Old 05-01-2016, 22:41   #1
PSM
Area Commander
 
PSM's Avatar
 
Join Date: Nov 2005
Location: Cochise Co., AZ
Posts: 6,175
AIM Surplus was hacked

I got a letter Friday that looked like junk mail from AIM Inc. I almost tossed it but decided to open it. It said that they had been hacked and that the images of the driver's licenses of ammo buyers had been compromised.

The AIM Surplus site does not mention it and they did not send emails to buyers. I emailed them and they admitted that it was true and that they were offering 1 year free credit monitoring. That part was in the letter which is what made me think that it was a scam; there was no email address, only a phone number, and the return address on the envelope was PA and not OH.

It seems to be legit, but I'm not happy with the way AIM handled it.

Pat
__________________
"Hector Lives!"

"The limits of tyrants are prescribed by the endurance of those whom they oppress." -- Frederick Douglass

"The bigger the government, the smaller the citizen." -- Dennis Prager

"The urge to save humanity is almost always only a false-face for the urge to rule it." --H.L. Mencken
PSM is offline   Reply With Quote
Old 05-03-2016, 17:33   #2
Badger52
Area Commander
 
Badger52's Avatar
 
Join Date: Jan 2011
Location: Western WI
Posts: 6,817
Lovely. Thanks to the VA, OPM & Sony's data repository operation if these were cumulative we'd all have free monitoring* for the rest of our days.


* No not that kind; NSA's gotcha covered already on that.
__________________
"Civil Wars don't start when a few guys hunt down a specific bastard. Civil Wars start when many guys hunt down the nearest bastards."

The coin paid to enforce words on parchment is blood; tyrants will not be stopped with anything less dear. - QP Peregrino
Badger52 is offline   Reply With Quote
Old 05-25-2016, 09:42   #3
Mycroft
Guerrilla
 
Join Date: Dec 2007
Posts: 110
Yikes!

Ok, here is the bad news. This type of breach is more significant than most online hacks of just credit card numbers or SSNs. How it didn't make headlines is beyond me.

The worse news: Most hackers understand that people get one year of credit monitoring and will let some data like this "cook" for 13 months after a breach notification, at which point the "free" credit monitoring goes away.

The good news: Placing a freeze on your credit reports if you've received one of these letters is really easy and free. The credit report is also the only way of actually significantly decreasing fraud in your name. The only pain point is that you'll have to keep a protocol sheet handy for when you apply for credit lines to call the reporting agency that the credit company you are applying to uses and temporarily unlock your data.

Here is an article from a security researcher that goes into a significant level of detail on why you should really just bit the bullet and get that freeze done:
http://krebsonsecurity.com/2015/06/h...curity-freeze/

Here is another whitepaper (a useful one, not a sales whitepaper) on the same subject (more of the same data, but just in case you wanted a different source:
http://uspirg.org/sites/pirg/files/r...RGFREEZE_0.pdf

And finally, here is the FTC on the same subject:
https://www.consumer.ftc.gov/article...it-freeze-faqs

In summation, take the time to get your credit freeze now and save yourself headache later.

Someone posted a copy of the letter they received online:
Attached Images
File Type: jpg letter.jpg (59.7 KB, 23 views)

Last edited by Mycroft; 05-25-2016 at 14:56. Reason: info addition
Mycroft is offline   Reply With Quote
Old 10-02-2016, 19:39   #4
Volunteer
Asset
 
Join Date: Sep 2014
Location: Oregon coastal fogbelt
Posts: 53
Sirs,

You may have been targeted for a phishing job (social engineering). That same text from your notification letter can be found here:

https://www.msgo.com/threads/aim-site-hacked.69831/

Look specifically for a post, on page 1 of 3, dated April 30th with an image referring to Bulk REEF Supply from "TankerHC". Addresses, locations and names claimed have several mismatches it appears.

Regards,
Volunteer


Quote:
Originally Posted by Mycroft View Post
Yikes!

Ok, here is the bad news. This type of breach is more significant than most online hacks of just credit card numbers or SSNs. How it didn't make headlines is beyond me.

The worse news: Most hackers understand that people get one year of credit monitoring and will let some data like this "cook" for 13 months after a breach notification, at which point the "free" credit monitoring goes away.

The good news: Placing a freeze on your credit reports if you've received one of these letters is really easy and free. The credit report is also the only way of actually significantly decreasing fraud in your name. The only pain point is that you'll have to keep a protocol sheet handy for when you apply for credit lines to call the reporting agency that the credit company you are applying to uses and temporarily unlock your data.

Here is an article from a security researcher that goes into a significant level of detail on why you should really just bit the bullet and get that freeze done:
http://krebsonsecurity.com/2015/06/h...curity-freeze/

Here is another whitepaper (a useful one, not a sales whitepaper) on the same subject (more of the same data, but just in case you wanted a different source:
http://uspirg.org/sites/pirg/files/r...RGFREEZE_0.pdf

And finally, here is the FTC on the same subject:
https://www.consumer.ftc.gov/article...it-freeze-faqs

In summation, take the time to get your credit freeze now and save yourself headache later.

Someone posted a copy of the letter they received online:
Volunteer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump



All times are GMT -6. The time now is 14:34.



Copyright 2004-2022 by Professional Soldiers ®
Site Designed, Maintained, & Hosted by Hilliker Technologies