[Ansteorra] URGENT WARNING - Possible hacking or abuse of acceps contact emails

Paul Foster sir.rhodri at gmail.com
Fri Aug 5 18:43:41 PDT 2011


Haraldr,

When you say ACCEPS, do you mean when you are registering for an event, or
when you are entering your credit card information to pay for the event?
ACCEPS only gets registration information, which is kept in the database,
and I agree with the admin, we have not been hacked.  Your payment
information is entered to Verisign/Paypal.  We don't control that
information in any way, not even to see it.  The email on the payment
information is optional and I don't know if Paypal markets it in any way.

The email address you enter to identify the registration is not provided to
anyone.  That is only for internal use in case we need to contact someone
about the registration.

The only time email addresses are captured as part of the registration
process are wars, like Gulf Wars.  Those addresses are sent to stewards /
exchequers as part of the registration information.

Rhodri

On Tue, Aug 2, 2011 at 6:28 PM, Haraldr Bassi <ansteorra at haraldr.drakkar.org
> wrote:

> It is indeed possible that the address was harvested outside of the acceps
> system, but the only place that address, which has acceps as part of the
> email address, was ever used was in acceps and it would only have been
> emailed inside of a spreadsheet to event stewards or exchequers. Not as
> likely to have been harvested from a spreadsheet as from a Database
> compromise or some other place. Don't know that I've ever emailed anyone
> from that address, but it is possible that it ended up in someone's email
> address book to be harvested.
>
> Haraldr
>
>
> On 8/2/11 4:55 PM, Kerry Pratt wrote:
>
>> If Acceps had been hacked I doubt that person gaining your information
>> would have any need to get you to a phishing
>> site.  More likely, the address that you used, even though you used it
>> exclusively on Acceps, was probably data mined
>> from somewhere.  I will still have our server admin look into the
>> possibility that the database has been compromised but
>> I am fairly confident that it is just a phishing expedition, as you
>> indicate in your letter.
>>
>> Everyone, please realize that, to the best of my knowledge, Acceps will
>> NEVER send you an unsolicited email.  If you
>> ever receive something, either from Acceps OR anyone else that says they
>> represent this Kingdom, that you find to be
>> questionable, please, feel free to ask me about it first.  I am more than
>> willing to investigate any problem or email
>> that may compromise the security of our system or attack our members.
>>
>> William Cameron deBlakstan
>> Webminister, Ansteorra
>>
>> -----Original Message-----
>> Sent: Tuesday, August 02, 2011 2:56 PM
>> Subject: [Ansteorra] URGENT WARNING - Possible hacking or abuse of acceps
>> contact emails
>>
>> Greetings,
>>
>> I've just received nine emails directly to a unique email address that I
>> use exclusively for acceps payments. They imply
>> a security issue that is being investigated (basic phishing attempt). I
>> wouldn't follow any of the links in their email.
>>
>>
>> ______________________________**_________________
>> Ansteorra mailing list
>> Ansteorra at lists.ansteorra.org
>> In order to make changes and manage your account please go to:
>> http://lists.ansteorra.org/**listinfo.cgi/ansteorra-**ansteorra.org<http://lists.ansteorra.org/listinfo.cgi/ansteorra-ansteorra.org>
>>
> ______________________________**_________________
> Ansteorra mailing list
> Ansteorra at lists.ansteorra.org
> In order to make changes and manage your account please go to:
> http://lists.ansteorra.org/**listinfo.cgi/ansteorra-**ansteorra.org<http://lists.ansteorra.org/listinfo.cgi/ansteorra-ansteorra.org>
>



More information about the Ansteorra mailing list