and take some common sense steps like change any other accounts that use the same password, keep an eye on bank / credit card statements and periodically check my credit reports (can be obtained for £2 each from the 3 main agencies; Experian, Equifax & Callcredit). In the unlikely event that something does materialise it is important to contact any companies involved asap to make them aware of the unauthorised activity.

Should you want additional peace of mind CIFAS can also sign you up for protective registration for £20 a year. This adds a note to the database advising credit agencies and member organisations prompting them to do additional security checks when processing any loan apps, insurance claims etc. in your name - but this doesn't affect your credit history in any way. Registration expires after a year unless you decide to remove yourself early or extend your registration. The guy I was talking to said that in most cases a year would be plenty unless there had been any suspicious activity during that time.

http://www.cifas.org.uk/pr

Thank you that is great advice :)

Link to comment
Share on other sites

I can't help my pessimism. I've been reading Halting state by Charles Stross. I'm close to just sticking all my details on a webpage just to get done with the inevitable.

I know how you feel. The way things are going it is a case of when, not if, you will get hit. All you can do is try to limit your risk and keep vigilant.

Have to say that I'm increasingly tempted by the idea of going off to live self-sufficiently in a mud hut somwhere in the back of beyond. Possibly wearing a tin foil hat for good measure ;)

Link to comment
Share on other sites

I know how you feel. The way things are going it is a case of when, not if, you will get hit. All you can do is try to limit your risk and keep vigilant.

Have to say that I'm increasingly tempted by the idea of going off to live self-sufficiently in a mud hut somwhere in the back of beyond. Possibly wearing a tin foil hat for good measure ;)

Don't read Charles Stross.

Link to comment
Share on other sites

I spoke to a gent from CIFAS today (they maintain the National Fraud Database)and explained the situation and the type of data stolen. In the absence of any documentation (passport etc.) being lost he said that the odds were pretty slim of me experiencing any issues

Ask him to post his full name, email, address, dob and tel number on here to prove it :)

Link to comment
Share on other sites

Possibly dumb security question: if the password I used on VG+ has been compromised, does it matter that I used that password on a shitload of websites that I've not used for ages like Tesco and whatnot? I've just set up 1password and used it to set new passwords on everything saved in Chrome, but I know there will be loads of other poxy little sites that use the same login details as VG+. What's the worst that can happen? Somebody orders lots of groceries for me?

What I'm asking is, do I have to go through everywebsite I've used since the dawn of ecommerce changing my passwords, or just make sure the comprimised password isn't used on anything important?

Link to comment
Share on other sites

I would.

Its surprisingly quick to do once you get into the swing of it.

I had to do the same a while back (except change email addr not passwd) and yes it's a dull evening's work. Just make a list and cross them off as you do them.

Search your emails for order confirmations to build a list of all the shops you've ever used and go from there.

Link to comment
Share on other sites

If your browser records emails and passwords for logging in, if you explore preferences you should be able to get a list of all the sites you logged into. That's what I did in Firefox when I did my bulk password change.

Yes, that's exactly where I started, but I've only had this computer a few months. Following Afternoon Delight's advice I ended up scanning back trough the last four years of emails last night to make a list of likely accounts that use the compromised password. There will be more from the distant past but they'll use my old email address.

Thanks for the 1password recommendation. At £35 + £10 for the iPhone app it's pricey, but a very nice piece of software. It has the added convenience of making signing into websites that much quicker, so I can't grumble too much (was a bit taken aback when I saw the price of the iPhone app!).

I've needed to sort this out since the PSN hack. Knowing for sure that my email address and password are 'out there' due to the VG+ debacle has pushed me to do something about it.

It's one of those things where I know it'd be an utter pain and possibly very expensive if I was to be targeted, but it's just easier to keep your head in the sand. I had a little pop at my wife yesterday for worrying too much about germs and then a few hours later I was suddenly panicking at her about having my identity stolen! I just try not to worry about threats that feel distant and somewhat out of my hands, but I know that all these hacks means that sometime soon something will happen and I'll be glad I acted.

I just hope my 1password 'master file' doesn't end up on Pastebin somehow :)

Link to comment
Share on other sites

I'm not sure what can be done with your details regarding someone applying for credit in your name. I mean, if someone applies for a credit card using your details then the card will go to your address. If they go for a loan or something then the credit agreement will also be sent to your home. And don't you have to provide bank details in order to be credit checked anyway?

Link to comment
Share on other sites

I'm not sure what can be done with your details regarding someone applying for credit in your name. I mean, if someone applies for a credit card using your details then the card will go to your address. If they go for a loan or something then the credit agreement will also be sent to your home. And don't you have to provide bank details in order to be credit checked anyway?

You know how easy it is to get royal mail to redirect someone else's mail someplace else?

Link to comment
Share on other sites

Decided to get CIFAS protection just in case. Signing up the guy said that they had a dozen or so people call in the last day about a Canadian video games site.

Knowing how much of a pain in the arse it is to clean up after identity theft I thought I'd rather just spend the £20 even if the risk of fraud is fairly low.

Link to comment
Share on other sites

Yes, it "should" be all or nothing... but that depends on how competent you think a organisation like the Royal Mail is.

BBC story about mail redirection fraud

I trust that Royal Mail have a somewhat more robust system of confirming the validity of these things, since the article was authored nearly 2 years ago. I don't know that for sure, but that's the bet I'm making. But given how frequently people order stuff online here at rllmuk, I think they'd notice if their stuff wasn't turning up sooner than most - one of the few advantages to being a hopelessly rabid consumerist.

Link to comment
Share on other sites

Well if it's that easy to have your mails stolen then this VG+ thing is really neither here nor there. Anybody can frurd you at any time with ease.

I think the problem is that if you are on the VG+ leak then your details are likely in the hands of people who are actively doing this kind of fraud and the chances of them stealing your identity are vastly increased than if they didn't even have your name, address and dob to start with.

Link to comment
Share on other sites

People should be hammering them over this on their Facebook page, but no one seems to be. http://www.facebook.com/groups/58613320965/

Absolutely disgraceful. Their latest post on their blog is basically, 'Umm yeh, we're sorry, carry on as normal'. People should be getting compensated for this, paying for these fraud protection services that have been mentioned for example.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Use of this website is subject to our Privacy Policy, Terms of Use, and Guidelines.