Wild Weasel

Hmph.

I just got spammed "Re: Salary [$900 /week]" at an email address that I've ONLY ever used to register for events on Club Registration.

Anyone here have any sort of official capacity with them?

jlanka

I got the same one, except mine was for $1000 a week.

Wild Weasel

WTF?? I drive a cheaper car and suddenly they think they can win me over with less money??

I'm being oppressed!!

txhokie4life

Apparently my car is so lame -- I'm not even spam worthy :-)

M

NYoutftr

ME TOO!!

No offers for me, I must be deplorable

Chris Alvarado

Ah the joys of running a website. We've just become aware of this issue. Rest assured that we do NOT have access to any of your financial information nor is any of it stored on our servers. Now I'm off to figure out how to patch that hole so it doesn't happen again. If you have any questions, you can contact me directly at 512-431-3143.

Chris Alvarado
ClubRegistration.net

Wild Weasel

Happy to hear that Chris. I was wondering about it but didn't really want to bring it up in public.

Wild Weasel

Dragging this back from the dead.

I never received any official notification about this hack but recently I started getting emails to this address that also included my password.

I ignored them at first figuring they were just more generic phishing spam but today checked, and lo and behold, it actually WAS my clubregistration password.

I've gone and changed it and thankfully don't use the same passwords everywhere, but if your database was stolen and you're storing passwords in plain text and that's out in the wild, your users really deserve to know about it!

Sean F

yup - happened to me too this week...and I'm wondering what else they got...profile stores address, phone etc.

calvarado312

Wild Weasel and Sean,

First to answer your question. Yes, the passwords are encrypted. We believe this to be a small incident. That is why a large scale broadcast message was not sent out. That said we will be recommending that our users change their passwords. As for what can be stolen from ClubReg rest assured it isn't much. We do not store, nor have access to any of your financial data. Event payments are handled 100% through our merchant account and not us. If you have any questions you are welcome to contact me directly at 512-431-3143.

Thanks,

Chris Alvarado
ClubRegistration.net, CEO
512-431-3143

Wild Weasel

serickson

I believe my info also taken was sent emails about 3-4 weeks ago with my username and password. Immediately changed password.

okie981

If everything was encrypted like email addresses, how could a hacker obtain it? I am really sick of websites leaving themselves open to hacking like this. Why isn't everything encrypted?

Sean F

putting aside financial data, you do store address and phone number - correct? So if they have passwords, i'm guessing they have that info as well.

ZAPmobile

My wife (also a PCA member) and I reported this to the national office 3-4 weeks ago, and she identified the spam as coming from the club registration site. She asked that someone get back to her (never happened), and that a notice should be sent out to ALL people potentially affected by this hacking. Further, she strongly suggested that this be done ASAP. Last night, I received a similar message to hers, so clearly, in the interim 3-4 weeks, nothing has been done. Needless-to-say, she was less than amused and called PCA headquarters again today.

She was able to directly identify the password (in our case) as being unique to the club registration site, just in case anyone is wondering. The new hack is trying to extort money from members so it won't be published that they are looking at **** sites. In many cases, we are sure that this is not the case, as they claim to have noted on the supposedly hacked computers.