Did FXPansion's e-mail get hacked? [FX: Server breach & sender spoofing. Details at end of thread] - Page 4 - Fxpansion.com

Forum

FXpansion Forum

Did FXPansion's e-mail get hacked? [FX: Server breach & sender spoofing. Details at end of thread]

General FX news, discussion, and a place to speak your mind

Moderators: Drew_BFDTeam, Andreas_FX, Rory_FX, Rhi_FX, Paul_fx, clare_fx, SKoT_FX, Steve_FX, john emrich, Mully_FX, mayur_FX, Angus_FX, Moderators

pokitbot
Posts: 2
Joined: Sat Nov 03, 2012 8:57 am

Postby pokitbot » Thu May 30, 2013 11:27 pm

However they got the information it must of been more recent than "a few years ago" as fxpansion did not have my details then.

richardworm
Posts: 2
Joined: Fri Nov 25, 2011 11:00 pm

Postby richardworm » Fri May 31, 2013 3:00 am

I just got this email just now so these cheeseburgers are still hijacking the Fxpansion name.

User avatar
SKoT_FX
Promulgator of Beats
Posts: 2419
Joined: Tue Sep 21, 2004 9:51 am
Location: FX Australia, Perth
Contact:

Postby SKoT_FX » Fri May 31, 2013 4:51 am

* "A few years ago" was the last time we saw an unauthorized access to one of our servers (not an important one), and to the best of our knowledge at the time, nothing happened. We are of course revisiting that incident to check.
* We have been gather information to pin down the date at which the email address list was obtained in whatever way.
* I repeat: we store NO financial details. We don't even get them. Unlike Sony.
* At this stage there is no information to suggest anything except email addresses have been compromised, and we're still trying to determine how many.
* Spoofing an email to make it look like it comes from a different address is incredibly easy. There are websites everywhere that will do it for you.
* I had a pretty "frank" talk with NCMedia and the "Affliliate Marketing Solution" provider ClickBank last night, and they are cooperating with our enquires to find the supposed "rogue affiliate". We remain open to all possibilities, and won't be taking anything at face value.
* Please excuse the pace of informational updates - we are pretty busy checking everything is locked down, and performing interrogations.
SKoT McDonald
CTO FXpansion]

Spectralis
Posts: 6
Joined: Fri Sep 22, 2006 6:58 pm

Postby Spectralis » Fri May 31, 2013 5:30 am

I've just received another email from those scammers. There is no doubt that they are using FXpansions client email list to spam us. I find it unbelievable that these scammers are still at it and have got this list. They MUST have breached FXpansions security to get the list. Not 3 years ago but recently. Either FXpansions is not investigating this incident thoroughly enough or they are holding information back from us.

Whether they have got financial details or not isn't the main issue. The fact that they have our email addresses is bad enough! It shows that FXpansions security is not effective and needs to be fixed asap. I will only feel confident about this company again once I receive an explanation about how this happened and what has been put in place to make sure it never happens again.

User avatar
SKoT_FX
Promulgator of Beats
Posts: 2419
Joined: Tue Sep 21, 2004 9:51 am
Location: FX Australia, Perth
Contact:

Postby SKoT_FX » Fri May 31, 2013 7:45 am

I'm being completely frank and open, Spectralis, and reporting developments as we find them.

There are all manner of methods for harvesting email addresses without actually breaking into our servers. Email is a notoriously insecure way to communicate. As I said just above your post, at the moment we have no evidence of a break in, but will continue to pursue that as an important line of enquiry until we have resolved this.

We have pretty much half the company on this at the moment (everyone who has the relevant technical skills).

We are still eager to gather whatever evidence arises - so if another bout of email has gone out, can you please send it to me - skot AT fxpansion.com - INCLUDING all the send/receive headers (don't just fwd the email - this vital information will be stripped). This will help us pin down the rat bag. They are stripping all fxpansion staff from the list, so we don't get them directly.
SKoT McDonald

CTO FXpansion]

Platinum Samples
Posts: 4926
Joined: Fri Jun 16, 2006 5:43 pm
Location: Los Angeles, CA
Contact:

Postby Platinum Samples » Fri May 31, 2013 6:02 pm

My question is.. If they're blaming this on a rogue affiliate how come the links don't have any parameters for them to identify the affiliate. When I checked the shortened url's they just went straight to their website with no parameters... So how would they know which "affiliate" sent them the customer?

This is highly suspect to me.

Rail
Image

Platinum Samples
Posts: 4926
Joined: Fri Jun 16, 2006 5:43 pm
Location: Los Angeles, CA
Contact:

Postby Platinum Samples » Fri May 31, 2013 6:58 pm

Doing more research it appears that bitly keeps track of all click throughs.. so the spammer/thief here must have a bitly account so they can measure their click throughs to get paid.. and the bitly privacy policy is clear - they will share their registered user's information when the URL's created have been used for fraud.

https://bitly.com/pages/privacy

I understand the spammer/thief also used Native Instruments' emails as well.

Rail
Image

f0g
Posts: 7
Joined: Tue Jul 27, 2010 9:42 am

Postby f0g » Fri May 31, 2013 10:38 pm

got another email , 3am UK time.. from the IP in the header, they seem to be coming from the US

both originate from

Geo-Location Information

Country United States
State/Region CA
City Encinitas
Latitude 33.037
Longitude -117.292
Area Code 760

I sent them an email .. not nicely worded.. :) but well if they use stolen information, they are gonna get a nice message

User avatar
SKoT_FX
Promulgator of Beats
Posts: 2419
Joined: Tue Sep 21, 2004 9:51 am
Location: FX Australia, Perth
Contact:

Postby SKoT_FX » Sat Jun 01, 2013 8:06 am

Further update: it appears VirtualDJ is now being spoofed as a source of emails as well. If you are a VirtualDJ customer, but NOT an FXpansion customer (how are you on our forum... ah well, excuse cut n paste posting ;) ), we would be interested to hear from you to establish if there are a bunch of music software companies that have been compromised, or whether it is just a new "from" address spoof going to our customer's email addresses.

ClickBank are shutting down new aliases of the spammer as fast as we report them. DubTurbo is assisting us in gathering as much information as we can.

The spammer is apparently in Europe, but that is all ClickBank will say for now. We've traced the various source servers to a variety of locations, so they are hopping about. Time to get legal on ClickBank to open up...

- SKoT
SKoT McDonald

CTO FXpansion]

Platinum Samples
Posts: 4926
Joined: Fri Jun 16, 2006 5:43 pm
Location: Los Angeles, CA
Contact:

Postby Platinum Samples » Sat Jun 01, 2013 8:09 am

Hi SKoT,

You should have legal contact bitly as well.

Cheers,

Rail
Image

pmac342002
Posts: 1
Joined: Wed Dec 05, 2012 11:54 pm

Postby pmac342002 » Sun Jun 02, 2013 7:54 pm

I got the email and fell for it. I believed it to be associated with fxpansion. Anyway, long story made short, it is real instruments that work as advertised, but not of fxpansion level quality. I was pissed when I came to the fxpansion site and discovered that they were not associated with fxpansion. I filed a grievance thru PayPal. The next day ClickBank refunded my money.
My impression of DubTurbo is that they are EXTREMELY gimmicky, and not for serious musicians. The product is more of a beginner's toy. They do deliver what they claim, but their marketing is way over the line tacky. I am very relieved to learn the fxpansion is not associated with them.

Phillytee
Posts: 1
Joined: Wed Aug 25, 2010 1:30 am

Dub Turbo harmless nonsense or something more sinister?

Postby Phillytee » Wed Jun 05, 2013 11:47 pm

Got the Dub Turbo spam email, although the email ended up in my spam folder I opened it, it looked very dubious (no pun intended) read it wondered why this nonsense would be anything to do with Fxpansion then deleted it.
Thought nothing more about it until today when my email account got hacked from somewhere in Poland according to my account activity monitor, received a load of email failure daemons from random sources maybe that's how they got in. Now locked down my account again, not 100% sure the Dubturbo email was to blame but they must of got my email address from somewhere.
I am always pretty cautious when dealing with emails etc. but I guess these people have way too much time on their hands and the Internet is still full of holes.
P.S. the weird thing is they upgraded my email account, something I have held off for ages due to the new version being worse than the old version, seems I can't go back to the old version for some reason but hey-ho hope that's all they did.

Science
Posts: 14
Joined: Sun Oct 24, 2010 10:35 pm

Did anyone catch this?......

Postby Science » Wed Jun 19, 2013 11:46 pm

http://www.dubturbo.com/affiliates.html


WE HAVE DECIDED TO CLOSE OUR AFFILIATE PROGRAM

AS OF THURSDAY, MAY 30, 2013



Dear ClickBank DUBturbo affiliates::

It’s been an amazing 3 years of growth for us, and we owe a lot of that to you loyal affiliates. You’ve been there with us through thick and thin, through competitors, attacks, and delayed upgrades... to helping create a great lucrative business for all involved.

I knew the day would come that DUBturbo might experience a lot of turbulence and backlash from our affiliates, and we’ve weathered a lot of storms. For every 1000 amazing whitehat affiliates, there’s probably a dozen or so absolutely blackhat/questionable affiliates to contrast the good. In this eco-system, that’s sometimes all it takes to kill what would be a lucrative longer term successful affiliate program.

We’ve unfortunately come to a cross roads where the benefits of having an affiliate program are not anywhere equal to the loss we are experiencing and damage control we seem to constantly be on due to overboard campaigns and these dirty dozen (however we have had 56,000 affiliates, not 1000, that’s a lot of dirty dozens)…

Due to recent unfortunate events - we have decided to suspend the dubturbo affiliate program effective immediately until we have a more transparent system in place where each affiliate is profiled and held accountable for any illegal activity to us or any third party or brand harmed during your promotions. You are still accountable now, however getting your info takes a longer legal process than if we have you on file, profiled, and can reach out to you directly.

We hope this happens when we launch 2.5 or shortly after, and we will start to implement a white-list where after each successful interview and full profiling session - you will be approved manually for the program and campaign commission will go back to normal.

In the interim :: We can’t simply ‘turn off’ the program. We have rebills, upsells, different commission structures, etc. So while we are in limbo:

* All affiliates who have rebills will continue to get their monthly commission un-interrupted until they cancel.

* We’ve had over 56,000 affiliates promote us from 220 countries and make sales in over 70 of them since launching. This is colossal, and removing this system is not something we are enjoying having to do. However, we are no longer able to, nor wish to have anonymous clickbank affiliates represent the brand.

* Our network does not allow vendors to have contact with or screen affiliates directly through their system – perhaps due to security or other creative fraud that that might allow, so we have been forced to remove our program and not only start over, but really heavily think about how to incorporate this when we are ready. There are 30,000+ other products you are free to promote in the meantime at ClickBank as you've been doing for our brand - if you'd like to change your links to other vendors while we restructure we encourage it, and deeply apologize for any inconvenience or loss this sensitive move may have caused anyone.
Thank you,
The DUBturbo team.

Science
Posts: 14
Joined: Sun Oct 24, 2010 10:35 pm

You know what......

Postby Science » Wed Jun 19, 2013 11:57 pm

I almost feel a little bit sorry for them.... In the big scheme of things, think about all the Piracy they have stopped lol - While kids are using this program we know they are not running cracked VSTs and DAWs... It's a legit business idea at the end of the day and they are suffering now quite rightly for a lax approach to their affiliate program... it's been an interesting little episode and I still hope we get to the bottom of how we ended up getting suspect email from fxpansion... The best tradesmen know the value of good tools ;) - G'night

User avatar
Rhi_FX
Posts: 55
Joined: Tue Aug 22, 2006 10:51 am
Location: FXpansion HQ
Contact:

Update from FXpansion:

Postby Rhi_FX » Thu Jun 27, 2013 5:51 pm

We have identified the source of the intrusion, closed the security hole and run a full analysis of the breach. This analysis has determined:

User names, first names, and email addresses were accessed from our web server without permission.
No customer passwords were taken, and no other personal details were taken.
No customer financial details (accounts/credit card numbers etc.) are stored by us and none were accessed.

Information on the identity of the individual responsible has been passed on to the appropriate authorities.

We have reviewed our security and redoubled our efforts to ensure it meets best practice. We apologise for the inconvenience to our customers and assure them that we will do our utmost to prevent any future breach.


Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 95 guests