Silk Road forums
Support => Customer support => Topic started by: CrystalMethod uk on May 13, 2013, 10:58 pm
-
I have been trying to log on to my vendor account for days now and and have just found out my account has been hacked and all sorts of stuff that i do not have in stock are listed, also i have just contacted admin with a similar message to this, Does anyone have any advice on what other steps i should take? my main concern being anyone buying from that account will be ripped off by whoever hacked it.
-
Did you provide your password and PIN anywhere? Perhaps to a link in a message over on SR?
If you've already created a new account and sent a message to Vendor Support, then that's all you can do at this point ... though you may want to consider warning your customers about the fact that someone else is in control of your account.
-
Yeah that is exactly what happened, i clicked on a link in a message that i received in my vendor account and entered my password, I was then asked for my pin which i did not provide, I then closed the link and have been unable to log on since, which i put down to the recent problems sr has been having recently, Thanks for the advice anyway.
cm.
-
Yeah that is exactly what happened, i clicked on a link in a message that i received in my vendor account and entered my password, I was then asked for my pin which i did not provide, I then closed the link and have been unable to log on since, which i put down to the recent problems sr has been having recently, Thanks for the advice anyway.
cm.
That message was a scam and has been widely discussed on the forums recently. If you had verified the PGP signature, you'd have seen it wouldn't verify (because it was fake - copied and pasted at the beginning and end of the message).
You'll need to start a new account and from there, message Vendor Support to let them know what's going on. I've let the admins know about the situation so hopefully they can freeze your account before too many of your customers get scammed.
In the future, please be more careful with your account information - it's your customers who suffer in these situations because they're being scammed and any of them who provided their shipping info unencrypted have now possibly had their sensitive information compromised.
-
Yeah that is exactly what happened, i clicked on a link in a message that i received in my vendor account and entered my password, I was then asked for my pin which i did not provide, I then closed the link and have been unable to log on since, which i put down to the recent problems sr has been having recently, Thanks for the advice anyway.
cm.
The fact that you did not give them your PIN may be your saving grace here, CrystalMethod uk. Other vendors have had their accounts cleaned out. Please make a thread in the main Silk Road discussion forum similar to the following in order to let your customers know what has happened:
http://dkn255hz262ypmii.onion/index.php?topic=158092.0
http://dkn255hz262ypmii.onion/index.php?topic=157748.0
It is important to note that any customers that placed orders but did not encrypt their addresses via PGP have now had their details compromised. You will have to let them know that. Not sure why the people currently in control of your account are requesting FE if they can't get the money out, but perhaps they're attempting to brute-force your PIN - I hope it is sufficiently complex!
In any case, Silk Road will NEVER ask you for your PIN, and any changes such as a vendor panel etc., were they to happen, would be signed with DPR's public key which you should ALWAYS verify.
Libertas
EDIT: scout got there before me! :)
-
that's what i thought i said, Lib!
-
Bad times, a top UK vendor albeit quiet recently. Hope you get this resolved mate.
-
Thanks everyone for all the advice, The account has now been closed thankfully, Does anyone know what happens to outstanding orders in this situation, I know of one guy that ordered after the account was compromised but never f/e'd, will he get his money back?
-
And, come to think of it, any that f/e'd, The btc should still be in the account, The pin for the account is good. i checked on a website that tells how secure your passwords are and mine said it would take something like 814 million years to crack.
-
Wow. So one of my first SR orders and this happens.
What does it mean if my address is 'compromised'?
I'm really very worried and dissapointed now.
Is there anything at all I can do?
-
Thanks everyone for all the advice, The account has now been closed thankfully, Does anyone know what happens to outstanding orders in this situation, I know of one guy that ordered after the account was compromised but never f/e'd, will he get his money back?
If the scammer who was in control of your account was unable to withdraw the funds (because they didn't have your PIN) then yes, you should be able to provide refunds to those who did finalize early for the scammer.
-
Thanks everyone for all the advice, The account has now been closed thankfully, Does anyone know what happens to outstanding orders in this situation, I know of one guy that ordered after the account was compromised but never f/e'd, will he get his money back?
If the scammer who was in control of your account was unable to withdraw the funds (because they didn't have your PIN) then yes, you should be able to provide refunds to those who did finalize early for the scammer.
If the account is closed, is it still possible to recieve a refund?
-
Been lurking for a while, finally decided to get active :)
Anyhoozle...what are you supposed to do if you've ordered from cm without fe so that it doesn't go to auto-fe in the end?
-
Been lurking for a while, finally decided to get active :)
Anyhoozle...what are you supposed to do if you've ordered from cm without fe so that it doesn't go to auto-fe in the end?
I believe that all you'll need to do is wait 4 days until the "resolve" option becomes available and then click on that so it takes it to the resolution center. From there, you can request a refund, and be sure you mention the fact that this is because the order was with a vendor whose account was compromised and now closed.
Speaking of which ... I'm unclear on this part:
The account has now been closed thankfully.
When you say it has been closed - do you mean permanently? Or are they resetting the password for you so you can eventually use your vendor account again?
-
Locked as no response from OP in over 24 hours, despite them being online. The issue has been resolved as the vendor account in question has been suspended.
Libertas