Warning that's circulating

chmuse · Monday at 10:27 AM

Been posted in a few of my discords and forums.

If someone smarter than me can chime in and explain, it'd be welcome, because it sounds like it was a breach of your device itself, not just your passwords and accounts. Staying logged in on a device that also had stored credentials for your financial institution is the problem, is the gist I am getting.

exploitedworkerbee · Monday at 10:31 AM

That platform was a sketchy junk show from the jump. It’s possible the forum owner, who has always been trying to figure out how to monetize his involvement in the peptide community, finally did so.

hexagonal · Monday at 10:33 AM

As someone who works in this field, some of these comments do not make sense. Being able to sniff unencrypted traffic does not allow you to hijack someone's IP address. Using a web app should not allow someone to compromise your device - this would be a major vulnerability in the web browser itself.

Using a VPN will not help you if you are sending sensitive information across an unencrypted website - it will only encrypt the traffic in between you and the VPN you are connecting to, and not the traffic between the VPN and Pepchat.

If I had to guess, they are sending files that people are downloading and those are installing backdoors or similar, or they are being phished or otherwise scammed into giving people sensitive information.

chmuse · Monday at 10:34 AM

exploitedworkerbee said:
That platform was a sketchy junk show from the jump. It’s possible the forum owner, who has always been trying to figure out how to monetize his involvement in the peptide community, finally did so.

I'm gathering that it's the Revolt one. I have an account, but when I click it I'm logged out, and now I'm afraid to log in and see the dealio. Might grab one of my old phones and format it before logging in, but I'm kind of dumb when it comes to this stuff. Maybe I shouldn't try it on my home wifi.

hexagonal · Monday at 10:39 AM

Looks like it does have a valid SSL cert and attempting to connect over http force redirects to https.

That doesn't mean that whoever is running it can't see all of your messages, however. Treat it as if the "staff" for the peptide.chat server can see everything you send, and for further safety, assume that there is always a chance that they can/will be compromised, so even if you trust them for whatever reason, do not trust that they will forever be the only ones with access to the data.

chmuse · Monday at 10:45 AM

hexagonal said:
Looks like it does have a valid SSL cert and attempting to connect over http force redirects to https.

That doesn't mean that whoever is running it can't see all of your messages, however. Treat it as if the "staff" for the peptide.chat server can see everything you send, and for further safety, assume that there is always a chance that they can/will be compromised, so even if you trust them for whatever reason, do not trust that they will forever be the only ones with access to the data.

I wonder what's really going on. I have an account, but I don't think I've ever actually posted there.

Are you implying Bee can see all my messages with Oyster?

Oh man, I'm doomed.

hexagonal · Monday at 10:51 AM

chmuse said:
I wonder what's really going on. I have an account, but I don't think I've ever actually posted there.

Are you implying Bee can see all my messages with Oyster? Oh man, I'm doomed.

Without an addon allowing it I don't believe moderators can see PM contents by default in XenForo.

Anyone with access to the database the PMs are stored in can read 'em, though.

chmuse · Monday at 10:56 AM

hexagonal said:
Without an addon allowing it I don't believe moderators can see PM contents by default in XenForo.

Anyone with access to the database the PMs are stored in can read 'em, though.

Got it, Zippity can probably see my DM's. Oh noooo.

hexagonal · Monday at 11:01 AM

chmuse said:
Got it, Zippity can probably see my DM's. Oh noooo.

View attachment 5564

This is why we need to take the discussion about this peptide purchase out of DMs, please click this link to purchase your Reta 30 kit for $.30/mg: hxxp://totallysafewebsite.ru/DefinitelyNotABackdoor.doc.exe

chmuse · Monday at 11:03 AM

hexagonal said:
This is why we need to take the discussion about this peptide purchase out of DMs, please click this link to purchase your Reta 30 kit for $.30/mg: hxxp://totallysafewebsite.ru/DefinitelyNotABackdoor.doc.exe

Oh, thank you! That sounds much safer. Why is it asking for my credit card, though?

Edit: I put in my credit card and nothing happened, should I try my debit card?

hexagonal · Monday at 11:05 AM

chmuse said:
Oh, thank you! That sounds much safer. Why is it asking for my credit card, though?

Edit: I put in my credit card and nothing happened, should I try my debit card?

Debit card, your mother's maiden name, your social security number, the name of the street you grew up on, the name of your first dog, and your favorite teacher from high school.

chmuse · Monday at 11:09 AM

hexagonal said:
Debit card, your mother's maiden name, your social security number, the name of the street you grew up on, the name of your first dog, and your favorite teacher from high school.

My real answers, or the fake ones I use for security questions?

hexagonal · Monday at 11:21 AM

chmuse said:
My real answers, or the fake ones I use for security questions?

Both. Please identify which is which!

chmuse · Monday at 11:25 AM

hexagonal said:
Both. Please identify which is which!

Ok, it asked for my work email and told me to click the link they send me and download the file on my work server. Now what?

chmuse · Monday at 11:27 AM

I don't know why the CEO needs me to buy so many apple gift cards to give out at his conference, but he says it's very important and time sensitive.

exploitedworkerbee · Monday at 12:31 PM

chmuse said:
I wonder what's really going on. I have an account, but I don't think I've ever actually posted there.

Are you implying Bee can see all my messages with Oyster? Oh man, I'm doomed.

I can’t but it’s possible that Zippity can. Not sure how things work on the back end. It would be safest to assume we can though.

chmuse · Monday at 1:33 PM

Updates via other forums/ discussions:

Possibly just drama and shit stirring.

Most likely dummies who use the same passwords for grey market sites as their financial institutions.

Don't click links from randos.

Albdown · Monday at 2:18 PM

I

chmuse said:
Updates via other forums/ discussions:

Possibly just drama and shit stirring.

Most likely dummies who use the same passwords for grey market sites as their financial institutions.

Don't click links from randos.

Dont appreciate being called a dummy. You mean we're not supposed to use the same password for everything? But 'password123' is so easy to remember!

chmuse · Monday at 2:21 PM

Albdown said:
I

Dont appreciate being called a dummy. You mean we're not supposed to use the same password for everything? But 'password123' is so easy to remember!

At least mine is longer.

KeAnGKoNgLvR42069!

Uppercase, lowercase, numbers, AND symbols!

Windingroads06 · Monday at 5:32 PM

Albdown said:
I

Dont appreciate being called a dummy. You mean we're not supposed to use the same password for everything? But 'password123' is so easy to remember!

You're gonna do just fine.

Warning that's circulating

Public Nuisance

Moderator

Unreliable Narrator

Public Nuisance

Unreliable Narrator

Public Nuisance

Unreliable Narrator

Public Nuisance

Unreliable Narrator

Public Nuisance

Unreliable Narrator

Public Nuisance

Unreliable Narrator

Public Nuisance

Public Nuisance

Moderator

Public Nuisance

New_Member

Public Nuisance

Less is More

Trending content

Forum statistics

Share this page