Anyone know how long "MyUniden.com" site will be down?

Status
Not open for further replies.

Tim

Member
Feed Provider
Joined
Dec 19, 2002
Messages
401
Location
Milwaukee, Wi
Greetings...

I know they had gotten hacked or something, but I just got a used radio off of flee-bay and was looking to upgrade with DMR.


Tim
 

UnidenSupport

Uniden Representative
Uniden Representative
Joined
Jul 16, 2018
Messages
538
Location
Wisconsin
Unfortunately, at this time, we do not know how long the maintenance process will last. I will do my best to let people know when the site is back up, if someone doesn't get to it before me and we are sorry for the inconvenience.
 

kruser

Active Member
Premium Subscriber
Joined
Nov 25, 2007
Messages
4,417
Location
West St Louis Cnty, MO
The Uniden site is up.
When I try, it brings up a very plain looking generic page. The login button works but my credentials are not recognized at all. The page with the login boxes is also very generic looking, nothing like the normal My Uniden page.

edit: I found a way to get to the My Uniden page to see my radios but it is making me enter my email for a new password to be sent.
That page still looks funny though and I could not seem to get to the normal looking My Uniden page directly yet, maybe it will work after I do the new password thing

Edit: Okay, I can go directly to my.uniden.com again and login using the new password it made me pick. All looks normal.
I guess I've never tried visiting the My Uniden page from their main home page before but as long as My Uniden works directly, I'm happy!
 
Last edited:

bgav

Member
Premium Subscriber
Joined
Oct 10, 2009
Messages
378
Location
Central MA
It would be nice to have a disclosure of the breach and extent of it considering that customer email addresses, passwords, home addresses, and possibly CC payment info were compromised.

In fact, it looks like they may be obligated to under TX law if certain PII was compromised. Even if the breach doesn't meet the mandatory reporting threshold, they should notify their customers of the nature and extent of the breach, it's just the right thing to do.

https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart-texas.html

ATTORNEY PUBLICATIONS
Tex. Bus. & Com. Code §§ 521.002, 521.053

Acts 2007, 80th Leg., ch. 885, § 2.01.

Amended by Acts 2009, 81st Leg., ch. 419, § 3

Effective April 1, 2009

Acts 2011, 82nd Leg., ch. 1126, § 14 (H.B. No. 300)

Effective Sept. 1, 2012

S.B. 1610 (signed into law June 14, 2013)

Effective June 14, 2013

Application. A person (Entity) that conducts business in TX and owns or licenses computerized data that includes sensitive PI.

The provisions governing maintenance of sensitive PI that the Entity does not own appear applicable to any Entity maintaining PI, whether or not the Entity conducts business in TX.
Security Breach Definition. Unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive PI maintained by an Entity, including data that is encrypted if the person accessing the data has the key required to decrypt the data.

Good-faith acquisition of sensitive PI by an employee or agent of the Entity for the purposes of the Entity is not a breach of system security unless the sensitive PI is used or disclosed by the person in an unauthorized manner.
Notification Obligation. Any Entity to which the statute applies shall disclose any breach of system security, after discovering or receiving notification of the breach, to any person, including nonresidents, whose sensitive PI was, or is reasonably believed to have been, acquired by an unauthorized person.

Notification to Consumer Reporting Agencies. If an Entity is required by this section to notify at one time more than 10,000 persons of a breach of system security, the Entity shall also notify, without unreasonable delay, all consumer reporting agencies that maintain files on consumers on a nationwide basis of the timing, distribution, and content of the notices.

Third-Party Data Notification. Any Entity that maintains computerized data that includes sensitive PI that the Entity does not own shall notify the owner or license holder of the information of any breach of system security immediately after discovering the breach, if the sensitive PI was, or is reasonably believed to have been, acquired by an unauthorized person.

Timing of Notification. The disclosure shall be made as quickly as possible, consistent with the legitimate needs of law enforcement or as necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Sensitive Personal Information Definition. An individual’s first name or first initial and last name in combination with any one or more of the following items, if the name and the items are not encrypted:

Social Security Number;
Driver license number or government-issued ID number; or
Account number or credit card number or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Sensitive PI also includes information that identifies an individual and relates to:

The physical or mental health or condition of the individual;
The provision of health care to the individual; or
Payment for the provision of health care to the individual.
Sensitive PI does not include publicly available information that is lawfully made available to the general public from the federal government or a state or local government.

Notice Required. Notice may be provided by one of the following methods:

Written notice at the last known address of the individual; or
Electronic notice, if the notice is consistent with the provisions regarding electronic records and signatures set forth in 15 U.S.C. § 7001 (E-SIGN Act).
However, if the affected person is a resident of a state that has its own breach notification requirement, the Entity may provide notice under that state’s law or under Texas’s law.
Substitute Notice Available. If the Entity demonstrates that the cost of providing notice would exceed $250,000, the number of affected persons exceeds 500,000, or the Entity does not have sufficient contact information, the notice may be given by any of the following:

Email notice when the Entity has an email address for the affected persons;
Conspicuous posting of the notice on the Entity’s Web site; or
Notice published in or broadcast on major statewide media.
Exception: Own Notification Policy. An Entity that maintains its own notification procedures as part of an information security policy for the treatment of sensitive PI that complies with the timing requirements for notice under this section complies with this section if the Entity notifies affected persons in accordance with that policy.

Other Key Provisions:

Delay for Law Enforcement. An Entity may delay providing notice as required at the request of a law enforcement agency that determines that the notification will impede a criminal investigation. The required notification shall be made as soon as the law enforcement agency determines that the required notice will not compromise the investigation.
AG Enforcement.Remedies include injunctive relief and civil penalties of at least $2,000 but not more than $50,000 for each violation.
Civil penalties for failure to comply with notification requirements are raised to up to $100 per person to whom notification is due, per day, not to exceed $250,000 per breach.
 
Last edited:

trentbob

Member
Premium Subscriber
Joined
Feb 22, 2007
Messages
3,032
Location
Bristol, Pa.
Tech support- I want to let you know I attempted to make a nxnd upgrade purchase today. ESN and sum entered. When I attempted to put my phone number in for the credit card purchase the site kept replacing the numbers with different numbers. I was unable to make the purchase and it looks like a hack so I would be hesitant to put credit card information in. Can we make this purchase over the phone since I have been trying for a week now between site being down and now malfunctioning? I AM trying to give you money here LOL.
 
D

DaveNF2G

Guest
Tech Support:

Evidently your email is also messed up. I was unable to email support at uniden dot com, getting a "server is misconfigured" bounce error.

I cannot reset my password because my new email address is not on the account yet. I cannot update the address because my password has been cancelled by the "maintenance". See the problem?
 

UnidenSupport

Uniden Representative
Uniden Representative
Joined
Jul 16, 2018
Messages
538
Location
Wisconsin
Tech Support:

Evidently your email is also messed up. I was unable to email support at uniden dot com, getting a "server is misconfigured" bounce error.

I cannot reset my password because my new email address is not on the account yet. I cannot update the address because my password has been cancelled by the "maintenance". See the problem?
you can also email us directly at Escan@uniden.com. I will see if there are other things being worked on such as our support site that might be causing this issue, thanks for letting us know. If you direct message me your account name, I should be able to take a look at it and get you your temporary password.
 

UnidenSupport

Uniden Representative
Uniden Representative
Joined
Jul 16, 2018
Messages
538
Location
Wisconsin
Tech support- I want to let you know I attempted to make a nxnd upgrade purchase today. ESN and sum entered. When I attempted to put my phone number in for the credit card purchase the site kept replacing the numbers with different numbers. I was unable to make the purchase and it looks like a hack so I would be hesitant to put credit card information in. Can we make this purchase over the phone since I have been trying for a week now between site being down and now malfunctioning? I AM trying to give you money here LOL.
We can't really process those any differently than you can, but we can try to enter it into your account on my.uniden.com if you call us at 1-800-297-1023. if nothing else, it might give us a more clear picture of an issue.
 

K7MFC

WRAA720
Premium Subscriber
Joined
Nov 18, 2017
Messages
677
Location
Phx, AZ
UPMan or UnidenSupport - are either of you able confirm or deny a security compromise for my.undien.com and/or a data breach for registered users? There's been a handful of threads here alleging such over the past few days, but I wasn't able to conclude anything based on the discussions I have read. I did notice that http://my.uniden.com/Login.cfm is returning a 301 "Moved Permanently" status, and it appears the insecure login page has been fixed.
 
Last edited:

fxdscon

¯\_(ツ)_/¯
Premium Subscriber
Joined
Jan 15, 2007
Messages
5,322
UPMan or UnidenSupport - are either of you able confirm or deny a security compromise for my.undien.com and/or a data breach for registered users? There's been a handful of threads here alleging such over the past few days, but I wasn't able to conclude anything based on the discussions I have read. I did notice that http://my.uniden.com/Login.cfm is returning a 301 "Moved Permanently" status, and it appears the insecure login page has been fixed.
The http://my.uniden.com/Login.cfm link works for me and allows me to login with my new password.

.
 

K7MFC

WRAA720
Premium Subscriber
Joined
Nov 18, 2017
Messages
677
Location
Phx, AZ
The http://my.uniden.com/Login.cfm link works for me and allows me to login with my new password.
Yes, same for me. I was able to change my password and successfully log in. If you inspect the network traffic, the request to "http://my.uniden.com/" returns a 302 status and the browser redirects to "httpS://my.uniden.com" - I was just wondering if this was a recent change and/or if it is related to the recent down time on my.uniden.com. There was some discussion about this a few months ago:

https://forums.radioreference.com/uniden-tavern/373045-my-uniden-insecurity.html
 

rel

Member
Joined
Jul 24, 2014
Messages
6
I got a message when trying to change my password that system was down. Very early this morning tried again and it worked.
 
Status
Not open for further replies.
Top