Home U.S. Coin Forum
Options

Recent Hackings on the Forum

Hello everyone,

I would like to take a moment to address the recent account hacks that many of our forum users have been experiencing. I want you all to know that we take this situation very seriously and have been working with the forum support team to figure out what is going on since the first hacked account was reported.

In the meantime, please be mindful of any suspicious emails you receive.

  • PCGS will NEVER contact you asking you to change your password or update your email unless YOU initiated a password reset.
  • Never click on a link you receive in a suspicious email. Always go directly to the website the link came from to verify authenticity.
  • Make sure you are using strong, unique passwords to protect your account. Using the same password to log into multiple accounts can put them all at risk. We also suggest changing your password periodically to help mitigate the risk of compromised passwords.
  • We are also aware that people have been scammed by these hackers. Please refer to our post about best practices when buying and selling on the forum. The most relevant line to remember right now is: "If something sounds too good to be true, it usually is." Additionally, remember that Collectors Universe assumes no liability in the event of either party failing to fulfill their commitment to the other party. If you've been scammed out of money, we can't do anything but ban the bad actor.

Abby Zechman
PCGS Education Coordinator

Comments

  • PROMETHIUS88PROMETHIUS88 Posts: 2,955 ✭✭✭✭✭

    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

  • JBKJBK Posts: 16,357 ✭✭✭✭✭
    edited July 21, 2025 1:24PM

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Hmmm. At some point it might be a possibility that your pc has been hacked.

    If you used your pc to change your password and they still changed it again, try changing it from your phone.

  • jmlanzafjmlanzaf Posts: 36,282 ✭✭✭✭✭

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Then how did you get in?

  • RiveraFamilyCollectRiveraFamilyCollect Posts: 748 ✭✭✭✭

    You need to change the password for your email.
    That would be about the only way a "hacker" can be changing your passwords for your accounts, if they get your emails.

    The substantial truth doctrine is an important defense in defamation law that allows individuals to avoid liability if the gist of their statement was true.

  • blitzdudeblitzdude Posts: 6,494 ✭✭✭✭✭
    edited July 21, 2025 1:40PM

    @jmlanzaf said:

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Then how did you get in?

    ^This is my thought as well although I do believe I was conversing with the real Tim via PM less than an hour ago. Now I am not certain who is posting in the threads (Tim, the Hack, or both). THKS!

  • PROMETHIUS88PROMETHIUS88 Posts: 2,955 ✭✭✭✭✭

    Yes, you were. It let me in under my old password. Then I changed the password while I was still logged in. I'm guessing the hacker was able to access the new password. When I go to change the password now, the new one I set up will not work. I don't think I'll be able to have access after I logged out. I just talked to another board member on the phone that will post in a little bit.

  • PROMETHIUS88PROMETHIUS88 Posts: 2,955 ✭✭✭✭✭

    Lol... the hacker is/was apparently on at the same time I was since he was editing my post! I'm posting from my work PC now and have to log out so guessing I won't be able to get back in for a while! Peace for now!

    Tim

  • MWallaceMWallace Posts: 4,327 ✭✭✭✭✭

    Is this true? Then why can I login on my laptop, tablet, and phone at the same time?

  • JBKJBK Posts: 16,357 ✭✭✭✭✭

    Or, if the hacker never logs out, maybe he can keep changing passwords? 🤔

  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    this is pointing to the forum "stuff" having exploits instead of password cracking

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • logger7logger7 Posts: 8,991 ✭✭✭✭✭

    I'd think they'd be cooperating with law enforcement as crimes have been committed such as identity theft:

    Stealing someone's identity on a website to steal money is a multifaceted crime involving both identity theft and fraud, often prosecuted under federal laws. Specifically, it can be classified as identity theft under 18 U.S.C. § 1028, and depending on the specific actions, could also involve credit card fraud (18 U.S.C. § 1029), computer fraud (18 U.S.C. § 1030), or wire fraud (18 U.S.C. § 1343)

  • jmlanzafjmlanzaf Posts: 36,282 ✭✭✭✭✭
    edited July 21, 2025 7:30PM

    @logger7 said:
    I'd think they'd be cooperating with law enforcement as crimes have been committed such as identity theft:

    Stealing someone's identity on a website to steal money is a multifaceted crime involving both identity theft and fraud, often prosecuted under federal laws. Specifically, it can be classified as identity theft under 18 U.S.C. § 1028, and depending on the specific actions, could also involve credit card fraud (18 U.S.C. § 1029), computer fraud (18 U.S.C. § 1030), or wire fraud (18 U.S.C. § 1343)

    Has anyone filed a police report?

  • jmlanzafjmlanzaf Posts: 36,282 ✭✭✭✭✭

    @RiveraFamilyCollect said:
    You need to change the password for your email.
    That would be about the only way a "hacker" can be changing your passwords for your accounts, if they get your emails.

    That's only true if there is email authentication required

  • Coin FinderCoin Finder Posts: 7,384 ✭✭✭✭✭

    Sadly, Id fraud happens so often there are not enough investigators to follow up and bring charges.... They just cannot get to them all... They will get to some for sure, but to many to get them all. I think reporting it is still the right thing to do however..

  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    fbi

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • pcgsregistrycollectorpcgsregistrycollector Posts: 1,354 ✭✭✭✭✭

    My grandma always used to say good begets good and bad begets bad. Hopefully the hackers get nothing but the bad.

    God comes first in everything I do. I’m dedicated to serving Him with my whole life. Coin collecting is just a hobby—but even in that, I seek to honor Him. ✝️

  • MFeldMFeld Posts: 14,771 ✭✭✭✭✭

    @HeatherBoyd said:
    Hello everyone,

    In the interest of keeping private information safe and limiting the ability of any bad actors to take advantage of other forum members, the reported accounts have been temporarily banned while we work with the forum provider (Vanilla) to find a solution.

    If your account has been banned during this time, or you believe your account was hacked and you are unable to access it, please email izavala@collectors.com with the following information:


    User Name
    Email associated with the account
    Last login date

    Do you recall receiving any emails requesting that you login, provide your account info or alerting you of issues with your account?

    Do you recall logging into any pages that looked different from our standard login screen?

    Any other suspicious alerts or notifications prior to this occurance?


    Thank you! We are doing everything that we can to help Vanilla troubleshoot these issues to ensure no one else is impacted and restore access to these accounts.

    And please, just in case, take a moment to reset your passwords, it never hurts to be cautious.

    Thank you, Heather!

    Mark Feld* of Heritage Auctions*Unless otherwise noted, my posts here represent my personal opinions.

  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    Come to think of it, if I'm on a different computer or even a different browser on this computer I can still login to my PCGS message board account with each one so I can be logged in at 4 or 5 different locations.

    theknowitalltroll;
  • leothelyonleothelyon Posts: 8,484 ✭✭✭✭✭

    Don't know if this will help anyone, one thing I have avoided, storing user/saving names and passwords to my laptop, phone whenever registering. Whenever I am asked to save such info, I have declined every time. All my personal info, user names and passwords are in a small notebook. Don't know if this is a good practice but if my laptop ever gets hacked, I like to think and hope they won't find anything they can use. One time, registering for some company or website, they asked for my first 3 digits of my SS. I replied that the last 4 digits are already out there so I can't do that. They did find another way of registering me. Leo

    The more qualities observed in a coin, the more desirable that coin becomes!

    My Jefferson Nickel Collection

  • Clackamas1Clackamas1 Posts: 1,494 ✭✭✭✭✭

    Watch they don't change the shipping address to send your coins that maybe coming back to you, other than that it is kind of funny. I mean who hacks a PCGS message board forum.

  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    it needs more than that. it needs a SM1 again

    i think there is a forum system exploit. perhaps a pause switch would be useful with a down for maintenance sign

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • grote15grote15 Posts: 29,803 ✭✭✭✭✭

    @BAJJERFAN said:
    Come to think of it, if I'm on a different computer or even a different browser on this computer I can still login to my PCGS message board account with each one so I can be logged in at 4 or 5 different locations.

    This is correct. I don't believe staying logged in is any kind of safeguard by itself.



    Collecting 1970s Topps baseball wax, rack and cello packs, as well as PCGS graded Half Cents, Large Cents, Two Cent pieces and Three Cent Silver pieces.
  • BStrauss3BStrauss3 Posts: 3,676 ✭✭✭✭✭

    @Clackamas1 said:
    Watch they don't change the shipping address to send your coins that maybe coming back to you, other than that it is kind of funny. I mean who hacks a PCGS message board forum.

    Best practice would be to have different, random passwords for the two accounts (pgcs.com and forums.collectors.com)

    -----Burton
    ANA 50 year/Life Member (now "Emeritus")
  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    I don't have a PCGS account per se unless the account to access the set registry is considered a PCGS account for the purpose of submitting, etc.

    theknowitalltroll;
  • messydeskmessydesk Posts: 20,274 ✭✭✭✭✭

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    I don't think that's an option for the Vanilla forums platform. They do offer 2FA for the PCGS registry/membership account, but that's different software.

  • lermishlermish Posts: 3,726 ✭✭✭✭✭

    @PeakRarities said:

    @MsMorrisine said:

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    it needs more than that. it needs a SM1 again

    i think there is a forum system exploit. perhaps a pause switch would be useful with a down for maintenance sign

    I don't even think it needs to be all that difficult.

    Currently, you can change ANYTHING about the account without any type of confirmation to the linked email account. If that was simply a feature that wasn't able to be unchecked, then anytime a hacker would try to change a password or notification setting, the user would get an email that would have to confirm. I think that would solve 98% of the issues we have been having without making the sign in process too difficult.

    I guess I'll be the pessimist/doomsayer (although I hate what I'm about to say, it's realistic).

    There is one solution that is 100% effective, solves lots of other pesky issues, and saves CU money...

    chopmarkedtradedollars.com

  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    if there is an exploit then no confirmation would be needed. step 1 change the email address. even with 2fa, change that. submit change password request

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • LukeMarshallLukeMarshall Posts: 2,040 ✭✭✭✭✭
    edited July 22, 2025 7:43AM

    @PCGS_Moderator @HeatherBoyd

    Hackers may be brute forcing passwords using public password lists (think yahoo breach)
    Brute forcing involves trying hundred to thousands of passwords

    Solution(s) -
    1. Have cloudfare put a pause between login attempts with a check box (verify you are human)
    2. Have the forum software automatically lock out accounts after 3 unsuccessful logins, requiring an email link to reset

    @JBK said:

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Hmmm. At some point it might be a possibility that your pc has been hacked.

    If you used your pc to change your password and they still changed it again, try changing it from your phone.

    This sounds like a keylogger - Something that can see the keys that you are pressing on your computer. JBK has a point but if the password is changed you wont be able to get into the forum on your phone. Treat your computer as though its compromised.

    spellinh

    It's all about what the people want...

  • LukeMarshallLukeMarshall Posts: 2,040 ✭✭✭✭✭

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    Another Solution - 2 factor authentication

    It's all about what the people want...

  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    @lermish said:

    @PeakRarities said:

    @MsMorrisine said:

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    it needs more than that. it needs a SM1 again

    i think there is a forum system exploit. perhaps a pause switch would be useful with a down for maintenance sign

    I don't even think it needs to be all that difficult.

    Currently, you can change ANYTHING about the account without any type of confirmation to the linked email account. If that was simply a feature that wasn't able to be unchecked, then anytime a hacker would try to change a password or notification setting, the user would get an email that would have to confirm. I think that would solve 98% of the issues we have been having without making the sign in process too difficult.

    I guess I'll be the pessimist/doomsayer (although I hate what I'm about to say, it's realistic).

    There is one solution that is 100% effective, solves lots of other pesky issues, and saves CU money...

    Sorta like you can't have a driveby shooting if you don't/can't have a vehicle.

    theknowitalltroll;
  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    @LukeMarshall said:
    @PCGS_Moderator @HeatherBoyd

    Hackers may be brute forcing passwords using public password lists (think yahoo breach)
    Brute forcing involves trying hundred to thousands of passwords

    Solution(s) -
    1. Have cloudfare put a pause between login attempts with a check box (verify you are human)
    2. Have the forum software automatically lock out accounts after 3 unsuccessful logins, requiring an email link to reset

    @JBK said:

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Hmmm. At some point it might be a possibility that your pc has been hacked.

    If you used your pc to change your password and they still changed it again, try changing it from your phone.

    This sounds like a keylogger - Something that can see the keys that you are pressing on your computer. JBK has a point but if the password is changed you wont be able to get into the forum on your phone. Treat your computer as though its compromised.

    spellinh

    If you try to login in with an unfamiliar IP address then maybe a security question or 2 would be appropriate.

    theknowitalltroll;
  • pcgsregistrycollectorpcgsregistrycollector Posts: 1,354 ✭✭✭✭✭

    Added security question would be very helpful.

    God comes first in everything I do. I’m dedicated to serving Him with my whole life. Coin collecting is just a hobby—but even in that, I seek to honor Him. ✝️

  • bestmrbestmr Posts: 1,793 ✭✭✭

    Just don’t use coins as your answer

    Positive dealing with oilstates2003, rkfish, Scrapman1077, Weather11am, Guitarwes, Twosides2acoin, Hendrixkat, Sevensteps, CarlWohlforth, DLBack, zug, wildjag, tetradrachm, tydye, NotSure, AgBlox, Seemyauction, Stopmotion, Zubie, Fivecents, Musky1011, Bstat1020, Gsa1fan several times, and Mkman123 LOTS of times
  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    @bestmr said:
    Just don’t use coins as your answer

    Even if that was my grandmaw's maiden name?

    theknowitalltroll;
  • JBKJBK Posts: 16,357 ✭✭✭✭✭
    edited July 22, 2025 10:19AM

    @LukeMarshall said:
    @PCGS_Moderator @HeatherBoyd

    Hackers may be brute forcing passwords using public password lists (think yahoo breach)
    Brute forcing involves trying hundred to thousands of passwords

    Solution(s) -
    1. Have cloudfare put a pause between login attempts with a check box (verify you are human)
    2. Have the forum software automatically lock out accounts after 3 unsuccessful logins, requiring an email link to reset

    @JBK said:

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Hmmm. At some point it might be a possibility that your pc has been hacked.

    If you used your pc to change your password and they still changed it again, try changing it from your phone.

    This sounds like a keylogger - Something that can see the keys that you are pressing on your computer. JBK has a point but if the password is changed you wont be able to get into the forum on your phone. Treat your computer as though its compromised.

    spellinh

    All very true.

    My point about (preemptively) changing the password via phone was that a keystroke logger on the pc would not work on the cellphone so a hacker on the pc would be shut out on the new password if it was changed on his phone.

    But it's all just speculation as to where the real issue is rooted.

  • messydeskmessydesk Posts: 20,274 ✭✭✭✭✭

    @LukeMarshall said:

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    Another Solution - 2 factor authentication

    Not available in the Vanilla forum software.

  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    @JBK said:

    @LukeMarshall said:
    @PCGS_Moderator @HeatherBoyd

    Hackers may be brute forcing passwords using public password lists (think yahoo breach)
    Brute forcing involves trying hundred to thousands of passwords

    Solution(s) -
    1. Have cloudfare put a pause between login attempts with a check box (verify you are human)
    2. Have the forum software automatically lock out accounts after 3 unsuccessful logins, requiring an email link to reset

    @JBK said:

    @PROMETHIUS88 said:
    Just fyi, the hacker is currently active on this account as he/she has edited at least one of my posts and also changed my password after I changed it.

    Hmmm. At some point it might be a possibility that your pc has been hacked.

    If you used your pc to change your password and they still changed it again, try changing it from your phone.

    This sounds like a keylogger - Something that can see the keys that you are pressing on your computer. JBK has a point but if the password is changed you wont be able to get into the forum on your phone. Treat your computer as though its compromised.

    spellinh

    All very true.

    My point about (preemptively) changing the password via phone was that a keystroke logger on the pc would not work on the cellphone so a hacker on the pc would be shut out on the new password if it was changed on his phone.

    But it's all just speculation as to where the real issue is rooted.

    If you got compromised because of a keystroke logger you should expect them to try to access more of your accounts I would think. I had someone try to blackmail into sending money or they would send embarassing video to everyone in my address book. Claimed they got me through a keystroke logger. I knew that was BS since I don't have a webcam or a FaceBook account.

    theknowitalltroll;
  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    @messydesk said:

    @LukeMarshall said:

    @FriendlyEagle7 said:
    it would be nice if PCGS would add two factor authentication via authenticator app

    Another Solution - 2 factor authentication

    Not available in the Vanilla forum software.

    vanilla doesn't have a lot of things but we find it needs them now

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • BAJJERFANBAJJERFAN Posts: 31,255 ✭✭✭✭✭

    They also tried the same crap with my NGC and CoinTalk accounts. I was able to beat them to the punch and change my passwords there. I posted on CT that a for sale ad by another user was a scam and got a PM theatening to shoot my family. NGC took care of his business there.

    theknowitalltroll;
  • dipset512dipset512 Posts: 24 ✭✭

    I would advise shortening the cookie expiration. I recall logging in when registering and have been logged in ever since. If an attacker could retrieve my cookies from my local computer, no password changing would be needed for them to gain access.

  • MsMorrisineMsMorrisine Posts: 35,656 ✭✭✭✭✭

    @PROMETHIUS88 said:
    Thank you to heather and Isabela for getting me fixed up and back in. I really hope this doesn't happen again and the hacker/s get expsed!

    how do you think it happened to you?

    Current maintainer of Stone's Master List of Favorite Websites // My BST transactions
  • braddickbraddick Posts: 24,753 ✭✭✭✭✭

    @MsMorrisine said:

    @PROMETHIUS88 said:
    Thank you to heather and Isabela for getting me fixed up and back in. I really hope this doesn't happen again and the hacker/s get expsed!

    how do you think it happened to you?

    peacockcoins

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file