Fastway/Parcel Connect

L1011 · 12-03-2021 12:51am

Darc19 wrote: »

Didn't see the same uproar when TK Maxx had a data breach and all credit card information was accessed, same with Clarks shoes

Anyone who got this file has already dumped it as it has zero value

The TKMaxx one affected US data.

Right now, having name + address + mobile number of people who are using a courier firm is a gold mine for people sending fake "due to Brexit you need to pay customs at this website" scam texts. This will be used, and people will fall for it as the messages will be far more custom than before. "Mary Murphy, we have a package for delivery to you at 123 Scam Street".

Phone books haven't had mobile numbers since about 1993.

The J Stands for Jay · 12-03-2021 1:01am

I noticed the email from fastway at half an hour ago. In the last 5 minutes I've had two emails from Facebook asking of I've been trying to log in from a new device. Wonder of there's any connection?

dubrov · 12-03-2021 1:20am

McGaggs wrote:

I noticed the email from fastway at half an hour ago. In the last 5 minutes I've had two emails from Facebook asking of I've been trying to log in from a new device. Wonder of there's any connection?

Did you setup a fastway account using the same password?

I'd change your Facebook password now anyway

Masala · 12-03-2021 1:29am

I got the email from Wiggle advising of same.

All Fastway would have on me would be Name Address email and mobile contact.

No2 that some hacker has that 4 pieces of info..... what can I expect to happen next from the hacker... ?? Sell my mobile contact to Who??? Use my email to do what??

thewolfisloose · 12-03-2021 1:59am

Data breaches are common enough. There are online platforms you can run your email address through to see if they've been involved in a data breach such as ArkOwl.

The J Stands for Jay · 12-03-2021 9:33am

dubrov wrote: »

Did you setup a fastway account using the same password?

I'd change your Facebook password now anyway

Nobody has an account with fastway, no passwords were released. The worry here is that addresses and phone numbers are now associated with names and emails, and that could allow someone to convince Amazon for example to allow a password reset and take over the account with stored card details in it.

The Facebook notification is clearly someone who doesn't have the password, but is trying to get in. Could this attack be using an old password from an old back that's associated with an email address, if a phone number and address are used as security questions....

The J Stands for Jay · 12-03-2021 9:35am

Masala wrote: »

I got the email from Wiggle advising of same.

All Fastway would have on me would be Name Address email and mobile contact.

No2 that some hacker has that 4 pieces of info..... what can I expect to happen next from the hacker... ?? Sell my mobile contact to Who??? Use my email to do what??

The email address can be linked to a previous hack. They would now have your name, email, address and phone number. Of they can find your dob, you're in trouble. Time to make sure there's no public posts anywhere that reveal your age and birthday.

SeeMoreBut · 12-03-2021 11:28am

Does this come under gdpr infringement?

So a fine a maximum fine of €20 million (about £18 million) or 4% of annual global turnover – whichever is greater – for infringements.

fryup · 12-03-2021 6:29pm

is it only littlewoods customers affected?

odyssey06 · 12-03-2021 6:41pm

fryup wrote: »

is it only littlewoods customers affected?

No I don't think so, I haven't used littlewoods and was emailed by Fastway.

Pipmae · 12-03-2021 6:42pm

fryup wrote: »

is it only littlewoods customers affected?

No - my email specifically says it's as a result of a Smyths Toystore delivery.

SteM · 12-03-2021 6:47pm

fryup wrote: »

is it only littlewoods customers affected?

Got an ail from them because they're used by homestore +more.

[Deleted User] · 12-03-2021 6:51pm

McGaggs wrote: »

Nobody has an account with fastway, no passwords were released. The worry here is that addresses and phone numbers are now associated with names and emails, and that could allow someone to convince Amazon for example to allow a password reset and take over the account with stored card details in it.

The Facebook notification is clearly someone who doesn't have the password, but is trying to get in. Could this attack be using an old password from an old back that's associated with an email address, if a phone number and address are used as security questions....

That would just mean you got a password reset mail or message to your email and phone of which the hackers have no access

The J Stands for Jay · 12-03-2021 6:55pm

Niner leprauchan wrote: »

That would just mean you got a password reset mail or message to your email and phone of which the hackers have no access

For most things, yes, but I've read a couple of articles about how people have had Amazon accounts taken over by 'hackers' phoning up or using we chat.

About 10 years ago, I was having a conversation about this type of thing, and one of the lads said there was no way someone could get access to your accounts. I told him I would, and I managed to post something daft from his Facebook account. I had to get his Gmail password reset in order to get into his Facebook. All I had was name, address and dob.

thomas 123 · 12-03-2021 6:57pm

I got it too - komplette.ie

Also having all of that data could authenticate you with a lot of service providers and get them to share account data with you.

fryup · 12-03-2021 7:05pm

so what are we saying here - are our credit card details at risk??

odyssey06 · 12-03-2021 7:08pm

fryup wrote: »

so what are we saying here - are our credit card details at risk??

No - name, address, email address and mobile phone number.

fryup · 12-03-2021 7:23pm

odyssey06 wrote: »

No - name, address, email address and mobile phone number.

so more phone calls from new delhi then? :cool:

Darc19 · 12-03-2021 8:46pm

L1011 wrote: »

The TKMaxx one affected US data.

Right now, having name + address + mobile number of people who are using a courier firm is a gold mine for people sending fake "due to Brexit you need to pay customs at this website" scam texts. This will be used, and people will fall for it as the messages will be far more custom than before. "Mary Murphy, we have a package for delivery to you at 123 Scam Street".

Phone books haven't had mobile numbers since about 1993.

Those who send out scam texts will not go to the bother of a list when they can send 1,000,000 random numbers a text in a few minutes.

People enter their mobile numbers on tons of stuff, they blab to the world on Facebook and Instagram, they put their work life on LinkedIn.

There's feck all value in name address and email lists.

The laugh I got today was the Snowflake on radio who gave his full name and local area and said he was "concerned". Feckin eejit.

I put his name into Facebook and from one PUBLIC photo I was able to find his address.

A quick Google and I found his phone number and email as he is involved in a local soccer club and his phone number and email was there on their Facebook page.

I spent less than a minute to show someone at work how ridiculous his whining was.

L1011 · 12-03-2021 9:01pm

The hit rate from 1m random numbers is going to be far, far less than the hit rate from highly personalised scams.

This data is hugely valuable in the wrong hands, and you are showing a complete lack of knowledge of why in trying to claim it isn't.

They have up to date, presumably very accurate info that can be used to craft extremely convincing scams full of info that people assume isn't easily available - and they have hundreds of thousands of those records.

What scammers aren't going to do is try construct equivalent info from a hugely time intensive (one minute times four hundred thousand records) trawl of multiple sources to do the same; so your comparison is pointless.

C3PO · 12-03-2021 9:04pm

Fastway .... the gift that keeps giving!
They always struggle to deliver my parcels but apparently had no trouble giving my details away!

[Deleted User] · 12-03-2021 9:08pm

McGaggs wrote: »

For most things, yes, but I've read a couple of articles about how people have had Amazon accounts taken over by 'hackers' phoning up or using we chat.

About 10 years ago, I was having a conversation about this type of thing, and one of the lads said there was no way someone could get access to your accounts. I told him I would, and I managed to post something daft from his Facebook account. I had to get his Gmail password reset in order to get into his Facebook. All I had was name, address and dob.

Absolutely, if you know the person well enough it can still be done but the hacker won't be able to answer any of the security questions and I'm pretty sure not knowing your own mother's maiden name would blow your cover.

[Deleted User] · 12-03-2021 9:10pm

L1011 wrote: »

The hit rate from 1m random numbers is going to be far, far less than the hit rate from highly personalised scams.

This data is hugely valuable in the wrong hands, and you are showing a complete lack of knowledge of why in trying to claim it isn't.

They have up to date, presumably very accurate info that can be used to craft extremely convincing scams full of info that people assume isn't easily available - and they have hundreds of thousands of those records.

What scammers aren't going to do is try construct equivalent info from a hugely time intensive (one minute times four hundred thousand records) trawl of multiple sources to do the same; so your comparison is pointless.

But they don't. It's mostly public information that's already available.

I'm not saying it's of no value at all but it's low grade and mostly of use in indirect scams.

L1011 · 12-03-2021 9:12pm

Niner leprauchan wrote: »

But they don't. It's mostly public information that's already available.

I'm not saying it's of no value at all but it's low grade and mostly of use in indirect scams.

Its not information that's available in one place, effectively pre-verified and up-to-date and perfect for crafting extremely convincing scams that bypass many of the standard things people check for - does it address me by name being a huge one drilled in by banks, Paypal and so on.

With this you have a name, email, address, mobile number, knowledge that the data is up to date, knowledge that the person shops online or by phone, knowledge that the person presumably has some money - so a good chance of a much higher hit % than a scattergun scam or even trying to build something just off harvested email addresses with assumed to be accurate names.

If you (meaning posters in general) don't understand how valuable this is for scammers, I really, really hope you have no control over other peoples data in any way, shape or form.

[Deleted User] · 12-03-2021 9:20pm

L1011 wrote: »

Its not information that's available in one place, effectively pre-verified and up-to-date and perfect for crafting extremely convincing scams that bypass many of the standard things people check for - does it address me by name being a huge one drilled in by banks, Paypal and so on.

If you (meaning posters in general) don't understand how valuable this is for scammers, I really, really hope you have no control over other peoples data in any way, shape or form.

It's easily crafted. Voters register has your name and address. From there you can locate the rest depending on the person. The more naive and open online people for example.

However, the reality is that its highly unlikely to result in any of your accounts being hacked and will most likely be used for phishing.

Again, phishing isn't high level. It's certainly an issue to be aware of but by being informed of the breech, people should have enough cop on to not fall for it.

No, I'm not a data controller for anyone

L1011 · 12-03-2021 9:25pm

Voting register is only available for inspection in person in print form except for the edited register of the few people who opt-in for spam post. That is tiny these days. The labour intensivity of that is off the scale.

This is likely to be used for basically spear-phishing and it will catch out a lot of people who think they have the cop-on and would easily avoid a scattergun scam.

Darc19 · 12-03-2021 9:29pm

L1011 wrote: »

Voting register is only available for inspection in person in print form except for the edited register of the few people who opt-in for spam post. That is tiny these days. The labour intensivity of that is off the scale.

This is likely to be used for basically spear-phishing and it will catch out a lot of people who think they have the cop-on and would easily avoid a scattergun scam.

This is scaremongering BS. You need to be called out for this. It's something a rag like the daily muck would come out with.

This is very low value information and unlikely to be much value to anyone.

L1011 · 12-03-2021 9:37pm

Darc19 wrote: »

This is scaremongering BS. You need to be called out for this. It's something a rag like the daily muck would come out with.

This is very low value information and unlikely to be much value to anyone.

I'm not scaremongering in the slightest. This is what criminals do with data.

You can continue to try claim its not important, but it doesn't change reality.

whiterebel · 12-03-2021 9:39pm

Mod - Can everyone please take it down a notch. There has been a breach, and information is out there. We now need to be be careful of any suspicious emails and texts.

[Deleted User] · 12-03-2021 9:58pm

thewolfisloose wrote: »

Data breaches are common enough. There are online platforms you can run your email address through to see if they've been involved in a data breach such as ArkOwl.

Got email from fastway and homestore and more earlier.

How do ArkOwl know whether my email has been involved in a data breach? Isn’t someone like fastway giving ArkOwl that info yet another breach of my data? I’m confused.

Fastway/Parcel Connect

Comments