Fastway/Parcel Connect

odyssey06 · 12-03-2021 06:41PM

fryup wrote: »

is it only littlewoods customers affected?

No I don't think so, I haven't used littlewoods and was emailed by Fastway.

Pipmae · 12-03-2021 06:42PM

fryup wrote: »

is it only littlewoods customers affected?

No - my email specifically says it's as a result of a Smyths Toystore delivery.

SteM · 12-03-2021 06:47PM

fryup wrote: »

is it only littlewoods customers affected?

Got an ail from them because they're used by homestore +more.

12-03-2021 06:51PM

McGaggs wrote: »

Nobody has an account with fastway, no passwords were released. The worry here is that addresses and phone numbers are now associated with names and emails, and that could allow someone to convince Amazon for example to allow a password reset and take over the account with stored card details in it.

The Facebook notification is clearly someone who doesn't have the password, but is trying to get in. Could this attack be using an old password from an old back that's associated with an email address, if a phone number and address are used as security questions....

That would just mean you got a password reset mail or message to your email and phone of which the hackers have no access

The J Stands for Jay · 12-03-2021 06:55PM

Niner leprauchan wrote: »

That would just mean you got a password reset mail or message to your email and phone of which the hackers have no access

For most things, yes, but I've read a couple of articles about how people have had Amazon accounts taken over by 'hackers' phoning up or using we chat.

About 10 years ago, I was having a conversation about this type of thing, and one of the lads said there was no way someone could get access to your accounts. I told him I would, and I managed to post something daft from his Facebook account. I had to get his Gmail password reset in order to get into his Facebook. All I had was name, address and dob.

thomas 123 · 12-03-2021 06:57PM

I got it too - komplette.ie

Also having all of that data could authenticate you with a lot of service providers and get them to share account data with you.

fryup · 12-03-2021 07:05PM

so what are we saying here - are our credit card details at risk??

odyssey06 · 12-03-2021 07:08PM

fryup wrote: »

so what are we saying here - are our credit card details at risk??

No - name, address, email address and mobile phone number.

fryup · 12-03-2021 07:23PM

odyssey06 wrote: »

No - name, address, email address and mobile phone number.

so more phone calls from new delhi then? :cool:

Darc19 · 12-03-2021 08:46PM

L1011 wrote: »

The TKMaxx one affected US data.

Right now, having name + address + mobile number of people who are using a courier firm is a gold mine for people sending fake "due to Brexit you need to pay customs at this website" scam texts. This will be used, and people will fall for it as the messages will be far more custom than before. "Mary Murphy, we have a package for delivery to you at 123 Scam Street".

Phone books haven't had mobile numbers since about 1993.

Those who send out scam texts will not go to the bother of a list when they can send 1,000,000 random numbers a text in a few minutes.

People enter their mobile numbers on tons of stuff, they blab to the world on Facebook and Instagram, they put their work life on LinkedIn.

There's feck all value in name address and email lists.

The laugh I got today was the Snowflake on radio who gave his full name and local area and said he was "concerned". Feckin eejit.

I put his name into Facebook and from one PUBLIC photo I was able to find his address.

A quick Google and I found his phone number and email as he is involved in a local soccer club and his phone number and email was there on their Facebook page.

I spent less than a minute to show someone at work how ridiculous his whining was.

L1011 · 12-03-2021 09:01PM

The hit rate from 1m random numbers is going to be far, far less than the hit rate from highly personalised scams.

This data is hugely valuable in the wrong hands, and you are showing a complete lack of knowledge of why in trying to claim it isn't.

They have up to date, presumably very accurate info that can be used to craft extremely convincing scams full of info that people assume isn't easily available - and they have hundreds of thousands of those records.

What scammers aren't going to do is try construct equivalent info from a hugely time intensive (one minute times four hundred thousand records) trawl of multiple sources to do the same; so your comparison is pointless.

C3PO · 12-03-2021 09:04PM

Fastway .... the gift that keeps giving!
They always struggle to deliver my parcels but apparently had no trouble giving my details away!

12-03-2021 09:08PM

McGaggs wrote: »

For most things, yes, but I've read a couple of articles about how people have had Amazon accounts taken over by 'hackers' phoning up or using we chat.

About 10 years ago, I was having a conversation about this type of thing, and one of the lads said there was no way someone could get access to your accounts. I told him I would, and I managed to post something daft from his Facebook account. I had to get his Gmail password reset in order to get into his Facebook. All I had was name, address and dob.

Absolutely, if you know the person well enough it can still be done but the hacker won't be able to answer any of the security questions and I'm pretty sure not knowing your own mother's maiden name would blow your cover.

12-03-2021 09:10PM

L1011 wrote: »

The hit rate from 1m random numbers is going to be far, far less than the hit rate from highly personalised scams.

This data is hugely valuable in the wrong hands, and you are showing a complete lack of knowledge of why in trying to claim it isn't.

They have up to date, presumably very accurate info that can be used to craft extremely convincing scams full of info that people assume isn't easily available - and they have hundreds of thousands of those records.

What scammers aren't going to do is try construct equivalent info from a hugely time intensive (one minute times four hundred thousand records) trawl of multiple sources to do the same; so your comparison is pointless.

But they don't. It's mostly public information that's already available.

I'm not saying it's of no value at all but it's low grade and mostly of use in indirect scams.

L1011 · 12-03-2021 09:12PM

Niner leprauchan wrote: »

But they don't. It's mostly public information that's already available.

I'm not saying it's of no value at all but it's low grade and mostly of use in indirect scams.

Its not information that's available in one place, effectively pre-verified and up-to-date and perfect for crafting extremely convincing scams that bypass many of the standard things people check for - does it address me by name being a huge one drilled in by banks, Paypal and so on.

With this you have a name, email, address, mobile number, knowledge that the data is up to date, knowledge that the person shops online or by phone, knowledge that the person presumably has some money - so a good chance of a much higher hit % than a scattergun scam or even trying to build something just off harvested email addresses with assumed to be accurate names.

If you (meaning posters in general) don't understand how valuable this is for scammers, I really, really hope you have no control over other peoples data in any way, shape or form.

12-03-2021 09:20PM

L1011 wrote: »

Its not information that's available in one place, effectively pre-verified and up-to-date and perfect for crafting extremely convincing scams that bypass many of the standard things people check for - does it address me by name being a huge one drilled in by banks, Paypal and so on.

If you (meaning posters in general) don't understand how valuable this is for scammers, I really, really hope you have no control over other peoples data in any way, shape or form.

It's easily crafted. Voters register has your name and address. From there you can locate the rest depending on the person. The more naive and open online people for example.

However, the reality is that its highly unlikely to result in any of your accounts being hacked and will most likely be used for phishing.

Again, phishing isn't high level. It's certainly an issue to be aware of but by being informed of the breech, people should have enough cop on to not fall for it.

No, I'm not a data controller for anyone

L1011 · 12-03-2021 09:25PM

Voting register is only available for inspection in person in print form except for the edited register of the few people who opt-in for spam post. That is tiny these days. The labour intensivity of that is off the scale.

This is likely to be used for basically spear-phishing and it will catch out a lot of people who think they have the cop-on and would easily avoid a scattergun scam.

Darc19 · 12-03-2021 09:29PM

L1011 wrote: »

Voting register is only available for inspection in person in print form except for the edited register of the few people who opt-in for spam post. That is tiny these days. The labour intensivity of that is off the scale.

This is likely to be used for basically spear-phishing and it will catch out a lot of people who think they have the cop-on and would easily avoid a scattergun scam.

This is scaremongering BS. You need to be called out for this. It's something a rag like the daily muck would come out with.

This is very low value information and unlikely to be much value to anyone.

L1011 · 12-03-2021 09:37PM

Darc19 wrote: »

This is scaremongering BS. You need to be called out for this. It's something a rag like the daily muck would come out with.

This is very low value information and unlikely to be much value to anyone.

I'm not scaremongering in the slightest. This is what criminals do with data.

You can continue to try claim its not important, but it doesn't change reality.

whiterebel · 12-03-2021 09:39PM

Mod - Can everyone please take it down a notch. There has been a breach, and information is out there. We now need to be be careful of any suspicious emails and texts.

12-03-2021 09:58PM

thewolfisloose wrote: »

Data breaches are common enough. There are online platforms you can run your email address through to see if they've been involved in a data breach such as ArkOwl.

Got email from fastway and homestore and more earlier.

How do ArkOwl know whether my email has been involved in a data breach? Isn’t someone like fastway giving ArkOwl that info yet another breach of my data? I’m confused.

whiterebel · 12-03-2021 10:05PM

Strawberry Milkshake wrote: »

Got email from fastway and homestore and more earlier.

How do ArkOwl know whether my email has been involved in a data breach? Isn’t someone like fastway giving ArkOwl that info yet another breach of my data? I’m confused.

As far as I'm aware companies like that run a comparison of your email address (which you give them) against the lists of emails that have been exposed in breaches.

12-03-2021 10:13PM

whiterebel wrote: »

As far as I'm aware companies like that run a comparison of your email address (which you give them) against the lists of emails that have been exposed in breaches.

But how do they know who’s been exposed in breaches? Someone has to provide them with that email in order to cross reference with the email I give them.

whiterebel · 12-03-2021 10:30PM

There are usually lists of details that have been exposed that circulate after the event.

12-03-2021 10:53PM

whiterebel wrote: »

Mod - Can everyone please take it down a notch. There has been a breach, and information is out there. We now need to be be careful of any suspicious emails and texts.

Exactly

12-03-2021 10:57PM

L1011 wrote: »

Voting register is only available for inspection in person in print form except for the edited register of the few people who opt-in for spam post. That is tiny these days. The labour intensivity of that is off the scale.

This is likely to be used for basically spear-phishing and it will catch out a lot of people who think they have the cop-on and would easily avoid a scattergun scam.

No it's not. I can look people up at vote.ie and irishfamilyhistorycentre.com

Phishing is not high quality, it's high quantity.

If you continue to disagree, produce your evidence please.

odyssey06 · 12-03-2021 11:03PM

Niner leprauchan wrote: »

No it's not. I can look people up at vote.ie and irishfamilyhistorycentre.com
Phishing is not high quality, it's high quantity.
If you continue to disagree, produce your evidence please.

Where is the list on vote.ie of names and addresses of voters?

VG31 · 12-03-2021 11:28PM

odyssey06 wrote: »

Where is the list on vote.ie of names and addresses of voters?

You can check if someone is on the voter register but you have to know their name and address.

odyssey06 · 12-03-2021 11:30PM

VG31 wrote: »

You can check if someone is on the voter register but you have to know their name and address.

Yes thats what I thought from using checktheregister.

Its hardly comparable to possessing a prepared list of names and addresses

whiterebel · 13-03-2021 12:50AM

Mod - Put an end to the speculation about what it may mean. All its doing is dragging it off topic and generating reports.

Fastway/Parcel Connect

Comments