I meant that someone has your name and email, nothing more.

That is pretty damn common though which really is fucking stupid if that is all it takes.

Though I am still waiting on what Michael comes up with assuming full protocol was indeed used. Which would mean they would need to be able to answer as he put it 4-6 security questions.

I know my previous and now new questions on epassporte are not questions used elsewhere. I am pretty careful about not repeating those things.

Which leaves info epass could have to ask about, which could be DL #, last 4 of some of the load cards, maybe middle name from ID, so forth. I just do not have that info sitting with other sponsors or such where it could get shared. Exceptions being middle name maybe, address, phone number. I do not use middle name anywhere really but I am sure it can be found online.

Of course I have also checked and constantly check my computer for key loggers, virus, spy ware, etc.

Some people are incredibly lazy; it'll be interesting to see the official statement.

I never said they actually sent them in, but this is the first part in the scam. Im quite sure they know how the verifications at epassporte go, so if they have offered to send in the docs, im sure they would have sent something. You cought it fast enough so it won't work, but if you did not catch it in time, epass did the first move, reset all your info. Next part was them sending in the documents so they can take control of the account. So either they got your docs from somewhere, or know enough of your personal info to forge docs that look legit, and match with what you have on epass.

Here's one scenario from the top of my head.
You run a porn site. They hack in there, get your personal info from the database, maybe even personal pictures and shit if you keep it on server (many people keep personal things), find out your epass username, and the game begins...

You can be sure they have something, what, i dont know, but they have some info that they were gona use to persuade epass to send them the new login (after it got reset).

I am of course not rulling anything at all out until I get the info back from epass.

As for your scenario, again highly unlikely. I know what info I have outside and what I do not. For instance aside from maybe 5-10 pictures on Fubar that have me in them, or silly fucking general pictures of crap, I do not keep anything online. Hell I do not even email friend and family pictures.

Databases should just contain business info which is different than what epass has.

I really am leaning more towards it just being pure human error with client services and the proper protocols were not followed, but we shall see. Even if I have to eat crow and say yes indeed something was compromised of mine and what it was I will keep this updated as I feel it could effect others and is the only reason I am doing this thread along with private communications with epassporte. If it can happen to someone who is as careful about security as I am, then it is very important to find out the how's and whys as I know many if not most people are not as tight with their security.

I was under the impression that the only way you can contact epassporte support is through their message center after you log in. If this is really the case, then they should know which member sent them that email?

Thats not true as they tell you on the site itself to contact CS@epassporte all over the place. Specially if you have any issues.

Well they might be going with those informations. I'd be looking at your sluttydollar servers next (if that's yours).
Or if you are an affiliate of someone, in those databases you usually put your name, surname, address, birthdate, ip, email .....
They might be trying with that aswell.

I run their affiliate program. My details in there are very limited - again just business info etc. Like I would have at any affiliate program.

In those I put my company name - for payouts etc. Yes my address, and email (see above) and birthdays are not to damn hard to find out publicly again.

I still am leaning to the most obvious and likely reason, well ahead of any super strange and even harder to explain could of been reasons. After all perhaps I taunted the wrong person in some supernatural thread and they indeed are psychic or a ghost did tell them the answers. May as well go there too, instead of first thinking it was just human error at client support?

Though feel free to keep posting the what if's and could of been's. According to epassporte I should have some answers by Monday and we will see who was right or where to go from there.

Doh. I tried to help you narrow it down and tell you how this stuff goes and you're here passing jokes on my account? You mentioned they tried other things aswell as epass. Well, that'll teach me.

It's human error.

Wasn't really passing jokes on your account. I need to keep good humor about this regardless.

I have no problems with trying to narrow it down. I have just said time and again of what I place on sites. I pretty much know what is where and what has been used.

Yes they have triggered password requests from sponsors as well. Which could mean perhaps they found one of the many old databases of webmaster information that is sitting in google and have decided to try an old password on as many new sites as possible hoping for a match.

Your whole theory though is based on them having information so that when time comes they can send in documents asking for a password after getting everything reset. Which they were planning on doing but never did for whatever reason.

Michael on the other hand is checking on if protocol was followed, getting a call pulled if it was, and finding out what information was asked and answered if any call was placed as per protocol. Though that still flies in the face of the emails. I am also hoping he will provide me with the headers of the original email, yes I know it more than likely is a proxy but I am real curious about something.

This is where you, and 99% of people fail. You don't just think, you are 100% positive that no info of yours can be compromissed, and if it can, it's from "old database of webmaster information that is sitting in google". Well it just ain't so. I can't explain it to you, as i couldn't to anyone other i tried to explain this, untill you show them the proof. Then everyone goes "oh shit, how". Your info is not safe, no matter how much you think it is.

In any case, i dont know was anything of your compromissed, i just told you how it goes and to broaden your horizonts.

Have I left out the possibility, no.
Have I said I would admit it and share what it was if that is what happened, yes.

For all I know epass themselves go compromised at some point and some of their own data leaked out and that could explain how they could get around it. So no I can not be 100% sure and nobody can be.

Only reason I even mentioned the DB and google, is well I know of at least 2 that are wide open as it stands and I never went hunting for them.

Some people are over a barrel and need an epass acct.

BUT, given a choice, why would anyone in their right mind deal with this???

It is why I do not really keep much in there at all. Nor do I receive sponsor payments to it. Hell I do not even have an epass debit card.

thats really fucked up

Woah.. They sent you a new password and security on your e-mail? Thats fucking unsecure.. What would happen if someone "hack" your e-mail?

That means someone then can easily grant access to account.