Epassporte now too. WTF!
 

Ok I think it is becoming more obvious that someone is really trying to break into my accounts. I have had a few password reminder emails from sponsors over the past week.

Now I get sent an email from epassporte that is the following.

Dear David,

Thank You for your email.

In regards to your concern, please be informed that we have removed your
security question and reset your password and you can view it along with
your user ID addressed to you in your external email address which you
registered with ePassporte.

I hope this has answered your query.

If you have any further concerns, please do not hesitate to contact our
Customer Service from the details listed below.

Best Regards,
Kushal.C

ePassporte Account Holder Services
[email protected]
Fax: +1.310.564.1751
Phone: +1.310.301.2001

----- guess this is the mail they are quoting---------

> Some one change my Security Questions and my password pllease help me as
> soon as possible and i will attach u all my docs

Then of course I get mailed a new password in a separate mail.

I am not an idiot and there was no links to even click aside from mail to: ones anyways. So I head over to epassporte in a new browser window and yes indeed my old password no longer works. When I do get inside, yup all of my previous extra opt in security questions and image etc has been reset.

Seriously WTF is the point of this added layer of security if someone can get it reset via an email and obviously a spoofed email at that. Only thing I am even glad of is that it seems the client support at epassporte at least do not hit the reply to button on the email and did send to the proper email on file.

I have sent in a request asking for the headers of the email. Also left Michael a message too.

That's just scary.

not good

PS when they reset your password it goes to a letter and a few numbers. Better than a random word but still fairly fucking stupid.

Still trying to wrap head around why they would just reset shit from an email though. I need to send them DNA data to get a withdraw increase yet some ass clown can get them to reset all of my data with a fake email.

Your gonna get anally raped

please send $10 000 from your epass account to my epass account to make sure that its still working properly

I feel OK as my passwords are typically crazy random and as long as allowed. It is the system itself or worse yet the human element that does have me concerned. I guess those potential weak links in the whole security chain.

Just wish whoever decided to target me would pick another fucking target. It is getting annoying as hell.

That would be fucking annoying. Glad they didnt get access to your account ASM.

In effect though in my eyes it still was compromised.
An email should not be able to get a password and all security questions reset. If so what is the point of having security questions in the first place.

This extra layer of security they added was due to hacked accounts, and seeing how easy it is to bypass is just fucking wrong.

that's not good

:mad::mad::mad:

yeah I am with you man, something is seriously wrong there

not good, not good at all :( :(

Ouch.... any words from epass?

And then people are suprised when i say how epassporte still have bad security.

It seems that they don't even try to help for real, huh?

I would say a certain Kushal C. idiot needs to be shot, an that's all.

ASM

I am emailing you now.

that's fucked up

: / ...

damn, scary shit :(

So basically you're saying their security measures WORK and that they have effect.
They emailed the email address they had on file(instead of just replying) to make sure you actually were the one that requested the change and if not, you had a chance to intervene.

SO WHY FUCKING COMPLAIN?

It amazes me that people continue to risk their income with this company...how many 100's of threads have we all seen like this about epass?..its a daily occurrence and these are just the situations we DO hear about.

Michael O deserves kudos for his customer service skills and in my opinion is the only reason epass has survived to date, that being said there will come a day when this company is going to crash and burn, they are going to take a lot of people with them and Michael O won't be able to save anyones day...

So much for secure accounts :2 cents:

or should I say a secure system.....

You seem to have failed to notice that the first email I got was that my password had been reset and all my security questions had been reset.

They only happened to email me to let me know they had followed "my" request, which by that time it was to late to intervene. If I had not been up around when it happened it only was now secure by a few numbers and a letter.

Though I am currently dealing with Michael as per the emails. He is waiting for some details, yet says protocol would of required a phone call and answering 4-6 security questions. Which I find very hard to believe really happened at this point, however I am not saying it is impossible at this moment. Though I will say epassporte has more information about me than nearly all other sponsors out there combined. So if they really did ask some questions it better have been some serious ones from documents that they had made special requests for. Oddly the quoted email also does not mention a phone call at all though either.

I really do not risk my income with this company. I am a check person. I just happen to have an epassporte account for mostly secondary reasons, like paying people who perform services who have a hard time getting funds any other way. It is not that often where I will even have much money in there at all.

I'd be happy to see a policy change for this.

My question is, since they obviously know your email - do they have access to it? That's why I like not using any free email hosts for anything that needs some sense of security.

Nah my email is secure and I change up the password to that weekly with the same PW standards I use everywhere else.

Technically if I did not use a public mail, my ISP mail would be just as easy if not easier to crack since it is web accessable as well. Servers would just as likely stand same chance of them being gotten into. Really see no extra security in using any other mail type.

That somewhat depends on who handles your mail. I don't even have a 'real' email address. I forward my email as an alias to one that nobody would even attempt on without a brute force attack on any publically-accessable MTA, and just set my mailto and reply-to to the alias. For my personal email, I block access by class C, and also change the password often. You can't do either of those with public mail servers. :)

All of that fails if the server your mail is on is compromissed, and that's usually the target, not your, or anyone elses email in particular. That's why using public big mails like gmail is a good thing in many cases.

Why they go "personal" with AMP is the case that someone got his personal information from somewhere, along with documents (or can forge them in a good manner) and they are trying to cash in on that (they mention in the email they would send the proper docs). So they got your personal info (name, address, phone etc etc) from somewhere.

What is the alternative?

Actually they just offered to send in docs. Does not appear they ever did.
I am almost 100% certain that my personal information was not used to access the account. Aside from epassporte who demands your personal information and documents, sponsors for instance just have company name, tax id number, and such.

If a company just relies on simple personal data (name, address, phone) then they have serious problems anyways. Every content provider would already be compromised in that instance due to 2257 (phone aside). Yet hell that still would be common whois information if one did not keep domains private.

So again unless they left shit out of the email and email quote. I do not see a request for a phone call, or a in reference to our phone call your info has been reset. Nor do I see a we received your documents, or after reviewing your documents we reset your information. The email is pretty cut and dry - please help - ok your reset.

You are too suspicious!

I agree; someone's got his data and is screwing with him.

that's pretty shitty :(

I've had this experience with every employee of ePassporte, aside from Michael O. Hit up Michael directly; he should be able to get you IPs and server logs. Again, those may not be horribly useful, but when compiled with the other 'password reset' requests you have, there might be enough information from the sponsors to track it down to some degree.

Highly unlikely, but it's also unlikely that I'm going to let Vietfraud send me joins on stolen cards because they use the name "Joseph Smith" for their affiliate account. :thumbsup

What really makes you think someone has my data? Nothing in the email chain goes that direction.

Already have contacted him and Michael is awaiting on epassporte, and phone records (if any) as he stated that is the protocol. Though he is also making sure protocol was followed. I also made requests for the email headers, etc.

Without the help of MichaelO, this company would be doomed. He is the only asset this company has, it seems the rest of the company is out to lunch....just my :2 cents:

Eh huh?

I get a copy of an email I did not send requesting a full reset which was granted and I am being to suspicious?