Vladuz apparent strike on Blujay.com!!!

[2boysandtoys]

Someone brought to PSU a post from the BluJay boards - apparently by Adam.  There is content in that post that suggests the user affected was possibly using the same ID at a variety of selling sites.  It is post # 30, at the bottom of page 2 of the PSU thread - http://www.powersellersun.../about14805-0-asc-15.html.

I read this and suspect there are MANY sellers who do use the same ID, under the pretense that auction site owners will respect their information and treat all data gather with sensitivity.  Wrong answer - if my information can be changed by someone other than me on one site, you can bet that my password can also be used to attempt hacking at any other site I sell on.

What a fiasco for the original seller affected - I do feel for them....

[The Tavern Wench]

However and I can be wrong in my thinking but it looks as if someone who runs a site and if that person isn't honest, can steal their members passwords and use them to try to get into their accounts all over the web.  Is

If the passwords at the auction sites are set up like they are here at the forum, they can't actually "see" them.  I know ours are stored in the database in an encrypted form and they don't 'look' like readily identifiable passwords. You would really have to figure out the code and/or know what you are doing to get to them.

That being said, it's still not wise to use the same password from site to site for the very reasons Erin stated in her post above.

[The Bar Keep]

Someone brought to PSU a post from the BluJay boards - apparently by Adam.  There is content in that post that suggests the user affected was possibly using the same ID at a variety of selling sites.  It is post # 30, at the bottom of page 2 of the PSU thread - http://www.powersellersun.../about14805-0-asc-15.html.

I read this and suspect there are MANY sellers who do use the same ID, under the pretense that auction site owners will respect their information and treat all data gather with sensitivity.  Wrong answer - if my information can be changed by someone other than me on one site, you can bet that my password can also be used to attempt hacking at any other site I sell on.

What a fiasco for the original seller affected - I do feel for them....

I just got off the phone with Adam Hsieh and had a very lengthy conversation with him. You will see an SSL certificate back on blujay.com in the next day or 2. At this time he doesn't feel the site was hacked but will continue the investigation until this is figured out.

Adam has also received an invite to participate in The Crabby host forum as well as some consulting work from myself and The Tavern Wench. I would at this time recommend that wherever you sell, make sure sure passwords are not weak in nature as well as unique as possible from site to site.



Joe - The Bar Keep

Correct Erin,

As I stated last night as soon as I got off the phone with Adam.


Joe - The Bar Keep

[knappschiles]

Joe,

Thanks for all the sluething done in this case. I'm sure a lot of us here wouldn't have been able to get as far as you were able to figuring this out.

Another scary part was posted in the PSU thread about the "BJ hack" -
We will not go into detail as to what had occured to Shell_Worlds account but we can assure you that this was not due to a lack of security on blujay.

If you have multiple accounts on different selling venues it is IMPERATIVE that you have a different password for each site. If you do not you are setting yourself up for attack. If one of the "competing" sites wants to attack your account on blujay they can use that identical password and login to your account on blujay and have their way with your store. This is clearly an unethical and illegal abuse of site owner privelege and power.

IF, as seems to be implied by the Blujay owner posting there, the password was "hacked" because Shell used the same password at a competing site, we can all guess a couple of sites volunteer admins that are aligned with Pheeebay that had to be involved in this.

This has now gone from just distain of a competing site to a criminal act. Hopefully the proper authorities will take care of this. But we have to do our part by being more careful and using better and different passwords. While I think most of mine are OK, I do need to change a few.

Carol

edited to say I wrote this before I realized there were more posts on another page. Joe's first post about talking with Adam was the last post I had seen.

[knappschiles]

When I went to bed thinking about this last nite, I wondered how wise it is that many of us use the same ID on most of the sites we use.

This is a tough question. Most of us are trying to build up a "brand name" across the sites so try to be consistant with many things. But this "hack" possibility if 1 site isn't totally honest can completely ruin everything. You can see why a lot of posters on the eBay boards use "posting IDs" so others can't wreck their eBay listings.

Carol

[2boysandtoys]

Carol - you are so very right.  It's a darned if ya do and darned if ya don't.  As I think back on the year, and my one 'crazy Yahoo negative buyer/negative', the timing is such that it very well could have been someone intent on ruining my reputation/online efforts.

When the dustbin stuff started - directly related to me, I had 'flashes' that I might need to start completely over - if they continued to bash me, and work hard to tarnish my reputation and integrity.  But, the outcome has actually been the reverse; sales for me have picked up on one site.  It is a darn shame that there are real trolls and evil folks we encounter that would stoop to levels so low as to affect a person's livelihood.  I just can't get my mind around that at all...

[Mojavelyn]

When I first started online, I had 1 password... for everything...

Now????

It seems every chat board has a different one, some stronger then others...

And because of recent events at blujay.. I changed several passwords AFTER scanning my computer to verify it was clean...

But, I'm wondering how long it will be before we get complacent and lax about our own security again?

 

[The Tavern Wench]

We interrupt this thread for the following announcement:


I split this topic and moved two of the posts to a new thread:
  PheeBay Vladuz - Real Deal, Imaginary Friend or Publicity Stunt Gone Wrong?


Although the BluJay Store being hacked and this topic appear to be intertwined, I felt it was more appropriate to divide this into two separate topics.

Thank you - TTW

Now back to your regularly scheduled posting....

[Baysbeauty]

Thanks to all the great information out there from everyone, I have started to go in and change my passwords every place
that I'm at.  I so far have only gotten a few done but at least it is a start.  I am really mixing numbers and letters and using
as many digits as I can.  I am also writing this all done on paper and putting them away.

 

[The Tavern Wench]

Thanks to all the great information out there from everyone, I have started to go in and change my passwords every place
that I'm at.  I so far have only gotten a few done but at least it is a start.  I am really mixing numbers and letters and using
as many digits as I can.  I am also writing this all done on paper and putting them away.

 

When I was in college they suggested we use this method for selecting a password:

Think of a phrase, sentence, quote, etc. that YOU can easily remember and create a password from it using the first letter of each word and mixing it up with numbers. 

As an example, I'll use one of our current Shallow Thoughts:

Quote:  An effective way to deal with predators is to taste terrible
Selecting Letters:  An effective way to deal with predators is to taste terrible.
and substituting the number 2 for the word to
Password Created:  AeW2dWpi2tt  (note I mixed up upper and lowercase letters)



HTH


Edited to add:  When I ran the above password thru a Password Strength Checker it came out as strong.  I added two more letters and a number and it came out Best.