Had exactly the same experience a few years back…. the data breach was Asda. I know because the disclosed password was based on a formula I use. Also ignored the email.
Caravan and Motorhome Club's website down!
- Thread starter solaris
- Start date
Had exactly the same experience a few years back…. the data breach was Asda. I know because the disclosed password was based on a formula I use. Also ignored the email.
I came up clear, my wife did not. Her leak was ULMON/City Maps To Go. We have both deleted the app and cleared any connections. She always uses complex unique passwords so we feel we have this covered. Thanks for the link and the reassurances about it being legitimate.
They still have our £150 worth of vouchers that we paid for and were due to be delivered to our daughter on her birthday. Obviously the cyber attack had laid them low before they were due to be delivered by e-mail.
Now we have to hope that they have a record of our payment or our credit card company will have to get involved.
Now we have to hope that they have a record of our payment or our credit card company will have to get involved.
- Dec 27, 2020
- 561
- 1,822
- Funster No
- 78,608
- MH
- Burstner 690G
- Exp
- Boats Caravans & Motorhomes for 25 years
We have seen successful attacks on hospitals, banks and airlines to name a few targets. Reading the communication the club are following advice and we all hope that no personal member details have been stolen but the culprits in this event are the hackers probably located out of the UK.
- Sep 30, 2022
- 199
- 152
- Funster No
- 91,610
- MH
- Rapido V68
I come from a Cyber background. If they have our credit card details they (or their partners) have to comply with a standard called PCI DSS (which has many controls / protections around it). In the case of this breach, in the email they state that they are working with the ICO (Information Commissioners Office) whereas in the majority of cases, to resolve it, they will be working with the NCSC (National Cyber Security Centre - a part of GCHQ). They have not indicated what kind of cyber attack it is (more than likely Ransomware), which will mean they will be off air for a while they look for a clean backup to restore. Looking at the domain, I suspect that they are hosted by a Telecomms company in Germany, who will be doing the majority of the resolution. They should be getting back to us all in 2 days. When / if we do get back online with them, the most important thing is to change your password. If you have virus protection (something like Bitdefender), make sure you run it and check your email addresses for exploitation tracking. Regards, BOOMEL.
Subscribers do not see these advertisements
- Jul 20, 2023
- 107
- 159
- Funster No
- 97,489
- MH
- Devon Aztec XL Auto
- Exp
- Limited motorhome and campervan hire previously.
Do a google search for MOAB, this is the Mother Of All Breaches at an almost unbelievable 12TB of data.
Thats 12,000 GB of data!! Scary scary stuff.
Thats 12,000 GB of data!! Scary scary stuff.
I've had similar with O2 (who I didn't even use at time as had migrated to another provider 3 years prior). I used a unique to them email on signup, and clearly from what it received they were hacked (no-one could guess the unique email) as it wasn't related to the company in any way. Then had my O2 password disclosed.... all about 3 years after I left them, I think that breach was "publically" disclosed in media though. It's a good thing I've used unique to site passwords and emails for "many" years really.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
I use Apple Keychain so all my passwords are unique.
- Nov 6, 2022
- 10
- 35
- Funster No
- 92,288
- MH
- VW
This is good advice and don't re-use passwords. Lastpass is a good app (there are others too: 1Password, Dashlane, Keeper - prices and functionality vary).
I also work in Cyber Sec and I guess my concern about this attack relates to insurance data on units (location, value, alarms etc) but hopefully it isn't targeted for that reason - just good old-fashioned extortion.
Here's a good article from the NCSC that covers staying safe online - well worth a read.
My first post btw as I only joined today - although I've been a 'reader' for a while - I'll post a 'hello post' on the introduce yourself forum.
Andy
Subscribers do not see these advertisements
Erm. You quoted someone else (CAB96) and swapped my name in. Thought you were good at IT
Give credit where it is due He is as you have said perfectly correct but I was chasing up SFTP/FTPS confusion at the time of that post
Just as a point of interest and I don't expect anyone to go to the extremes I do.
I have a unique email address for every single service I sign up for. AND each one has a unique and randomly generated password.
So when I get a spam email from say amazon6343@mydomain.com and it is not from amazon I know they are the source of the spam.
It is a tiny bit of work up front. When I sign up or order from a new company I have to add an alias. But I have been doing it for 25 years now so not really any hardship more of a habit.
But it means. If anyone has a data breach, or sells my email address or otherwise lets it escape... I KNOW without any exception or prevarication who was responsible. And occasionally I have been able to help a company before they knew they had a problem.
My advice if it is possible is. Get your own domain name. Pay for an email service where you can add aliases. Use a unique email address and password per login. It will save you time and effort in the long term.
But probably more trouble that in is worth for most people.
The current situation is. I have an email address caravanclub@mydomain.com (not giving the domain away) If I get spam or phishing emails from that address I will change it to caravanclub3527@mydomain.com and that is all I need to do.
I do not need to worry about them using the same login anywhere else. OR using that same email address and guessing passwords on other services. The problem is exclusively and literally isolated to the company with the problem
Without either sharing email or password the hackers get what I have given to the company linked to that login which is rarely very much.
I have a unique email address for every single service I sign up for. AND each one has a unique and randomly generated password.
So when I get a spam email from say amazon6343@mydomain.com and it is not from amazon I know they are the source of the spam.
It is a tiny bit of work up front. When I sign up or order from a new company I have to add an alias. But I have been doing it for 25 years now so not really any hardship more of a habit.
But it means. If anyone has a data breach, or sells my email address or otherwise lets it escape... I KNOW without any exception or prevarication who was responsible. And occasionally I have been able to help a company before they knew they had a problem.
My advice if it is possible is. Get your own domain name. Pay for an email service where you can add aliases. Use a unique email address and password per login. It will save you time and effort in the long term.
But probably more trouble that in is worth for most people.
The current situation is. I have an email address caravanclub@mydomain.com (not giving the domain away) If I get spam or phishing emails from that address I will change it to caravanclub3527@mydomain.com and that is all I need to do.
I do not need to worry about them using the same login anywhere else. OR using that same email address and guessing passwords on other services. The problem is exclusively and literally isolated to the company with the problem
Without either sharing email or password the hackers get what I have given to the company linked to that login which is rarely very much.
Last edited:
PS: the other advantage is with unique email/password combos is. I tell caravanclub@mydomain.com to change my email to caravanclub3527@mydomain.com and then delete the caravanclub@mydomain.com alias.
This stops all future spam from that mailbox. As the hackers will sell it on... If you use a single email address they will sell it on and you will then end up with every hacker and his dog trying to phish/scam you.
This stops all future spam from that mailbox. As the hackers will sell it on... If you use a single email address they will sell it on and you will then end up with every hacker and his dog trying to phish/scam you.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
Just get an iPhone and use the hide my email address option, so much easier than creating email aliases.
Sorry that makes no sense
If you don't give your email address for instance to this forum, how would they then know who to login and who to send emails to?Think you may either not understand what that feature does or .... Sorry am at a loss there.
Deleted a big paragraph of extras. I think you may be misunderstanding something here, or I am not explaining myself well?
Subscribers do not see these advertisements
Just my guess. But they keep bank details for those who use Direct Debit which is a different system and cannot be abused like a credit/debit card.
For Credit/Debit cards they don't keep the details only the auth/token. Which cannot be abused by hackers.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
Hide my email creates a random email address that forwards emails to your legitimate email account and is handled via your iCloud account. If one is compromised you just create a new random email address. Your real email address is never exposed.Sorry that makes no sense
Think you may either not understand what that feature does or .... Sorry am at a loss there.
Deleted a big paragraph of extras. I think you may be misunderstanding something here, or I am not explaining myself well?
ok. That is a specific to apple services that achieves exactly the same as I was suggesting. A unique email/password per service. But not all of us have Apple size budgets
And not all of us trust apple or even any cloud service.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
So where do your emails reside, downloaded via POP3 to a device, if not they are on a remote server or cloud service. I guess you have a personal domain from the content of your post and you mentioned your mailbox, so your hosting company is keeping your emails safe I presume. Also Hide my email is not unique to Apple, it’s also available on Android albeit not a native function. Cloud isn’t ether, it’s a physical server somewhere. If you don’t like any cloud service, don’t use the internet. If you use Android, you trust Google with your data in the same way I trust Apple with my data. The issue with your solution is the domain is common across all your email addresses and the domain is unique to you as I guess you own it.ok. That is a specific to apple services that achieves exactly the same as I was suggesting. A unique email/password per service. But not all of us have Apple size budgets
And not all of us trust apple or even any cloud service.
Last edited:
On my own server. I do not use any cloud services.
No, Stored on the server which is secure and accessed using IMAP4 via my desktop, laptop and for a single mailbox on my phone. My phone only has access to one non essential mailbox as I don't trust google/android.
Remote server or cloud service is exactly the same thing. What matters is who owns it and how is it operated.
What you are saying is that apple knows your real address and hands out a temporary fake email address to services you sign up for? Apple I agree are more trustworthy than pretty much any other tech company on that front but you are still reliant on them and need to have paid for their services and bought into their eco system. No thanks.
You use google services you are the product.
You use apple services you have to pay through the nose so you are not the product.
Subscribers do not see these advertisements
zac
LIFE MEMBER
Seems there are quite a few this time Mother Of All Breaches released 24/01/2024
Keep an eye out all that's for sure in the days/months ahead.
Keep an eye out all that's for sure in the days/months ahead.
I do same as gromett, but moved away from running it on my own server (I am quite capable of this, and still have the server).
I now just use office365 with my own domain name and many aliases. It's quite reasonably priced and my company pays for it technically as the primary alias is my business email today, but in reality it's one of those costs of doing business as they actually give my company more credit for another service we use as part of the deal than the deal costs. (its about 350/yr for 1000usd of credit). (Gromett you may want to look at this for your business if you ever need azure credit, it's the partner network action pack deal, it's 5 full o365 licenses including domain name support + 1000usd in azure credit for 350gbp).
The Microsoft and Google run a domain options both support domain names, and I do reccomend both to family.
And apologies for misquote earlier gromett this forum screws up when you are editing multiple replies and I don't always notice.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
In what way am I paying through the nose for Apple. I don’t pay for Apple services only paid for the device I’m using And get free iCloud capabilities.
Android Phones can be more expensive than Apple phones depending on spec, paying through the nose is subjective. A rolls Royce still gets to from A to B in the same way as a bicycle does only some prefer the comfort of the rolls Royce because they can afford it. I use Apple because I like their Eco system.
You couldn't pay me to go anywhere near Microsoft. I run my own server and probably pay more than I need to. But when it comes to security I pay the price to ensure I am secure/safe.
I do not use ANY cloud services. They can change the terms, ramp up the prices, change the offering or even withdraw the service all together and you are screwed. I do everything I need myself.
I use Libre Office. Host my own mail server/service and manage my own DNS and spam filtering.
I have 12 different mailboxes with over 500 email aliases (built up over 25 years) and in the last 30 days there has been 1 spam email hitting my mailboxes.
No problems.
May have been said before. It’s a long thread
From Director General Nick Lomas letter
“Data security is of paramount importance, to us, our members, guests and suppliers”
Clearly a lie as they would not have been hacked if that was the case !
From Director General Nick Lomas letter
“Data security is of paramount importance, to us, our members, guests and suppliers”
Clearly a lie as they would not have been hacked if that was the case !
Subscribers do not see these advertisements
Last edited:
I paid £112.89 for my phone back in 2018. It does exactly what I need it do... I am not in the market for a Rolls Royce to get me to the local Coop and I don't need to buy an expensive Apple device just to give me email aliases.
I am not criticising you for doing so. But you are paying a high price for that service. So when you say
You are demanding a very high price for something that is basically an email alias.
That is a little unfair. Even the best of us make mistakes, and system errors can happen even when you are careful. They may have trained their staff extremely well but still the temp who came in to help out may have got caught by a phish email. etc.
My view is. Every company at some point will get exploited/hacked. How they handle it is the important part. The 5 days that CAMC didn't admit to it and give good advice to their members is what they should be criticised for.
edit: PS: I am not defending them. They have responded badly and the new system was atrocious. but even if the new system was perfect how they handled it was sub par in my view.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
That’s fine, each to their own. You clearly have the time to manage your own services in that manner, many of us don’t.You couldn't pay me to go anywhere near Microsoft. I run my own server and probably pay more than I need to. But when it comes to security I pay the price to ensure I am secure/safe.
I do not use ANY cloud services. They can change the terms, ramp up the prices, change the offering or even withdraw the service all together and you are screwed. I do everything I need myself.
I use Libre Office. Host my own mail server/service and manage my own DNS and spam filtering.
I have 12 different mailboxes with over 500 email aliases (built up over 25 years) and in the last 30 days there has been 1 spam email hitting my mailboxes.
No problems.
I presume you are running Linux on your server, desktop and laptop if you dislike Microsoft so much.
I ran Sun Solaris Unix systems back in the 80s and 90s, love love Unix/Linux, but I my line of business it’s Microsoft all the way to Support my clients day to day business including M365.
All Apple devices run versions of Linux including MacOS, another reason why I like it. I also develop for Apple and Android so need cross platform compatibility.
- Sep 25, 2023
- 781
- 974
- Funster No
- 99,038
- MH
- Swift Sundance 590RS
I also have an Honor Android phone I bought for £100 last year and an Android Samsung Tablet for testing Android Apps I develop. Needs must.
It is what I do for a living. But that aside my advice about buying your own domain and getting a mail service with alias was not meant for everyone and I did say
Yes, Linux on everything these day. Although I do have a separate hard drive with Windows on it for when I need to support clients and can't remember how to do things.
If your work requires microsoft then fair play. We all have to make compromises to earn a living.
No Apple devices are based on BSD not Linux. Both related to Unix kind of but different beasts. OS/X and IOS are related to linux like 2nd or 3rd cousins but more different than alike after recent years with Systemd etc.
BSD is getting more an more attractive as I miss the init.d days.
Subscribers do not see these advertisements
Join us or log in to post a reply.
To join in you must be a member of MotorhomeFun
Join MotorhomeFun
Join us, it quick and easy!
Log in
Already a member? Log in here.