Jump to content
BT_Blue

Arbiter breach

Recommended Posts

Yes, I received it as well. Data security is a huge concern.


Sent from my SM-G975U using Tapatalk

Share this post


Link to post
Share on other sites
24 minutes ago, KenBAZ said:

Yes, I received it as well. Data security is a huge concern.


Sent from my SM-G975U using Tapatalk
 

Absolutely. And the list of things they lost in the breach is definitely concerning!

Minor frustration on my part is that I couldn't remember my stupid password. So changing it was a real pain.

Share this post


Link to post
Share on other sites

Typical from Arbiter.  I really dislike this site.  Now all my info is on the dark web most likely.  Oh I know they say they deleted it, but how do we know that?

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
55 minutes ago, wolfe_man said:

Typical from Arbiter.  I really dislike this site.  Now all my info is on the dark web most likely.  Oh I know they say they deleted it, but how do we know that?

IT was probably already out there.

  • Like 1

Share this post


Link to post
Share on other sites

I have multiple Arbiter accounts, but did not receive an email from Arbiter or Arbiter pay saying anything about a security breach??? I wonder why that is. 

Share this post


Link to post
Share on other sites
27 minutes ago, noumpere said:

IT was probably already out there.

LOL - touche!   I really hoped not, but I'm not naive - and you're probably right.

Share this post


Link to post
Share on other sites
4 hours ago, spiffdawg7 said:

I have multiple Arbiter accounts, but did not receive an email from Arbiter or Arbiter pay saying anything about a security breach??? I wonder why that is. 

Delays in snail mail delivery.

Share this post


Link to post
Share on other sites
6 hours ago, wolfe_man said:

Typical from Arbiter.  I really dislike this site.  Now all my info is on the dark web most likely.  Oh I know they say they deleted it, but how do we know that?

I'd kill to be back with Arbiter.  We were forced by the AHSAA to switch to Dragonfly Max. What a disaster!

Share this post


Link to post
Share on other sites

I got the letter today in the mail. From the letter: "What  information was involved? The database files involved contained account user name and password, name, address, date of birth, email address, and social security. The passwords and social security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data."

This is the first time that a company has told me directly that my information is compromised.

They are offering a one year membership to Experian Identity Works

Share this post


Link to post
Share on other sites
10 hours ago, Forest Ump said:

 

They are offering a one year membership to Experian Identity Works

Somehow doesn’t feel like enough...

Share this post


Link to post
Share on other sites
On 8/26/2020 at 9:38 PM, BT_Blue said:

Did anyone else get an email from Arbiter regarding a breach in security?

Yes, I got my letter yesterday.  Coincidentally, I got a message from AOL that my main email (the one I used on Arbiter) was attempting to change the password--probably trying the one I used on Arbiter.  That hacker lives in Vietnam!  If you use Arbiter, pay attention to the letter and change your password ASAP!

Mike

Share this post


Link to post
Share on other sites
9 hours ago, wolfe_man said:

Somehow doesn’t feel like enough...

It's generally the standard of what is offered.  I've received similar letters from a couple of schools, a few stores, maybe a credit card (I forget).

Share this post


Link to post
Share on other sites
1 hour ago, noumpere said:

It's generally the standard of what is offered.  I've received similar letters from a couple of schools, a few stores, maybe a credit card (I forget).

I think I got a 2 year offer from a bank once.  But you're not wrong, 1 year seems to be the standard.   Although, the standard doesn't normally involve they got everything on you (name, SS#, username, PW, birth date, etc.) - the normal is one of these, not all of these at once.

These crooks got all they need to open credit in our names pretty much.  And I'd bet dollars-to-doughnuts it's out on the dark web already. 

If you weren't going to, I'd wholly recommend taking them up on the 1 year offer of credit watch/ID protection.

  • Like 1

Share this post


Link to post
Share on other sites

Our association recently received an email (supposedly) from our assignor stating he was out of town and asking for money to get home.  

Hmm...?

Share this post


Link to post
Share on other sites
2 hours ago, Tborze said:

Our association recently received an email (supposedly) from our assignor stating he was out of town and asking for money to get home.  

Hmm...?

That's also a common scam -- any I've received those before the arbiter snafu (note that I am NOT trying to defend them here -- just that we probably can't blame EVERY upcoming scam / password attempt on this break in)

Share this post


Link to post
Share on other sites

Couple of tips from your local cyber guy - this is what I do for a living.

First - do NOT reuse your password across websites...those who hacked Arbiter now have a set of passwords that they will attempt at any website you can imagine to see what works...and more than half of them likely will work somewhere else - Amazon, Linkedin, banks, etc, etc. 

Also - use this resource - https://haveibeenpwned.com/ - it will give you an idea of what breaches have found your email address...and what else with it.

Share this post


Link to post
Share on other sites

Looks like the security breach is for accounts that have arbiterpay. I called Arbitersports and this is what I was told. Makes sense when some did not get an alert while some did. The officials in my chapter who did not use arbiterpay did not receive an alert. I have since deleted my arbiterpay account.


Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
52 minutes ago, MRG9999 said:

 I have since deleted my arbiterpay account.

Your information is already out there most likely.

At a minimum, I’d change passwords for your other accounts using the same email address that Arbiter used.

I would strongly recommend taking advantage of the free credit/ID protection also.

Share this post


Link to post
Share on other sites
Your information is already out there most likely.
At a minimum, I’d change passwords for your other accounts using the same email address that Arbiter used.
I would strongly recommend taking advantage of the free credit/ID protection also.

I already took advantage of the free credit ID protection. Changed passwords as well. Ran a report after setting up the free credit ID protection and so far nothing seems to be fraudulent.


Sent from my iPhone using Tapatalk
  • Like 1

Share this post


Link to post
Share on other sites

This is the second free experian sign I got. The first was another data hack from a backup server on a site I used in the past. Makes me wonder if we are getting shooed to experian. A previous government hack gave me Myidcare. 

Share this post


Link to post
Share on other sites
10 hours ago, Jimurray said:

This is the second free experian sign I got. The first was another data hack from a backup server on a site I used in the past. Makes me wonder if we are getting shooed to experian. A previous government hack gave me Myidcare. 

The breached company can choose a provider.  I've had other hacks and received "protection" from one of the other credit reporting companies.

Share this post


Link to post
Share on other sites
On 8/28/2020 at 9:42 PM, Jimurray said:

This is the second free experian sign I got. The first was another data hack from a backup server on a site I used in the past. Makes me wonder if we are getting shooed to experian. A previous government hack gave me Myidcare. 

It’s a business that “specializes “ in this type of transaction and is one of the biggest (maybe the biggest). They probably come out on the top of the google search.

Share this post


Link to post
Share on other sites

Add it to the list of ways our stuff is on the dark web. They aren't the first and won't be the last. Welcome to the new age.

Share this post


Link to post
Share on other sites

Speaking as a computer nerd...

On 8/27/2020 at 7:52 PM, Forest Ump said:

"What  information was involved? The database files involved contained account user name and password, name, address, date of birth, email address, and social security. The passwords and social security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data."

This means they're not doing things right. If they're properly encrypting, it should take trillions of CPU-hours to decrypt that. Yes, trillions.

Oh, and since I've got my computer nerd hat on - listen to @beerguy55's advice above, too. If you need help setting up a separate password for each site, I suggest LastPass (though there are several competitors which are probably as good, that's just the one I happen to use).

  • Like 4

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...