Home U.S. Coin Forum
Options

What is PCGS/Collectors Universe or any other party doing about the hacks

RelaxnRelaxn Posts: 1,099 ✭✭✭✭✭

While I understand this is a free forum it does host MULTIPLE BST forums where transactions are taking place. The security of this forum is some how compromised... I, at this point, believe there must be something with the forum security that is allowing these hacks to transpire. It is more than hackers getting lucky on some kind of phishing expedition.

I IMPLORE the powers that be to investigate and help the people on this forum. There is a direct attack on us and it appears the forums lack of security is facilitating it.

@PCGS_Moderator
@Heather
@PCGS_Marketing

J

Comments

  • PeakRaritiesPeakRarities Posts: 4,539 ✭✭✭✭✭
  • scubafuelscubafuel Posts: 1,938 ✭✭✭✭✭
    edited July 20, 2025 8:26PM

    Never mind.

  • lordmarcovanlordmarcovan Posts: 43,840 ✭✭✭✭✭

    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/


    Explore collections of lordmarcovan on CollecOnline, management, safe-keeping, sharing and valuation solution for art piece and collectibles.
  • U1chicagoU1chicago Posts: 6,508 ✭✭✭✭✭
    edited July 20, 2025 8:34PM

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    There is always the risk of losing the BST but if there are active hacks going on, it is an issue even with no BST. It would be nice to know more about this latest set of hacks (and stop if possible) as it is certainly better than previous attempts.

  • lordmarcovanlordmarcovan Posts: 43,840 ✭✭✭✭✭

    Agreed


    Explore collections of lordmarcovan on CollecOnline, management, safe-keeping, sharing and valuation solution for art piece and collectibles.
  • Russell12561256Russell12561256 Posts: 21
    edited July 20, 2025 10:50PM

    I was hacked "Russell12", the admins are still working to try to get my original account back. I hate to loose all of my history.

  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭

    I think it would be easier just to shut down the BST.

  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭

    @U1chicago said:

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    There is always the risk of losing the BST but if there are active hacks going on, it is an issue even with no BST. It would be nice to know more about this latest set of hacks (and stop if possible) as it is certainly better than previous attempts.

    If there were no BST, it's just a message board and no one is going to bother to hack it. There might be some amusement in pretending to be me, but there's no profit.

  • BStrauss3BStrauss3 Posts: 3,681 ✭✭✭✭✭

    What do you expect they CAN do? If you reused a password that was compromised, that's not something the forum can prevent...

    Shutdown accounts when notified, sure. What else?

    Shutdown BST as a high-risk / attractive nuisance ???

    -----Burton
    ANA 50 year/Life Member (now "Emeritus")
  • Morgan WhiteMorgan White Posts: 8,620 ✭✭✭✭✭

    I don't think anyone gets "hacked". People click on links they shouldn't and voluntarily give up info.

  • pruebaspruebas Posts: 4,646 ✭✭✭✭✭

    If people used stronger passwords, it would help.

    Maybe the forum software could be set to enforce this?

  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭

    @Morgan White said:
    I don't think anyone gets "hacked". People click on links they shouldn't and voluntarily give up info.

    Except it's a little suspicious that there are so many cases on this one forum given how few people are active here. If the percentage were so high in the general population, Eastern Europe would have the 3rd highest GDP in the world.

  • TrickleChargeTrickleCharge Posts: 275 ✭✭✭

    @jmlanzaf said:

    @U1chicago said:

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    There is always the risk of losing the BST but if there are active hacks going on, it is an issue even with no BST. It would be nice to know more about this latest set of hacks (and stop if possible) as it is certainly better than previous attempts.

    If there were no BST, it's just a message board and no one is going to bother to hack it. There might be some amusement in pretending to be me, but there's no profit.

    Hmm.... hack @jmlanzaf , post a few eBay sucks threads, profit. :D

  • PeakRaritiesPeakRarities Posts: 4,539 ✭✭✭✭✭

    @BStrauss3 said:
    What do you expect they CAN do? If you reused a password that was compromised, that's not something the forum can prevent...

    Shutdown accounts when notified, sure. What else?

    Shutdown BST as a high-risk / attractive nuisance ???

    For starters, a basic email verification in order to change login information would probably help quite a bit.

    Founder- Peak Rarities
    Website
    Instagram
    Facebook

  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭

    @TrickleCharge said:

    @jmlanzaf said:

    @U1chicago said:

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    There is always the risk of losing the BST but if there are active hacks going on, it is an issue even with no BST. It would be nice to know more about this latest set of hacks (and stop if possible) as it is certainly better than previous attempts.

    If there were no BST, it's just a message board and no one is going to bother to hack it. There might be some amusement in pretending to be me, but there's no profit.

    Hmm.... hack @jmlanzaf , post a few eBay sucks threads, profit. :D

    Fun... no profit

  • TrickleChargeTrickleCharge Posts: 275 ✭✭✭

    @jmlanzaf said:

    @TrickleCharge said:

    @jmlanzaf said:

    @U1chicago said:

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    There is always the risk of losing the BST but if there are active hacks going on, it is an issue even with no BST. It would be nice to know more about this latest set of hacks (and stop if possible) as it is certainly better than previous attempts.

    If there were no BST, it's just a message board and no one is going to bother to hack it. There might be some amusement in pretending to be me, but there's no profit.

    Hmm.... hack @jmlanzaf , post a few eBay sucks threads, profit. :D

    Fun... no profit

    Oh I'm sure someone would pay for it :wink:

  • Morgan WhiteMorgan White Posts: 8,620 ✭✭✭✭✭

    @jmlanzaf said:

    @Morgan White said:
    I don't think anyone gets "hacked". People click on links they shouldn't and voluntarily give up info.

    Except it's a little suspicious that there are so many cases on this one forum given how few people are active here. If the percentage were so high in the general population, Eastern Europe would have the 3rd highest GDP in the world.

    The assumption then must be that someone hacked CU and stole users info. That doesn't seem like the most probable conclusion.

  • MsMorrisineMsMorrisine Posts: 35,784 ✭✭✭✭✭

    even shutting down the bst won't be 100% effective as they can just move to PMs to the user's known contacts

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • HalfDimeHalfDime Posts: 430 ✭✭✭✭

    I wish those that got hacked would reveal what password they were using, so we can see how sophisticated the hacking is.

  • MFeldMFeld Posts: 14,846 ✭✭✭✭✭

    @HalfDime said:
    I wish those that got hacked would reveal what password they were using, so we can see how sophisticated the hacking is.

    They could provide a reasonably good idea of how strong (or weak) the passowrds were without disclosing the specifics.

    Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.

  • HalfDimeHalfDime Posts: 430 ✭✭✭✭

    Password strength

    Simple or commonly used passwords such as "password", "123456", or "qwerty" can be cracked almost instantly by automated tools that try the most popular combinations first.

    Passwords of eight lowercase letters, even if not a dictionary word, can be cracked instantly by a modern computer—there are 209 billion possible combinations, but hardware and specialized software can check them all in seconds.

    Adding complexity—uppercase letters, numbers, symbols, and greater length—raises the difficulty: for example, an eight-character password with uppercase, lowercase, numbers, and symbols can take 22 minutes to crack with a supercomputer, but a 12-character password with the same complexity could take 34,000 years.

  • Dave99BDave99B Posts: 8,688 ✭✭✭✭✭
    edited July 21, 2025 9:06AM

    This ‘feels’ more like a data breach to me, the same thing that happens to major corporations on a continuous basis.

    Change your password on at least a quarterly basis. Add upper and lower case letters, and a special character or two. Never reuse the same password for different sites. At this point, that’s all you can really do.

    Dave

    Always looking for original, better date VF20-VF35 Barber quarters and halves, and a quality beer.
  • justindanjustindan Posts: 840 ✭✭✭✭✭

    After more research and reviewing the forum attacks, it appears they all originate from a vulnerability in shared software. The attacker can exploit the server to access sensitive information like login credentials. I'm fairly confident this is the issue, and a software update should address it immediately. Changing your password could help if it's already compromised, but the attacker could just as easily obtain the new one through the same vulnerability.

    On another note, there is a strong chance OSINT tools are being used to attempt credential stuffing across other platforms. For example, if you share usernames and passwords elsewhere, make sure to change them.

  • AUandAGAUandAG Posts: 24,929 ✭✭✭✭✭

    I'm not a computer guy by any means, so this may be an ignorant question. Doesn't the hacker have a computer or other ID that can be blocked? When I block someone from emailing me, doesn't my computer just block all incoming emails from that ID that I blocked?

    bob :)

    Registry: CC lowballs (boblindstrom), bobinvegas1989@yahoo.com
  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭
    edited July 21, 2025 9:47AM

    @Morgan White said:

    @jmlanzaf said:

    @Morgan White said:
    I don't think anyone gets "hacked". People click on links they shouldn't and voluntarily give up info.

    Except it's a little suspicious that there are so many cases on this one forum given how few people are active here. If the percentage were so high in the general population, Eastern Europe would have the 3rd highest GDP in the world.

    The assumption then must be that someone hacked CU and stole users info. That doesn't seem like the most probable conclusion.

    To me, that actually seems more probable than that 3 out of a couple hundred active users all got independently hacked.

    Not to mention, if they were individually hacked they would likely have issues at other sites they use, like their bank.

  • jmlanzafjmlanzaf Posts: 36,463 ✭✭✭✭✭

    @AUandAG said:
    I'm not a computer guy by any means, so this may be an ignorant question. Doesn't the hacker have a computer or other ID that can be blocked? When I block someone from emailing me, doesn't my computer just block all incoming emails from that ID that I blocked?

    bob :)

    No. Your computer blocks the email address not the ISP.

  • RelaxnRelaxn Posts: 1,099 ✭✭✭✭✭

    @lordmarcovan said:
    Unfortunately I agree with @scubafuel.

    Our corporate sponsors can’t fairly be asked to police third-party transactions like this. “Caveat emptor” applies.

    However, anything they DO voluntarily undertake in the way of investigation would I’m sure be appreciated. To lose the BST would be tragic.

    Have a look at the extremely blunt language Doug used in this sticky at the top of the CoinTalk BST. I’d expect a similar stance from the hosts here.

    https://www.cointalk.com/threads/warning-if-you-buy-here-you-may-get-ripped-off.316414/

    I am not asking the 3rd party transactions to be policed. I am asking the host to secure OUR DATA. We entrust with them.
    If the security of the site is allowing the hacks then the onus falls on them.
    We, as buyers and sellers, have our own responsibility to buy and sell... but they have a certain responsibility to protect our data.

  • HalfDimeHalfDime Posts: 430 ✭✭✭✭

    Either they hacked all of our accounts together or it was individual attacks on members with weak passwords. I am guessing the second scenario, but everyone should improve their passwords for starters to make sure.

  • AUandAGAUandAG Posts: 24,929 ✭✭✭✭✭

    @HalfDime said:
    Either they hacked all of our accounts together or it was individual attacks on members with weak passwords. I am guessing the second scenario, but everyone should improve their passwords for starters to make sure.

    Just exactly how does one change a password? I went to my account page and find nowhere to do that.
    thanks,
    bob :)

    Registry: CC lowballs (boblindstrom), bobinvegas1989@yahoo.com
  • chattermonkeychattermonkey Posts: 75 ✭✭✭

    @AUandAG said:

    @HalfDime said:
    Either they hacked all of our accounts together or it was individual attacks on members with weak passwords. I am guessing the second scenario, but everyone should improve their passwords for starters to make sure.

    Just exactly how does one change a password? I went to my account page and find nowhere to do that.
    thanks,
    bob :)

    password can be changed by clicking on the gear icon located upper right, then edit profile

  • TomBTomB Posts: 22,075 ✭✭✭✭✭

    @AUandAG said:

    @HalfDime said:
    Either they hacked all of our accounts together or it was individual attacks on members with weak passwords. I am guessing the second scenario, but everyone should improve their passwords for starters to make sure.

    Just exactly how does one change a password? I went to my account page and find nowhere to do that.
    thanks,
    bob :)

    This is how it is done on a desktop, but a phone might be different. Click on the gear symbol in the upper right corner of the page. A dropdown menu will appear and you can hit "Edit Profile". It will take you to "Account & Privacy Settings" and then click on the pencil icon next to your password. At that point a popup will come up to change the password.

    Thomas Bush Numismatics & Numismatic Photography

    In honor of the memory of Cpl. Michael E. Thompson

    image
  • justindanjustindan Posts: 840 ✭✭✭✭✭

    @HalfDime said:
    Either they hacked all of our accounts together or it was individual attacks on members with weak passwords. I am guessing the second scenario, but everyone should improve their passwords for starters to make sure.

    This is not necessarily a true statement. If it is an information disclosure flaw exploit the data leaked from memory may only be the credentials that apply to one or more than one member.

    @AUandAG said:
    I'm not a computer guy by any means, so this may be an ignorant question. Doesn't the hacker have a computer or other ID that can be blocked? When I block someone from emailing me, doesn't my computer just block all incoming emails from that ID that I blocked?

    bob :)

    It is likely the perpetrator has multiple means to hide his origin IP and or other information making it nearly impossible to single them out.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file