Jump to content

Arbiter breach


Recommended Posts

  • Replies 49
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Use (multifactor authentication) MFA wherever you can (at least where it matters - banks, social media, computer, phone, anywhere with PII or financial info) - use an authenticator app if you have a s

Speaking as a computer nerd... This means they're not doing things right. If they're properly encrypting, it should take trillions of CPU-hours to decrypt that. Yes, trillions. Oh, and sin

Continuing to follow this... I was wondering if any of our members with IT/Security specific knowledge could chime in with additional tips. I'm definitely going to look into lastpass.  

24 minutes ago, KenBAZ said:

Yes, I received it as well. Data security is a huge concern.


Sent from my SM-G975U using Tapatalk
 

Absolutely. And the list of things they lost in the breach is definitely concerning!

Minor frustration on my part is that I couldn't remember my stupid password. So changing it was a real pain.

Link to post
Share on other sites
4 hours ago, spiffdawg7 said:

I have multiple Arbiter accounts, but did not receive an email from Arbiter or Arbiter pay saying anything about a security breach??? I wonder why that is. 

Delays in snail mail delivery.

Link to post
Share on other sites
6 hours ago, wolfe_man said:

Typical from Arbiter.  I really dislike this site.  Now all my info is on the dark web most likely.  Oh I know they say they deleted it, but how do we know that?

I'd kill to be back with Arbiter.  We were forced by the AHSAA to switch to Dragonfly Max. What a disaster!

Link to post
Share on other sites

I got the letter today in the mail. From the letter: "What  information was involved? The database files involved contained account user name and password, name, address, date of birth, email address, and social security. The passwords and social security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data."

This is the first time that a company has told me directly that my information is compromised.

They are offering a one year membership to Experian Identity Works

Link to post
Share on other sites
On 8/26/2020 at 9:38 PM, BT_Blue said:

Did anyone else get an email from Arbiter regarding a breach in security?

Yes, I got my letter yesterday.  Coincidentally, I got a message from AOL that my main email (the one I used on Arbiter) was attempting to change the password--probably trying the one I used on Arbiter.  That hacker lives in Vietnam!  If you use Arbiter, pay attention to the letter and change your password ASAP!

Mike

Link to post
Share on other sites
1 hour ago, noumpere said:

It's generally the standard of what is offered.  I've received similar letters from a couple of schools, a few stores, maybe a credit card (I forget).

I think I got a 2 year offer from a bank once.  But you're not wrong, 1 year seems to be the standard.   Although, the standard doesn't normally involve they got everything on you (name, SS#, username, PW, birth date, etc.) - the normal is one of these, not all of these at once.

These crooks got all they need to open credit in our names pretty much.  And I'd bet dollars-to-doughnuts it's out on the dark web already. 

If you weren't going to, I'd wholly recommend taking them up on the 1 year offer of credit watch/ID protection.

  • Like 1
Link to post
Share on other sites
2 hours ago, Tborze said:

Our association recently received an email (supposedly) from our assignor stating he was out of town and asking for money to get home.  

Hmm...?

That's also a common scam -- any I've received those before the arbiter snafu (note that I am NOT trying to defend them here -- just that we probably can't blame EVERY upcoming scam / password attempt on this break in)

Link to post
Share on other sites

Couple of tips from your local cyber guy - this is what I do for a living.

First - do NOT reuse your password across websites...those who hacked Arbiter now have a set of passwords that they will attempt at any website you can imagine to see what works...and more than half of them likely will work somewhere else - Amazon, Linkedin, banks, etc, etc. 

Also - use this resource - https://haveibeenpwned.com/ - it will give you an idea of what breaches have found your email address...and what else with it.

Link to post
Share on other sites

Looks like the security breach is for accounts that have arbiterpay. I called Arbitersports and this is what I was told. Makes sense when some did not get an alert while some did. The officials in my chapter who did not use arbiterpay did not receive an alert. I have since deleted my arbiterpay account.


Sent from my iPhone using Tapatalk

Link to post
Share on other sites
52 minutes ago, MRG9999 said:

 I have since deleted my arbiterpay account.

Your information is already out there most likely.

At a minimum, I’d change passwords for your other accounts using the same email address that Arbiter used.

I would strongly recommend taking advantage of the free credit/ID protection also.

Link to post
Share on other sites
Your information is already out there most likely.
At a minimum, I’d change passwords for your other accounts using the same email address that Arbiter used.
I would strongly recommend taking advantage of the free credit/ID protection also.

I already took advantage of the free credit ID protection. Changed passwords as well. Ran a report after setting up the free credit ID protection and so far nothing seems to be fraudulent.


Sent from my iPhone using Tapatalk
  • Like 1
Link to post
Share on other sites
10 hours ago, Jimurray said:

This is the second free experian sign I got. The first was another data hack from a backup server on a site I used in the past. Makes me wonder if we are getting shooed to experian. A previous government hack gave me Myidcare. 

The breached company can choose a provider.  I've had other hacks and received "protection" from one of the other credit reporting companies.

Link to post
Share on other sites
On 8/28/2020 at 9:42 PM, Jimurray said:

This is the second free experian sign I got. The first was another data hack from a backup server on a site I used in the past. Makes me wonder if we are getting shooed to experian. A previous government hack gave me Myidcare. 

It’s a business that “specializes “ in this type of transaction and is one of the biggest (maybe the biggest). They probably come out on the top of the google search.

Link to post
Share on other sites

Speaking as a computer nerd...

On 8/27/2020 at 7:52 PM, Forest Ump said:

"What  information was involved? The database files involved contained account user name and password, name, address, date of birth, email address, and social security. The passwords and social security numbers were encrypted in the file, but the unauthorized party was able to decrypt the data."

This means they're not doing things right. If they're properly encrypting, it should take trillions of CPU-hours to decrypt that. Yes, trillions.

Oh, and since I've got my computer nerd hat on - listen to @beerguy55's advice above, too. If you need help setting up a separate password for each site, I suggest LastPass (though there are several competitors which are probably as good, that's just the one I happen to use).

  • Like 4
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.






×
×
  • Create New...