Did FXPansion's e-mail get hacked? [FX: Server breach & sender spoofing. Details at end of thread] - Fxpansion.com

Forum

FXpansion Forum

Did FXPansion's e-mail get hacked? [FX: Server breach & sender spoofing. Details at end of thread]

General FX news, discussion, and a place to speak your mind

Moderators: Drew_fx, john emrich, Mully_FX, mayur_FX, Angus_FX, Andreas_FX, Rory_FX, Rhi_FX, Paul_fx, clare_fx, SKoT_FX, Steve_FX, Moderators

User avatar
rictheobscene
Posts: 14
Joined: Thu May 05, 2005 2:12 pm
Location: Right between the cutoff and resonance knobs
Contact:

Did FXPansion's e-mail get hacked? [FX: Server breach & sender spoofing. Details at end of thread]

Postby rictheobscene » Tue May 28, 2013 12:11 pm

[SKoT: Jumping in at the top of this thread, apologies]

We are pretty sure it was just an email address sniffer, probably during a newsletter mail out a few years back. Your personal details should be safe in this scenario; but most particularly your credit card details, which are not stored or even processed by FXpansion, are as safe as Paypal / HSBC can make them.

Our investigations continue to ensure no future spam appearing to originate from us occurs.

[End SKoT]


I got an e-mail from info at fxpansion dot com about some product called Dub Turbo.

Everything about it screams scam.

I can't see this being a legitimate mail from FXPansion, which leads me to believe that their info box got hacked.

fnordbak
Posts: 9
Joined: Sat Jan 13, 2007 10:57 pm

Re: Did FXPansion's e-mail get hacked????

Postby fnordbak » Tue May 28, 2013 2:57 pm

rictheobscene wrote:I got an e-mail from info at fxpansion dot com about some product called Dub Turbo.

Everything about it screams scam.

I can't see this being a legitimate mail from FXPansion, which leads me to believe that their info box got hacked.

I just received it too.

Send from fxpansion <info@fxpansion.com>:

It is here!

Dub Turbo has been released as of 2pm EST today!

You can get yours at a dishere and get making real music straight away:

......

User avatar
purtington
Posts: 2954
Joined: Wed May 16, 2007 9:37 am
Location: Bristol UK
Contact:

Postby purtington » Tue May 28, 2013 3:04 pm

Interesting.

I watched the video on their site a while ago for some reason and everything about it seemed like bullshit
to me. Like they think think their target audience are stupid and anyone spending a lot of money on drum software
is a complete idiot.

Not had the email myself but this is dubturbo http://www.dubturbo.com/

I wonder where the link takes you ?

Steve
Last edited by purtington on Thu May 30, 2013 9:04 am, edited 1 time in total.
https://soundcloud.com/steve-corr

GA-X58A-UD3R,
Intel i7 930, 2.8Ghz, Overclocked at 3.40Ghz
12GB Corsair DDR3 Ram
WD Caviar Black, 6Gb X 2
+ 500GB SSD drive for BFD Samples
focusrite scarlett 2i4
Windows 10 + windows 7 32bit

User avatar
rictheobscene
Posts: 14
Joined: Thu May 05, 2005 2:12 pm
Location: Right between the cutoff and resonance knobs
Contact:

Postby rictheobscene » Tue May 28, 2013 3:11 pm

purtington wrote:Interesting.

I watched the video on their sire a while ago for some reason and everything about it seemed like bullshit
to me. Like they think think their target audiance are stupid and anyone spending a lot of money on drum software
is a complete idiot.

Not had the email myself but this is dubturbo http://www.dubturbo.com/

I wonder where the link takes you ?

Steve


I didn't follow it. The best defense against malware is to not click on anything that looks suspicious. I just have a hard time believing that FXPansion would endorse something that pathetic.

Drew_fx
Posts: 3827
Joined: Fri Jul 21, 2006 5:32 pm
Location: London, UK

Postby Drew_fx » Tue May 28, 2013 3:18 pm

Hi guys,

We are looking into this. This has nothing to do with us, and we do not endorse it. It looks like our info email address has been spoofed.

User avatar
rictheobscene
Posts: 14
Joined: Thu May 05, 2005 2:12 pm
Location: Right between the cutoff and resonance knobs
Contact:

Postby rictheobscene » Tue May 28, 2013 3:31 pm

Hi Drew:

Thanks for looking into it.

Unfortunately, I think it is a bit more than a spoof, as it appears to have went out to your contact list. I sure as hell didn't give that jackwagon my e-mail address, and it is not an address I use publicly (e. g. facebook, etc.).

josephlevie
Posts: 42
Joined: Sun Jan 16, 2005 12:21 am

Postby josephlevie » Tue May 28, 2013 7:51 pm

I also received it. It was so lame looking, I can't imagine anyone falling for it. My spam filter pointed out that it was spam, but, the email address it's from looks legit. At least enough for me to uncheck it as spam from my browser in fear of not getting future email from fxpansion.
Last edited by josephlevie on Tue May 28, 2013 8:14 pm, edited 1 time in total.
Mac 2 x 3.2 GHz Quad-Core Intel Xeon
28 GB RAM
Mac OS X 10.8.4
MOTU Digital Performer 8.04
FXpansion BFD2 v2.3.1.6

Platinum Samples
Posts: 4930
Joined: Fri Jun 16, 2006 5:43 pm
Location: Los Angeles, CA
Contact:

Postby Platinum Samples » Tue May 28, 2013 8:11 pm

Here's the email header:

Code: Select all

Return-Path: <anonymous@webatomicservers.net>
Delivery-Date: Tue, 28 May 2013 15:17:32 -0400
Received: from webatomicservers.net (fadc-c3.fa02.fa2-41.host1.24845.americanis.net [64.87.2.194])
   by mx.perfora.net (node=mxus2) with ESMTP (Nemesis)
   id 0MCbPO-1UZBw94AL4-00912T for xxxxxxx@platinumsamples.com; Tue, 28 May 2013 15:17:32 -0400
Received: (qmail 20894 invoked by uid 48); 28 May 2013 15:13:20 -0000
Date: 28 May 2013 15:13:20 -0000
Message-ID: <20130528151320.20887.qmail@webatomicservers.net>
To: xxxxxxx@platinumsamples.com
Subject: Dub Turbo Has Been Released!
From: fxpansion <info@fxpansion.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-UI-Junk: AutoMaybeJunk +0 ();
  V01:YMPynKGb:GJyCFr6l83afx/kbahrgbrV4WjNRqnDzCxfWjRBdMSo5JTjf09B
  7SLGBGRFCgWaa/GelSFRLQUSnD9RzQMPYDfK9YdkQZ4ssUKGbJ70WSxynBSOzJkU
  YMTWY+vankszo
Envelope-To: xxxxxxx@platinumsamples.com


You can see that the From and the Return-Path are different. You can spam filter on the Return-Path field.

Valid emails from FXpansion have:

Code: Select all

Return-Path: <streamsendbouncer@me-ss2-wdoupu.mailengine1.com>


Rail
Last edited by Platinum Samples on Tue May 28, 2013 8:14 pm, edited 2 times in total.
Image

josephlevie
Posts: 42
Joined: Sun Jan 16, 2005 12:21 am

Postby josephlevie » Tue May 28, 2013 8:14 pm

Thank you, Rail.
Mac 2 x 3.2 GHz Quad-Core Intel Xeon

28 GB RAM

Mac OS X 10.8.4

MOTU Digital Performer 8.04

FXpansion BFD2 v2.3.1.6

User avatar
purtington
Posts: 2954
Joined: Wed May 16, 2007 9:37 am
Location: Bristol UK
Contact:

Postby purtington » Tue May 28, 2013 8:14 pm

He he
I just saw this in my inbox and at the same time noticed one in my spam folder and guess who it was
"allegedly" from?

Steve
https://soundcloud.com/steve-corr

GA-X58A-UD3R,
Intel i7 930, 2.8Ghz, Overclocked at 3.40Ghz
12GB Corsair DDR3 Ram
WD Caviar Black, 6Gb X 2
+ 500GB SSD drive for BFD Samples
focusrite scarlett 2i4
Windows 10 + windows 7 32bit

josephlevie
Posts: 42
Joined: Sun Jan 16, 2005 12:21 am

Postby josephlevie » Tue May 28, 2013 8:21 pm

So, the big question is, did these DUBturbo dudes really do all of this to try to trick us into buying their ridiculous product or did some hack just think it was funny? Or...was it a plot from Toontrack to start a turf war between fxpansion and DUBturbo? Dum dum dum!
Mac 2 x 3.2 GHz Quad-Core Intel Xeon

28 GB RAM

Mac OS X 10.8.4

MOTU Digital Performer 8.04

FXpansion BFD2 v2.3.1.6

Platinum Samples
Posts: 4930
Joined: Fri Jun 16, 2006 5:43 pm
Location: Los Angeles, CA
Contact:

Postby Platinum Samples » Tue May 28, 2013 8:24 pm

I'd guess it was someone trying to get traffic for their affiliate program.. although their website seems highly suspect.

http://www.dubturbo.com/affiliates.html

Sucuri SiteCheck indicates the website is malware free.

Rail
Image

josephlevie
Posts: 42
Joined: Sun Jan 16, 2005 12:21 am

Postby josephlevie » Tue May 28, 2013 8:33 pm

Nasty looking.
Mac 2 x 3.2 GHz Quad-Core Intel Xeon

28 GB RAM

Mac OS X 10.8.4

MOTU Digital Performer 8.04

FXpansion BFD2 v2.3.1.6

taifun
Posts: 55
Joined: Wed Feb 01, 2012 7:01 pm

Postby taifun » Tue May 28, 2013 9:05 pm

I also got the mail, didn't look right so didn't click the link. Guys, your email database has definitely been hacked, how else did they get all your customers email addresses...

phraggle
Posts: 30
Joined: Sat Sep 23, 2006 1:11 pm
Location: nova scotia, canada
Contact:

Postby phraggle » Tue May 28, 2013 9:07 pm

Got the same email. Although it did end up in my gmail spam folder. Good job, Google.


Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests