Clubregistration Hacked?

Reply Subscribe

Thread Tools

Search this Thread

08-09-2018, 03:42 PM

#16

dan212

Rennlist Member

Join Date: Sep 2007

Location: NYC

Posts: 1,671

Likes: 422

Received 136 Likes on 97 Posts

I got the same ransomeware email. Same unique address in use.

Quote:

Originally Posted by ZAPmobile

My wife (also a PCA member) and I reported this to the national office 3-4 weeks ago, and she identified the spam as coming from the club registration site. She asked that someone get back to her (never happened), and that a notice should be sent out to ALL people potentially affected by this hacking. Further, she strongly suggested that this be done ASAP. Last night, I received a similar message to hers, so clearly, in the interim 3-4 weeks, nothing has been done. Needless-to-say, she was less than amused and called PCA headquarters again today.

She was able to directly identify the password (in our case) as being unique to the club registration site, just in case anyone is wondering. The new hack is trying to extort money from members so it won't be published that they are looking at **** sites. In many cases, we are sure that this is not the case, as they claim to have noted on the supposedly hacked computers.

Reply Like

08-09-2018, 04:22 PM

#17

Wild Weasel

Drifting

Thread Starter

Join Date: May 2016

Posts: 2,032

Likes: 226

Received 311 Likes on 175 Posts

Quote:

Originally Posted by ZAPmobile

In many cases, we are sure that this is not the case

In many cases? Not all? Are you saying they might still email out video of my junk to everyone I know?

I kinda think lots of the people on my contact list might get a kick out of that.

Reply Like

08-09-2018, 06:25 PM

#18

Sean F

NASA Racer
Rennlist Member

Join Date: Jul 2005

Location: Westchester, NY

Posts: 4,778

Likes: 1

Received 34 Likes on 20 Posts

Again to be clear on implications here - these criminals likely have physical address of people known to have race cars...i.e., better off than most and a pretty good robbery target.

Reply Like

08-09-2018, 06:27 PM

#19

mpruden

Three Wheelin'

Join Date: Sep 2013

Location: Folsom CA

Posts: 1,673

Likes: 29

Received 51 Likes on 35 Posts

Just so I understand, you guys are receiving emails with usernames and passwords included (that is, written out in plain text) in the actual email message?

BTW, I'm just a guy with a background in similar systems. I'm in no way affiliated with clubregistration.net.

Reply Like

08-09-2018, 06:52 PM

#20

ZAPmobile

Rennlist Member

Join Date: Jan 2007

Location: Hillsborough, North Carolina

Posts: 889

Likes: 6

Received 6 Likes on 3 Posts

Yes

Reply Like

08-09-2018, 07:07 PM

#21

laranja

Pro

Join Date: Mar 2016

Posts: 651

Likes: 105

Received 15 Likes on 15 Posts

It's very possible for hackers to unencrypt password files. Many sites use weak / easily broken encryption, and many
passwords can be tested & quickly unencrypted using dictionary attacks.

Simple truth is most sites don't have the time / resources / expertise to prevent these types of hacks.

Reply Like

08-09-2018, 07:32 PM

#22

Sean F

NASA Racer
Rennlist Member

Join Date: Jul 2005

Location: Westchester, NY

Posts: 4,778

Likes: 1

Received 34 Likes on 20 Posts

Also, I have been getting notifications of unauthorized login attempts to other accounts = obviously trying out the hacked username/password combo for access to banking, etc.

Reply Like

08-09-2018, 08:15 PM

#23

The Fat Kid

Pro

Join Date: Mar 2016

Location: New England

Posts: 662

Likes: 0

Received 41 Likes on 33 Posts

How many accounts were hacked?

Quote:

Originally Posted by Sean F

putting aside financial data, you do store address and phone number - correct? So if they have passwords, i'm guessing they have that info as well.

They would certainly have access to all of that info with username and password...

Quote:

Originally Posted by ZAPmobile

Thanks for trying to get them to alert users to the hack. A notification email would have been nice.

Reply Like

08-10-2018, 01:10 PM

#24

calvarado312

2nd Gear

Join Date: Aug 2018

Posts: 2

Likes: 0

Received 0 Likes on 0 Posts

ClubReg has been made aware of the breach and we are working to contact the accounts. An official notice will go out this weekend or Monday. We do take this very seriously. Again we are asked about credit card info. We do NOT store that information on our servers, nor do we have access to it.

We do apologize for the inconvenience this may cause everyone. Please understand that while we do not discuss our methods of encryption we are already looking into how to protect it further to minimize this happening again in the future. If you wish to discuss this you may call our offices directly at 512-273-5016

Thank you,

Chris Alvarado
ClubRegistration.net

Reply Like

08-10-2018, 02:15 PM

#25

forklift

Rennlist Member

Join Date: Nov 2003

Location: VA

Posts: 2,182

Likes: 24

Received 13 Likes on 10 Posts

It is my understanding that the sextorion (sp) emails went out to a LOT of people worldwide. A few have noted that it was their old Linkedin pw but could be from other hacks also.

https://www.businessinsider.com/new-...bitcoin-2018-7

Reply Like

08-10-2018, 02:28 PM

#26

Wild Weasel

Drifting

Thread Starter

Join Date: May 2016

Posts: 2,032

Likes: 226

Received 311 Likes on 175 Posts

Quote:

Originally Posted by forklift

I just keep waiting for the email blast to go out. I'm intrigued. It occurs to me that I don't even HAVE a webcam so I'm curious as to how they did it.

DO THEY HAVE SOMEONE IN MY HOUSE??