Uniden customer database compromised - Part 2

Status
Not open for further replies.

ndnihil

Member
Premium Subscriber
Joined
Aug 14, 2014
Messages
39
So, a while back I posted this thread:
https://forums.radioreference.com/threads/uniden-customer-database-compromised.359759/

I just got around to doing the NXDN upgrade (along with several revisions worth of firmware update) on my 436 earlier this week, and received this a couple days after:

Return-Path: MyEmail
Received: from [157.25.164.210] (unknown [157.25.164.210])
by MyMailHost with ESMTP id 6CAB740359
for MyEmail; Fri, 28 Dec 2018 05:41:21 +0100 (CET)
Message-ID: <5C25B785.6080801@MyDomain>
Date: Fri, 28 Dec 2018 05:41:25 +0000
From: MyEmail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: "TheActualPasswordIUsedForUnidensSite" <MyEmail>
Subject: Hackers know your password TheActualPasswordIUsedForUnidensSite. Password must be changed now.
Content-Type: text/plain; charset=IBM852; format=flowed
Content-Transfer-Encoding: 8bit

Oddly enough, it presented the old password (initial compromise?) rather than the new one I set a couple days ago. Could be coincidental timing, but I'm very curious to know if anyone else has received similar messages? It may be worth looking in your spam/junk folder, as that's where the bulk of these things end up. I just happened to be looking through it and noticed this.

Stay safe folks.
 

ndnihil

Member
Premium Subscriber
Joined
Aug 14, 2014
Messages
39
Yeah, they spoofed my own email as the sender. Might be worth searching "subject or message contains" with your password as the search string as well.
 

darkness975

Latrodectus
Premium Subscriber
Joined
Nov 4, 2016
Messages
850
So, are you saying we cant buy any of the upgrades unless we want to get compromised?
 

ndnihil

Member
Premium Subscriber
Joined
Aug 14, 2014
Messages
39
No I don't believe that's the case. As per the previous thread, they do not store CC info, and I would have expected some sort of nefarious activity or alerts from my CC company by now. I purchased the NXDN upgrade the other day and there does not appear to be any fallout from that.

Best practice here is to use a unique password for the Uniden site, and if possible use a unique email address to keep your primary address out of spam lists.
 

Hit_Factor

Member
Joined
Mar 6, 2010
Messages
2,435
Location
Saint Joseph, MI
... As per the previous thread, they do not store CC info...

All of you advice was excellent. However, this line gives me pause. CC are passed through a site that was/is compromised. Think about that for a minute.



73, K8HIT
Icom: IC-7300 IC-PW1 ID-5100A ID-51A Plus 2 IC-R30 Hytera PD782G Uniden SDS100 DVMega SDRplay RSPduo
 

ndnihil

Member
Premium Subscriber
Joined
Aug 14, 2014
Messages
39
It appears to be more of a "handed off to a third party billing agent for successful payment token exchange" than a "passed through a compromised site for processing" situation. Can someone from Uniden confirm this?
 

dmaria

Member
Joined
May 24, 2010
Messages
295
It appears to be more of a "handed off to a third party billing agent for successful payment token exchange" than a "passed through a compromised site for processing" situation. Can someone from Uniden confirm this?

Have they ever confirmed their database was even compromised? One would think it would be part of their due diligence - hmmmm...
 

ndnihil

Member
Premium Subscriber
Joined
Aug 14, 2014
Messages
39
As far as I'm aware, they have not confirmed or denied any compromise or leak of customer information. It's pretty apparent something happened, but the extent of that is currently unknown.
 
Status
Not open for further replies.
Top