A Guitar And Gear Support Forum

Since many of us have reverb.com accounts...

The date of the compromise isn't mentioned, and the Reverb site has no mention of the compromise, but many folks with Reverb accounts are getting e-mailed notices of a site compromise. I've looked at the e-mail header and it definitely comes from Reverb. Time to change your password to be safe.

This stuff happens. Sometimes people are lax. Sometimes the bad guys just outpace the security folks who are working just as hard at keeping things locked up. "...publicly accessible for a short period of time" makes me think that directory permissions changed and exposed info was stored where it shouldn't be. Here's the basics from the e-mail:

Dear Reverber,

We take our users’ privacy and security very seriously. Out of an abundance of caution, we wanted to inform you that Reverb recently became aware of an issue relating to user contact information.

At this time, we believe that contact information, including name, address, phone number, and email, was publicly accessible for a short period of time. We do not have reason to believe that any of this information has been misused, nor do we believe that password or payment information were involved.

As soon as we learned of this issue, we immediately worked to resolve it. We conducted an investigation of the situation to determine what happened and are taking steps to prevent something like this from happening again.

As a general reminder, we recommend that you change your Reverb password on a regular basis. If you’d like to update your password you can do so easily from your Account Settings page.

I got the same email. I hadn't checked into its authenticity yet. Thanks for jumping on that @archetype

I will. Thanks.

Seems legit (not sarcasm).

I recently added DuckDuckGo to my Firefox browser. I've noticed several sites I visit only sparsely have sent me messages on some unknown trying to access my accounts. I'm thinking it may have something to do with adding DDG's browsing protections. ???

From the email, it seems to relate to people with Reverb accounts.

I meant to mention I got one from Reverb among others.

I got the same one too, Reverb was hanging by a thread with me since the Etsy takeover and this just nails the coffin shut on my business with them.

Thanks, got the notice and didn't get to it till now.

Appreciate the heads-up. i got the email and had to read it a few times to understand what it meant. I got out of it that our personal info was accidentally exposed, but they are not sure any one was looking.

I have life long identity service and insurance due to my US government clearance information was hacked (yes, the CCP has my fingerprints and social security number) and my medical insurance (Anthem) personal info was hacked.

This email read different from those hacks. This read like one of their software designers were doing their work, not realizing they left the door open.