Tsp center data leak?

[Alexosbour]

Tspcenter is the only place I use the username I have. I’m now getting loads of spam emails addressed to this username specifically. Hopefully not, but it seems TSPCenter has had data stolen from its server. I just wanted to give a heads up so that whatever security issue that led to it can be made aware.

[Aitrus]

Thanks for letting us know. I'll give MJ a heads up.

Probably a result of some research company sales tool scraping the site for data (which is completely legal, and they can get lots of info that way) vs us being hacked, but never hurts to check.

It's entirely possible for us to not be hacked, for you to not be compromised, and for your username / email to still be out there. It's an ugly multi-headed hydra.

https://www.youtube.com/watch?v=f_f5wNw-2c0

[bloobs]

Alex - unless "they" also have your password, just having your username does not always mean it was obtained though malicious hacking.

As Aitrus pointed out, info like your username can be easily webscraped by bots. Also likely the site hosting TSPCenter.com (it's not running off a server in MJ's basement anymore right Aitrus?) distributes this information, perhaps even including an associated email addy, to anyone who pays for it.

If the above information is alarming to you, that's a sign we should all be a lot more judicious as to what we post on the internet.

[Alexosbour]

Oh wow, I knew it would be easy for them to sift for usernames and maybe unassociated emails and such, but I didn't realize how easy it would be to sift for E-mails AND associated Usernames. I've never really been too concerned with my data as I've always been fairly careful about having too much out there, but have also never had my data used maliciously.

Thanks for the info, I just wanted to give a little heads-up, definitely not an attempt to scare anyone in the forums!

[jimcasada]

As a Federal worker, you probably qualify for a free monitoring service at https://opm.myidcare.com/. I think it was started after that GSA hack back in 2015. I recently checked my account and it's still working ok.

[wmfullen]

myidcare is pretty bad. They will tell you your email was found on the dark web and you should change your password but can't/won't tell you from what source. When i got credit letters declining cards i didn't apply for myidcare knew nothing and would do nothing. The only thing i ever hear from them is when some sex predator moves somewhere within 10 miles of me. Best thing i ever did was freeze my credit at all 3 agencies. It was fairly easy.

[mjedlin66]

Also likely the site hosting TSPCenter.com (it's not running off a server in MJ's basement anymore right Aitrus?) distributes this information, perhaps even including an associated email addy, to anyone who pays for it.

We lease a dedicated server, and even the company that owns the server cannot access the data on the server without my credentials. Nobody has raw access to the database except for me.

Something to keep in mind is that data can be leaked even if a company’s server is never compromised. It is very common in public wi-fi locations, especially airports, to listen/copy data that is being transmitted from your device to the website or app in use. It is called a man in the middle attack. However this would only leak that one user. But then an attacker could log in with your credentials and then have access to the same things that you would normally have access to.