Burning Shed Hacked!!!

Amazon
Find deals on ebay
Advertise with us
QuadraphonicQuad

Help Support QuadraphonicQuad:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
JonUrban

JonUrban

Forum Curmudgeon
Staff member
Admin
Moderator
Since 2002/2003
Joined
Mar 2, 2002
Messages
17,723
Location
Connecticut
Just got this email:

Dear Burning Shed customer

We are sorry to inform you of a security breach here at Burning Shed that has resulted in the unauthorised disclosure of your personal data. We felt it was important to let you know this as soon as we were able to confirm it.

If you have used the same password you used on burningshed.com anywhere else, please change it immediately.

The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018.

A hacker managed to download a section of our customer database. This consisted of some email addresses, plus the encrypted passwords for those email addresses. Our IT experts do not believe that postal addresses or any other information was accessed. However, we know that the hackers did decrypt some of the account passwords, including yours.

We can however guarantee that no payment information of any kind was compromised as part of this breach. We do not hold any of your credit card or PayPal details on our database. They have not been compromised. You do NOT need to cancel your credit card or PayPal account.

We have taken the following steps to mitigate any adverse effects:

1) On Friday 17th April we engaged a top expert who specialises in data security and they are fixing the problem that caused this breach

2) Together with the security expert we have carried out a full security review and made changes to the website to secure your data for the future. This will include strengthening the way passwords are encrypted, moving all data to a new host (as a precaution)

3) We have taken the Burning Shed site offline for maintenance in order to complete the security updates. This means that we will not be taking any orders for approximately 48 hours as of today and you will need to change your password when this is complete.

4) When the website re-opens all account passwords will be re-set and we will tell you how to log in so that you can change your password to something new. Please do not re-use your old password.

Once this immediate work is completed and the site is brought back up, Burning Shed will be conducting significant additional follow-up work to ensure the system remains secure in the long-term.

Once again, we are very sorry that this has happened. We informed the Information Commissioner's Office on the 20th of April 2020 and will comply with whatever recommendations they might make.

We hope that this will not stop you from continuing to support us and the artists/labels we work with.

Yours sincerely

Pete Morgan
Director
Burning Shed Limited
Unit B, Yarefield Park
Old Hall Road
Norwich NR4 6FF
__________________
telephone: 01603 767726
burningshed.com
 
These kind of hacks happen all the time; but I believe we donā€™t often hear about them, or maybe weā€™re told years later. Iā€™m not as vigilant as I should be about changing passwords as it is a lot of work. Probably should do a few changes every month on a rotating schedule to spread out the hassle. Heck I have to keep a binder full of written passwords because I donā€™t believe any computer interaction with passwords can be 100% safe. Maybe Iā€™m just being ultra paranoid (but I donā€™t think so, since my credit card numbers keep getting stolen somehow!)
 
J. PUPSTER said:
These kind of hacks happen all the time; but I believe we donā€™t often hear about them, or maybe weā€™re told years later. Iā€™m not as vigilant as I should be about changing passwords as it is a lot of work. Probably should do a few changes every month on a rotating schedule to spread out the hassle. Heck I have to keep a binder full of written passwords because I donā€™t believe any computer interaction with passwords can be 100% safe. Maybe Iā€™m just being ultra paranoid (but I donā€™t think so, since my credit card numbers keep getting stolen somehow!)
Click to expand...
Luckily I've never had credit card or debit card security impacted. I use Firefox mainly with Java blocker (you must give permission), Privacy Badger & Ghostery plug ins. Kaspersky ant-virus & it has secure keyboard. I use CCleaner at least daily & always after a $$ transaction. I use Firefox to remember most of my passwords and none of them are the same on any 2 accounts. But I do have a system or a method of creating PW's so even if I forget what my Ebay PW is I can usually figure it out. Like you resetting all PW's is a pain. This way at worst I might have to do it only on 1 account.

That is all for naught if the merchant is hacked & data stolen. Look at Equifax, Wells Fargo & even Target that was data burgled. I think you are right it happens more often than we probably know. It pays to check in on your credit & bank accts regularly.
 
J. PUPSTER said:
These kind of hacks happen all the time; but I believe we donā€™t often hear about them, or maybe weā€™re told years later. Iā€™m not as vigilant as I should be about changing passwords as it is a lot of work. Probably should do a few changes every month on a rotating schedule to spread out the hassle. Heck I have to keep a binder full of written passwords because I donā€™t believe any computer interaction with passwords can be 100% safe. Maybe Iā€™m just being ultra paranoid (but I donā€™t think so, since my credit card numbers keep getting stolen somehow!)
Click to expand...
Hats off to the Shed for letting everyone know ASAP, I've found out about hacks only when companies do a press release. Last one was AmEx told me before British Airways had put out a press release (BA never sent me an email!). It is usually my Visa numbers which get 'borrowed' so I suspect their security is the worst. I had my card rejected in a shop, phoned up and said how did this happen, I managed to find out that the f***ers try random numbers on-line, often give a small gift to charity or a small purchase value, if it passes they carry on spending. :mad:
 
J. PUPSTER said:
These kind of hacks happen all the time; but I believe we donā€™t often hear about them, or maybe weā€™re told years later.
Click to expand...


"The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018. "

The reassuring thing in that statement is where they indicated that the financial details were not compromised.
 
DuncanS said:
..............ā€¦ every action on the net leaves a trail somewhere
Click to expand...
Ain't that the truth. I know there's no ultimate privacy but I'm all about minimizing my net foot print. No twitter, no facebook, no linkedin. I only have member ship on QQ & even my connected e mail account is different from what my main e mail is, which is on Zoho. I carry no bank or credit card apps on my phone. I use CCleaner on that frequently & change google ad id often. So far so good.
 
Sonik Wiz said:
Luckily I've never had credit card or debit card security impacted. I use Firefox mainly with Java blocker (you must give permission), Privacy Badger & Ghostery plug ins. Kaspersky ant-virus & it has secure keyboard. I use CCleaner at least daily & always after a $$ transaction. I use Firefox to remember most of my passwords and none of them are the same on any 2 accounts. But I do have a system or a method of creating PW's so even if I forget what my Ebay PW is I can usually figure it out. Like you resetting all PW's is a pain. This way at worst I might have to do it only on 1 account.

That is all for naught if the merchant is hacked & data stolen. Look at Equifax, Wells Fargo & even Target that was data burgled. I think you are right it happens more often than we probably know. It pays to check in on your credit & bank accts regularly.
Click to expand...
I do know that a lot of my troubles started with the Equifax theft (thanks Equifax!), you can also get your card info stolen at slide throughs on gas pumps etc. The U.S. I believe was way behind places like Europe that implemented the chip in credit cards.
 
splinter7 said:
"The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018. "

The reassuring thing in that statement is where they indicated that the financial details were not compromised.
Click to expand...
So does the breach affect accounts created after December 18, 2018(assuming, which I donā€™t, that there is any certainty that that date is correct)?
 
J. PUPSTER said:
I do know that a lot of my troubles started with the Equifax theft (thanks Equifax!), you can also get your card info stolen at slide throughs on gas pumps etc. The U.S. I believe was way behind places like Europe that implemented the chip in credit cards.
Click to expand...
After that breach Equifax was offering credit protection plans at a discounted rate.
Really ! - We're going to trust you again ?
 
esimms86 said:
So does the breach affect accounts created after December 18, 2018(assuming, which I donā€™t, that there is any certainty that that date is correct)?
Click to expand...

I think they would have have wrote something a little different if it was an ongoing hack. The email also states that they think the breach was limited to "some email addresses, plus the encrypted passwords". No postal addresses. So all it was really worth was an opportunity to hackers to link an email to a password.
Since it happened over a year ago, I would think that you would have already discovered if you were a victim of identity theft from this.

Still it wouldn't hurt to change your passwords up.
 
Sonik Wiz said:
Ain't that the truth. I know there's no ultimate privacy but I'm all about minimizing my net foot print. No twitter, no facebook, no linkedin. I only have member ship on QQ & even my connected e mail account is different from what my main e mail is, which is on Zoho. I carry no bank or credit card apps on my phone. I use CCleaner on that frequently & change google ad id often. So far so good.
Click to expand...
QQ is the only the place on the net to be social as far as I'm concerned! Shame we can't all meet up in a pub on a Saturday night, have a few šŸ»šŸ„‚šŸ·šŸ„ƒšŸøšŸ¹šŸ¾šŸŗ, and blether on about surround music :dance
 
DuncanS said:
QQ is the only the place on the net to be social as far as I'm concerned! Shame we can't all meet up in a pub on a Saturday night, have a few šŸ»šŸ„‚šŸ·šŸ„ƒšŸøšŸ¹šŸ¾šŸŗ, and blether on about surround music :dance
Click to expand...

Ain't THAT the TRUTH, Dunc. Where else on the net can you discuss far ranging topics beyond the scope of JUST Surround Music and enjoy the comraderie
of so many splendid sorts. NOWHERE!

Perhaps when this pandemic runs its course and every one can escape the confines of their respective man caves, such an 'event' can be arranged.
 
well i got the email too.. even though i seldom use them (i'm a skinflint tightwad so i go where the prime shippings at) i recognise they are an important/significant company in our hobby and it is decent of them to get in touch in this way, over what must be a bit of a nightmare breach for them.

thankfully i chose a unique login i'd never used elsewhere, so all should be well. who knew "password1234" would be so secure! šŸ˜‚
 
You must log in or register to reply here.

Similar threads

M
Waiting on Burning Shed
Replies
4
Views
847
DuncanS
DuncanS
S
Multi-channel flac supported in J River CloudPlay
Replies
0
Views
352
soundgals
S
steelydave
Snarky Puppy's 2015 Magnum Opus, 'Sylva' (with the Metropole Orkest) is coming in Atmos
Replies
6
Views
353
mrcond
mrcond
J
My journey from pentaphonic to dodecaphonic sound! (ie. Atmos)
2
Replies
24
Views
3K
MidiMagic
MidiMagic
HomerJAU
Many Home Routers Compromised! (Warning)
2
Replies
29
Views
5K
LuvMyQuad
LuvMyQuad

Latest posts

Back
Top