dutnguye is saying he was hacked, and today he had a quick sale -he posted over at AT and ssaid he heatware was hacked as well. This is a FYI

learners permit

[H]ard|Gawd
Joined
Jun 15, 2005
Messages
1,295
Yea the listing is still there wth is going on with the admins there? This should have been dealt with swiftly.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Has anybody actually gotten a response from heat23 ? I know several people from multiple forums mentioned reaching out to him, but is there any chance he lost access to his account(s) as well and that's why the fraudulent listings remain up? You would think fraudulent listings being on your site where people could be actively losing money due to sending crypto to a scammer would warrant spending the time to at least take the listings down? Maybe when you guys are reaching out it's just going to a scammer that hacked his accounts too? His account was logged in here yesterday, but maybe that was somebody that managed to get a hold of his credentials?
 

Lateralus

More [H]uman than Human
Joined
Aug 7, 2004
Messages
17,718
Has anybody actually gotten a response from heat23 ? I know several people from multiple forums mentioned reaching out to him, but is there any chance he lost access to his account(s) as well and that's why the fraudulent listings remain up? You would think fraudulent listings being on your site where people could be actively losing money due to sending crypto to a scammer would warrant spending the time to at least take the listings down? Maybe when you guys are reaching out it's just going to a scammer that hacked his accounts too? His account was logged in here yesterday, but maybe that was somebody that managed to get a hold of his credentials?
If that ever happened, you’d think that he would have backdoor/admin access to the database and could reset it himself without having to do it through the website like we do.
 

Gillbot

[H]F Junkie
Joined
Feb 27, 2001
Messages
8,490
Has anybody actually gotten a response from heat23 ? I know several people from multiple forums mentioned reaching out to him, but is there any chance he lost access to his account(s) as well and that's why the fraudulent listings remain up? You would think fraudulent listings being on your site where people could be actively losing money due to sending crypto to a scammer would warrant spending the time to at least take the listings down? Maybe when you guys are reaching out it's just going to a scammer that hacked his accounts too? His account was logged in here yesterday, but maybe that was somebody that managed to get a hold of his credentials?
He’s notoriously hard to get in touch with. Heat himself is the only admin of the site but there are a few that have some privileges and can help.
Yea the listing is still there wth is going on with the admins there? This should have been dealt with swiftly.
Admin….. heat himself is the only main admin. I’ve reached out to everyone I can unfortunately. If anyone has better contact info, I’m all ears.
If that ever happened, you’d think that he would have backdoor/admin access to the database and could reset it himself without having to do it through the website like we do.
He does, I believe he does the programming there.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Wonder how many got owned this time.

Probably a bunch. Based on what kirbyrj and I had posted earlier, it seems obvious it's somebody that knows forum etiquette, hardware, etc. No big surprise that they would have a video card in hand they could write a name on.

It seems incredibly likely Heatware was breached and the username/password list from there is being used to infiltrate this site and Anandtech(others?) for scamming. Exercise extreme caution. I don't recall ever seeing anything like this on forums in the last 20+ years. We seriously need a response from heat23, how many thousands of dollars(I'm thinking $5k+ is in the wind already?) will get scammed before there's at least a "yes we got breached" or "no, we have no signs of a breach"
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Just posted to Anandtech-

Hello

I know it is not the place, but trying to protect fellow traders at hardforum.com - My account stolen and they changed the email. I created a new account, but cant email admins until it is approved. If you guys contact admins there and maybe see if someone open post with my account and let the possible buyers know?

my username is TurK-FX in hardforum as well.
 

Anh N.

Gawd
Joined
Feb 3, 2007
Messages
874
Just posted to Anandtech-

Hello

I know it is not the place, but trying to protect fellow traders at hardforum.com - My account stolen and they changed the email. I created a new account, but cant email admins until it is approved. If you guys contact admins there and maybe see if someone open post with my account and let the possible buyers know?

my username is TurK-FX in hardforum as well.
O wow, thnx for passing info along.
 

LFaWolf

[H]ard|Gawd
Joined
Aug 7, 2016
Messages
1,373
Another one? - https://hardforum.com/threads/fs-used-evga-geforce-rtx-3080-ftw3-ultra-gaming-10gb.2015323/ I've done business with that seller before and it went well, so if it's not a hacked account my apologies, but it certainly follows the theme. How many people sent crypto payment?
Oh crud, yeah, Turk-FX just posted on Anandtech that indeed his H account has been compromised and this is a SCAM! I believe Heat has been compromised and the hacker is trying all the passwords from Heat with other forums and doing this scam. I wonder if H needs to temporarily lock the FS/FT subsection for now. I think we should, judging by how many people have fallen for this 3080 thread.
 

heat23

Weaksauce
Joined
May 20, 2009
Messages
89
Hey all - I am still actively reviewing and responding DMs/emails/threads regarding this topic, but wanted to provide an update after analyzing system logs and access patterns. It appears that at maximum 5 Heatware accounts may have been compromised in the past week with the same/similar pattern as dutnguye. This appears to be a contained and isolated event. No breach has occurred on the Heatware servers or database. All passwords are stored using security best practices and in-transit requests are secured through SSL.
 

thecold

[H]ard|Gawd
Joined
Nov 12, 2017
Messages
1,217
No. Stop paying with crypto and insist on PP G&S.

If paypal doesn't work with you on G&S, use your credit card company.

Also at 1100, that's an immediate sale on an rtx 3080 non-lhr. Like within 30 seconds to 2 minutes.
 
Joined
Jan 16, 2013
Messages
3,822
I just fell for it. Lesson learned.

For transparency I sent eth to this address.

https://etherscan.io/address/0xea0a9e1db1c7569d5217da15c9b427bd08faffc1

It was immediately transferred to a much larger wallet with close to $11M worth of ethereum.

https://etherscan.io/address/0x832f166799a407275500430b61b622f0058f15d6

Looks like I'm the only one so far based on eth to this one address.
Sorry to hear that. I PM'd him after 4+ people did and asked if it was still available, I knew if he said yes it was highly likely a scam.
 

Gillbot

[H]F Junkie
Joined
Feb 27, 2001
Messages
8,490
Hey all - I am still actively reviewing and responding DMs/emails/threads regarding this topic, but wanted to provide an update after analyzing system logs and access patterns. It appears that at maximum 5 Heatware accounts may have been compromised in the past week with the same/similar pattern as dutnguye. This appears to be a contained and isolated event. No breach has occurred on the Heatware servers or database. All passwords are stored using security best practices and in-transit requests are secured through SSL.
Thanks for the update and all your hard work!
 

Crosshairs

Administrator
Staff member
Joined
Feb 3, 2004
Messages
25,262
Hey all - I am still actively reviewing and responding DMs/emails/threads regarding this topic, but wanted to provide an update after analyzing system logs and access patterns. It appears that at maximum 5 Heatware accounts may have been compromised in the past week with the same/similar pattern as dutnguye. This appears to be a contained and isolated event. No breach has occurred on the Heatware servers or database. All passwords are stored using security best practices and in-transit requests are secured through SSL.
can you provide me with a list of those 5 accounts so I can check if they are members here and possibly get ahead of this?

Well actually, I already know 2 of them, so just the remaining 3 would be great
 

antok86

[H]F Junkie
Joined
Feb 26, 2006
Messages
8,409

owcraftsman

[H]ard|Gawd
Joined
Feb 3, 2007
Messages
1,090
Not sure if this one was caught but LouPoir was selling a 3080ti @ 1000 bitcoin. The for sale thread has since been removed as of today because it was there yesterday and posted the 11th. I tried to hop on it but felt something was up when I got no response for 20 hrs. So I did some digging and finally found this thread. I should have known it was too good to be true.

Thanks to the OP, much appreciated, I have been spared. Too bad Heatware doesn't have 2fa.
 

bluestang

Gawd
Joined
Dec 14, 2018
Messages
718
Seems Ovreclock.net as well so watch out there as well. I got an email notice over at OverClock.et forum about a a new Thread in the FS/Video Card section:

turk-fx posted a new discussion "FS Used Evga GeForce RTX 3080 FTW3 ULTRA GAMING 10GB" to a forum you are following

EVGA GeForce RTX 3080 FTW3 Ultra Gaming 10GB KR Model: NOT hash rate limited Product has used for mining and is in excellent physical and working condition. Product purchased on 12/12/2020 and manufacturer warranty will be valid through 12/12/2023 Product will be packed in my new card's...
View Discussion View All Following
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314

Jinto

[H]ard|Gawd
Joined
Aug 10, 2006
Messages
1,824
2FA isn't the problem. Upfront payment by crypto is just a bad idea. Reputation is great and all but society functions in large part via the fear of consequences. With an upfront crypto payment there is practically zero fear as no one will be able to or bother to track that money.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
2FA isn't the problem. Upfront payment by crypto is just a bad idea. Reputation is great and all but society functions in large part via the fear of consequences. With an upfront crypto payment there is practically zero fear as no one will be able to or bother to track that money.
You're not wrong, but everybody really needs to enable 2FA at this point here and at any other forum they're able to, change their passwords at all of them and make sure the passwords are not shared between sites. At least with the attack vector that currently exists(credentials lifted from elsewhere used to gain access to this forum's accounts) it would prevent it from happening and people are already out thousands of dollars.

Human nature is to think "my stuff is secure, I couldn't be hacked" etc. but this is hitting long standing members of the community that I'm sure thought the same thing. Nobody expects their credentials to get breached from another site, and 2FA prevents those credentials from being used fraudulently.
 

trasixes

Gawd
Joined
Feb 18, 2010
Messages
896
I agree with most folks in this thread - some good advice being shared. Crypto is typically a no-go for me, unless it is an item that is tough to find elsewhere, and the seller goes through the proper steps to show me the sale is legit. Even then, there is serious pause. I've known about the 2FA here on Hardforum, but I hadn't enabled it. This thread was the kick in the pants I needed to remedy that - it is active now. We really need to get heatware.com onboard with 2FA.

To the people scammed - I'm really sorry this happened to you. It doesn't matter how it happened, you don't deserve it, and I truly hope it works out in your favor.
 

Zinn

2[H]4U
Joined
Jan 31, 2010
Messages
3,133
I've transacted with dutnguye many times in the past and actually met him in person a couple of times to do trades back when I lived in the SF Bay Area. he has always been a stand-up guy and for whatever it's worth i take him at his word when he says his account was compromised.
 

TheHig

[H]ard|Gawd
Joined
Apr 9, 2016
Messages
1,127
So unfortunate for all affected by this. Thanks to the community for raising awareness and working to deal with any scammers around here. This should serve as a reminder to all to go through all your PW and make sure none are duplicated and all are strong. This kind of thing can happen to anyone and we must remain vigilant.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
These accounts have had suspicious activity recently...
thegunner100, dutnguye, LouPoir, TurK-FX, boshuter, batch71, hkklife, hardassthe1
I appreciate you posting back with that information. Is there any chance at all that the whole Heatware username/password database was compromised? Knowing the answer to that would help the admins of this and other sites make informed decisions on if doing a sitewide password reset, etc. would be beneficial.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Let's face it if my account with ~64 positive Heatware posted today "I have non LHR 3080's for $1100 a piece but you have to pay via ethereum to ___ address" I would probably get 20 PM's right away all ready to send it.
Man I just put two and two together and realized that's exactly what happened(down to the exact price) in the Turk-FX scam - https://hardforum.com/threads/fs-used-evga-geforce-rtx-3080-ftw3-ultra-gaming-10gb.2015323/ Really messed up, either that's a major coincidence or the scammer is reading this thread.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Quote the whole message -

Hey all - I am still actively reviewing and responding DMs/emails/threads regarding this topic, but wanted to provide an update after analyzing system logs and access patterns. It appears that at maximum 5 Heatware accounts may have been compromised in the past week with the same/similar pattern as dutnguye. This appears to be a contained and isolated event. No breach has occurred on the Heatware servers or database. All passwords are stored using security best practices and in-transit requests are secured through SSL.

These accounts have had suspicious activity recently...
thegunner100, dutnguye, LouPoir, TurK-FX, boshuter, batch71, hkklife, hardassthe1

Man that's not 5 accounts...

Edit - I'm not trying to be negative to heat23 but it's super important to identify possible exposure early in a breach and perform corrective measures such as enforcing password resets, etc. My guess is that heat23 is looking at server logs to see if there are multiple accounts being logged in from the same IP, identifying the scammer IP and checking what accounts it logged into, etc. If there is any chance at all that the whole DB was compromised, forum admins(not just here) would have to at least consider forcing a site wide password reset since so many people apparently share credentials between the sites.
 
Last edited:

SOSTrooper

Limp Gawd
Joined
Jun 30, 2009
Messages
477
Thanks for the good information everyone. I'm not super active nor a lifer but I do post on FS/FT forum. I just enabled 2FA and changed my pw to protect everyone.
 

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
[H]/s response to scammers?
 

Attachments

  • ezgif-4-d01d0505f7d4.gif
    ezgif-4-d01d0505f7d4.gif
    293.3 KB · Views: 2

Icecold

Limp Gawd
Joined
Jul 21, 2013
Messages
314
Seriously though, if Crosshairs or FrgMstr have the ability to lock out everybody's account and require them to have email access to get back in, or force a password change on next login, now would be the time.

Hopefully this doesn't get me banned-
 

Attachments

  • ezgif.com-gif-maker (1).gif
    ezgif.com-gif-maker (1).gif
    1.3 MB · Views: 2
Top