Uniden customer database compromised - Part 2

[ndnihil]

So, a while back I posted this thread:
https://forums.radioreference.com/threads/uniden-customer-database-compromised.359759/

I just got around to doing the NXDN upgrade (along with several revisions worth of firmware update) on my 436 earlier this week, and received this a couple days after:

Return-Path: MyEmail
Received: from [157.25.164.210] (unknown [157.25.164.210])
by MyMailHost with ESMTP id 6CAB740359
for MyEmail; Fri, 28 Dec 2018 05:41:21 +0100 (CET)
Message-ID: <5C25B785.6080801@MyDomain>
Date: Fri, 28 Dec 2018 05:41:25 +0000
From: MyEmail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: "TheActualPasswordIUsedForUnidensSite" <MyEmail>
Subject: Hackers know your password TheActualPasswordIUsedForUnidensSite. Password must be changed now.
Content-Type: text/plain; charset=IBM852; format=flowed
Content-Transfer-Encoding: 8bit

Oddly enough, it presented the old password (initial compromise?) rather than the new one I set a couple days ago. Could be coincidental timing, but I'm very curious to know if anyone else has received similar messages? It may be worth looking in your spam/junk folder, as that's where the bulk of these things end up. I just happened to be looking through it and noticed this.

Stay safe folks.

 

[gillham]

What was the from e-mail address?
edit: I guess they put your e-mail as the from.. Trying to search my spam box for this.

 

[ndnihil]

Yeah, they spoofed my own email as the sender. Might be worth searching "subject or message contains" with your password as the search string as well.

 

[darkness975]

So, are you saying we cant buy any of the upgrades unless we want to get compromised?

 

[ndnihil]

No I don't believe that's the case. As per the previous thread, they do not store CC info, and I would have expected some sort of nefarious activity or alerts from my CC company by now. I purchased the NXDN upgrade the other day and there does not appear to be any fallout from that.

Best practice here is to use a unique password for the Uniden site, and if possible use a unique email address to keep your primary address out of spam lists.

 

[Hit_Factor]

... As per the previous thread, they do not store CC info...

All of you advice was excellent. However, this line gives me pause. CC are passed through a site that was/is compromised. Think about that for a minute.



73, K8HIT
Icom: IC-7300 IC-PW1 ID-5100A ID-51A Plus 2 IC-R30 Hytera PD782G Uniden SDS100 DVMega SDRplay RSPduo

 

[ndnihil]

It appears to be more of a "handed off to a third party billing agent for successful payment token exchange" than a "passed through a compromised site for processing" situation. Can someone from Uniden confirm this?

 

[dmaria]

It appears to be more of a "handed off to a third party billing agent for successful payment token exchange" than a "passed through a compromised site for processing" situation. Can someone from Uniden confirm this?

Have they ever confirmed their database was even compromised? One would think it would be part of their due diligence - hmmmm...

 

[ndnihil]

As far as I'm aware, they have not confirmed or denied any compromise or leak of customer information. It's pretty apparent something happened, but the extent of that is currently unknown.