Anyone have their account hacked? Mine was but I recovered it.

[vanhalen26]

Some jerk hacked my account and even put up an expensive classified ad hoping to capitalize on my feedback.

It took a couple tries but I got it back. And I notified people who had replied to the bogus ad.

I’ve now secured the account with dual factor authentication, changed to a new email address, and updated the password. So I’m pretty sure I’m good.

He also turned on every notification available but I think I’ve got those settings back to where I wanted them.

So it was frustrating but it’s taken care of. I tried to get help from the admins, but it was late at night and I couldn’t reach them.

Anyone else have anything like this on head-fi? As far as I know, it’s the first time I’ve lost an account to a hack, so I guess I’ve actually been somewhat lucky to date.

 

[HipHopScribe]

How does this even happen? Shouldn’t they need access to your password to hack your account?

simple passwords or reused passwords that have been compromised in leaks

 

[vanhalen26]

It was a reused password that appeared in an old leak. A couple years ago I updated my passwords for most sites I have active accounts with, but forgot about head-fi and never really saw it as a risk. And in reality - it would suck to lose this account from a hack as I have a lot of messages and history that I do refer to, but there's no financial loss for me. I highly suspect it was from a reused password that has appeared on leaks vs a breach of the head-fi database. Seems like I'm the only unlucky one with the issue.

These scammers are something though. He takes my account, posts some really expensive item at a big discount, and hopes for a quick sale based on my positive feedback and tenure. But in reality, I have very few sales here and its not some crazy great account to have hacked. I more of a browser and occasional chatter. I guess they know what they are doing. As soon he became aware that I had some control by updating the password, he buggered off. Then I changed the email so he couldn't log back in. But he turned every notification under the sun on for my account, so it took some tinkering to get it back to how I like it.

 

[megabigeye]

You're definitely not the only one. I've noticed and reported several obviously hacked accounts within the last couple on months. They're usually incredibly obvious to me... Usually a low post count member, suddenly active after many years, making a handful of non-headphone related or totally inane posts before offering up something slightly too-good-to-be-true (but still believable) but still expensive in the classifieds section. There have also been a handful of users making posts complaining that their accounts have been hacked and warning others that the items they have for sale are not real.

 

[vanhalen26]

You're definitely not the only one. I've noticed and reported several obviously hacked accounts within the last couple on months. They're usually incredibly obvious to me... Usually a low post count member, suddenly active after many years, making a handful of non-headphone related or totally inane posts before offering up something slightly too-good-to-be-true (but still believable) but still expensive in the classifieds section. There have also been a handful of users making posts complaining that their accounts have been hacked and warning others that the items they have for sale are not real.

Thanks, good to know. So quite possibly a data breach at some point.

The scammer knew what to do and was quite quick at it, so maybe they do have access to headfi info.

My suggestion to anyone reading this is add 2fa to your account. It’s a pain in the ass but it’ll protect you. Personally I used the Authenticator app for that. It’s user friendly.