Security Breech from Bill Goodwin- UPDATE IN POST #77

[3-2-count]

Hi Ed. The email that I received is exactly like the one which was copy and pasted in post #26 in this thread by another member.

[edhans]

The link was dead in mine. I had to key in the URL.

[3-2-count]

That’s odd Ed. Mine most definitely had a live link.

[swarmee]

It depends on your browser/email program settings. The same link will be live for some and turned off for others.

[bcornell]

Quote:

Originally Posted by swarmee

It depends on your browser/email program settings. The same link will be live for some and turned off for others.

John is correct. The newest version of Firefox, for example, is blocking access to many non-secure sites (i.e., ones that start with http, not https). N54 is getting that treatment right now.

This will happen soon with Chrome, as well, and then it will *very* disruptive since that browser is like 70% of market share now. The burden is on site owners to purchase secure certificates, install them, and run their sites under HTTPS.

Bill Goodwin shouldn't be running an auction site in 2020. That's pretty obvious.

[whiteymet]

Quote:

Originally Posted by swarmee

It depends on your browser/email program settings. The same link will be live for some and turned off for others.

So back to my original question. Since my email DID have a link and I clicked on it, am I at risk?

[buymycards]

Here are a couple of more things - nothing major, but kind of weird:

1. The link in the email is https:, but when I click on the link and go to the auction, it is not https: and Google says that the site is not secure.

2. I reset my password yesterday shortly after I received the email. I tried logging in a few minutes ago and the password didn't work, so I had to reset it again.

3. I normally don't click on links in the body of an email, but I think, in this case, it seems to be OK. I shouldn't have done it yesterday when I received the email. I should have typed the address into my browser and logged in that way.

4. I was originally concerned that my credit card info was carried from the old site to the new Heartland site, but I was looking at the rules a few minutes ago, and they do not accept PayPal or credit cards, so that shouldn't be an issue.

5. Another thought is that when I first set up my username and password for the old Beckett site, I assumed that this info would only be used for that particular site. If Bill bought the customer list from Beckett or whoever, (whomever?) I can understand it if the customer list included my email address, and my name, and maybe even my shipping address or my username, but my password? That shouldn't have happened.

6. With all of that being said, that is one hell of a nice group of cards for sale! (More free advertising for the auction)

[bcornell]

Quote:

Originally Posted by whiteymet

So back to my original question. Since my email DID have a link and I clicked on it, am I at risk?

Fred - short answer: there's no risk. The link is to a website, but nothing gets installed on your device if you clicked on it. This isn't a malware problem, it's a website-run-by-incompetents problem.

Another question here was about Goodwin's practices. Common sense would ask why he got higher prices on so many cards like D304's and Clemente rookies than all other auction sites. His silly answer was that people trusted him more. Why did the same cards get auctioned multiple times? Why did consignors not get paid for many months? It all comes back to the same problem: him.

He's back and the same nonsense will happen again if bidders allow it to happen.

[prewarsports]

RMY Auctions switched to Create Auction several years ago and could not be happier. There is no on/off function that would ever allow us to see a password, ever!

[whiteymet]

[QUOTE=bcornell;1963956]Fred - short answer: there's no risk. The link is to a website, but nothing gets installed on your device if you clicked on it. This isn't a malware problem, it's a website-run-by-incompetents problem.


Thanks for the info

Fred

[Snapolit1]

Quote:

Originally Posted by 3-2-count

That’s odd Ed. Mine most definitely had a live link.

Mine did too.

[tedzan]

I'm shocked ! Shocked ! To see such recklessness going on here

I didn't know what to make of it at first. But, it had been such a long time that I last bid in Bill's previous
auctions, that it was an old discarded Password. Anyhow, as far as I was concerned...."No harm, No foul".

However, I very well understand everyone's concerns here.

Also, the link (hi-lighted) was there below my Password.


TED Z
.

[teza11]

I got the same email. This breach has caused me to sign-up with 1Password and spend MY ENTIRE DAY...YES...MY ENTIRE DAY...BUT I'M NOT BITTER OR ANYTHING...resetting my passwords across all auction, banking, investment, travel, chat, and misc "sign on" sites. On a positive note, it's the kick in the ass I needed to finally get it done.

Jeff