Reverb site compromised. Change your password.

Post All Your Unrelated Stuff Here.
Post Reply
User avatar
archetype
Reactions:
Posts: 30
Joined: Sat Aug 08, 2020 8:59 pm

Since many of us have reverb.com accounts...

The date of the compromise isn't mentioned, and the Reverb site has no mention of the compromise, but many folks with Reverb accounts are getting e-mailed notices of a site compromise. I've looked at the e-mail header and it definitely comes from Reverb. Time to change your password to be safe.

This stuff happens. Sometimes people are lax. Sometimes the bad guys just outpace the security folks who are working just as hard at keeping things locked up. "...publicly accessible for a short period of time" makes me think that directory permissions changed and exposed info was stored where it shouldn't be. Here's the basics from the e-mail:

Dear Reverber,

We take our users’ privacy and security very seriously. Out of an abundance of caution, we wanted to inform you that Reverb recently became aware of an issue relating to user contact information.

At this time, we believe that contact information, including name, address, phone number, and email, was publicly accessible for a short period of time. We do not have reason to believe that any of this information has been misused, nor do we believe that password or payment information were involved.

As soon as we learned of this issue, we immediately worked to resolve it. We conducted an investigation of the situation to determine what happened and are taking steps to prevent something like this from happening again.

As a general reminder, we recommend that you change your Reverb password on a regular basis. If you’d like to update your password you can do so easily from your Account Settings page.
Fender: James Burton Standard Tele, Baja 50s Tele, Classic Player 50s Strat, MIJ ST-62DEX2 Strat
Squier: Classic Vibe 50s Tele, Bullet Strat, Affinity Strat
Gibson: ES-335 TDC, Les Paul 50s Tribute goldtop
User avatar
aullucci
Reactions:
Posts: 343
Joined: Wed May 27, 2020 2:17 pm
Location: Lil Rhody

I got the same email. I hadn't checked into its authenticity yet. Thanks for jumping on that @archetype
User avatar
Partscaster
Reactions:
Posts: 1557
Joined: Thu May 28, 2020 12:41 pm
Location: Mars: Sector 6

I will. Thanks.
"The man that hath no music in himself, nor is not moved with concord of sweet sounds, is fit for treasons, stratagems, and spoils. The motions of his spirit are dull as night, and his affections dark as Erebus. Let no such man be trusted."
User avatar
BatUtilityBelt
Reactions:
Posts: 1727
Joined: Thu May 28, 2020 4:25 pm

Seems legit (not sarcasm).
User avatar
ronnx
Reactions:
Posts: 165
Joined: Sat Oct 24, 2020 12:01 pm
Gearlist: Agile, Squier, Ibanez, Italia, Fender., Peavey, Epiphone and Partscasters.

I recently added DuckDuckGo to my Firefox browser. I've noticed several sites I visit only sparsely have sent me messages on some unknown trying to access my accounts. I'm thinking it may have something to do with adding DDG's browsing protections. ???
User avatar
BatUtilityBelt
Reactions:
Posts: 1727
Joined: Thu May 28, 2020 4:25 pm

From the email, it seems to relate to people with Reverb accounts.
User avatar
ronnx
Reactions:
Posts: 165
Joined: Sat Oct 24, 2020 12:01 pm
Gearlist: Agile, Squier, Ibanez, Italia, Fender., Peavey, Epiphone and Partscasters.

I meant to mention I got one from Reverb among others.
User avatar
Bullcat
Reactions:
Posts: 95
Joined: Thu May 28, 2020 10:33 pm
Location: Under a rock in Washington State

I got the same one too, Reverb was hanging by a thread with me since the Etsy takeover and this just nails the coffin shut on my business with them.
Joined AGF May 11, 2015
User avatar
fatjack
Reactions:
Posts: 418
Joined: Thu May 28, 2020 10:14 am
Location: chucktown SC

Thanks, got the notice and didn't get to it till now.
User avatar
andrewsrea
Reactions:
Posts: 1375
Joined: Wed May 27, 2020 4:43 pm
Location: Lake Saint Louis, MO
Gearlist: 28 Guitars: (2) basses, (2) acoustics, (3) hollow bodies, (3) Semi hollow, (1) Double-neck, (17) Solid-bodies

Appreciate the heads-up. i got the email and had to read it a few times to understand what it meant. I got out of it that our personal info was accidentally exposed, but they are not sure any one was looking.

I have life long identity service and insurance due to my US government clearance information was hacked (yes, the CCP has my fingerprints and social security number) and my medical insurance (Anthem) personal info was hacked.

This email read different from those hacks. This read like one of their software designers were doing their work, not realizing they left the door open.
Live life to the fullest! - Rob
Post Reply