Privacy guaranteed - Your email is not shared with anyone.

AIM site hacked

Discussion in 'General Off Topic' started by gutdoc, Apr 30, 2016.

  1. gutdoc

    gutdoc Distinguished Poster

    I just received a notice that their site was hacked, and personal info was breached. At least they're offering a complementary, one year credit watch. A couple of months ago when my credit card info was hacked I contacted NSS and the guy I talked with was up front with me. Admitted they had been hit and the problem was taken care of. Props to AIM for being proactive, but seems to be a trend on the type sites getting hit.

    Just a heads up to you guys
  2. Driveshaft

    Driveshaft Distinguished Poster

    Not only is this becoming common but firms are also seeing more ransomware. Yep that's just how it sounds, they infect your computer system and threaten to enable the virus to destroy your harddrive if you don't pay them ransom.
    frodo and Sum Gy Custom Firearms like this.

  3. gutdoc

    gutdoc Distinguished Poster

    Off topic but anybody got a call from Sgt. Robert Smith with a strong mid eastern accent representing the fraud division of the IRS. Recorded calls and each subsequent one is more aggressive. Ends with call them at blah blah to avoid being charged or indicted. They call from 972-217-4428.
    frodo and Sum Gy Custom Firearms like this.
  4. sand_man

    sand_man Grouchy Old Fart MSGO Supporter

    If caller ID says Unknown or Blocked it goes unanswered.
    frodo, CajunBP, Canman and 1 other person like this.
  5. TippersDad

    TippersDad Distinguished Poster MSGO Supporter

    I promise you, the IRS don't make phone calls.
    frodo, 94LEVERFAN, mascott and 3 others like this.
  6. idriller

    idriller Distinguished Poster

    I just answer it and lay the phone down. Then come back later and hang it up.
  7. Cliff731

    Cliff731 Danged ole' Hermit...

    Very true... very much true... :yeah:
    frodo and Sum Gy Custom Firearms like this.
  8. MrGoodtime

    MrGoodtime Distinguished Poster

    Got a call like that about 3 weeks ago an my cell phone, was actually able to keep his chain tight for 29mins before he caught
    Hoot G, frodo, 94LEVERFAN and 2 others like this.
  9. Oldbuzzard

    Oldbuzzard Distinguished Poster

    yep just hung up and blocked number
    frodo and Sum Gy Custom Firearms like this.
  10. TankerHC

    TankerHC Distinguished Poster

    Thought I would stop in and see if anyone else got that notice. I'm fed up with it. This is the third time a company has been hacked of my information this month. Big deal on the ID prevention BS, I now have three. After the fact is a little late. VBUlletin was also hacked for personal info.

    They didnt just "Get hacked". The hacker stole all of the FFL images. That means they have your name, FFL number (Which can be looked up on BATF website for recent info including your phone number) and address. That also means they can photoshop the address, upload and buy guns on your FFL. This isnt just a hack, this is dangerous and irresponsible.

    If these companies are not proactive enough on their server security that they cannot even keep an FFL out of the hands of these crooks, maybe it is time for a lawsuit.

    J out.
    Last edited: Apr 30, 2016
  11. sand_man

    sand_man Grouchy Old Fart MSGO Supporter

    Most of them rely on an "outside" server that is probably some punk in his mothers house!
    frodo and Sum Gy Custom Firearms like this.
  12. TankerHC

    TankerHC Distinguished Poster

    And it was a 16 year old kid who hacked the CIA Director's email and put that info out and it was a 15 year old kid who hacked 259 companies records and that information went up for sale on Dark Web.
  13. gutdoc

    gutdoc Distinguished Poster

    As of today, I've still not been notified by NSS that their system was hacked. It took three phone calls before someone admitted their system was hit. I'm no tech wizard, but I assumed all hacks were dangerous when it involves my personal info including payment details. IMHO the first step is make an example of the hackers that would deter others. Here's my first choice.

    But that's just me!
    Hoot G, phillipd, frodo and 4 others like this.
  14. TankerHC

    TankerHC Distinguished Poster

    Looking around some of the other gun forums some persons said this is a scam, after reading the bottom of the second page if AIM Surplus is promoting then they are promoting a double scam. They aren't. Checking the return address, and they are using AIM Surplus logo, the address goes back to a Cook County Health and Hospital System. Except that Claysburg, Pa is in Blair County and AIM isnt even in Pennsylvania.

    I decided to dig a little deeper. Anyone recognize this letter? fake letter-page-001.jpg

    Same letter everyone recieved except using AIM Surplus Logo. It's a marketing firm and I tracked them back to Virginia then Europe (Or Eurasia if you want). Russia to be specific. Common location for these type scams. Now my question is how did all of these '03 holders get these mailings. Anyone have any idea? Because these aren't supposed to be public unless you know the number and can type it in. And below this letter is what I use to keep track if my data has been breached through someone's company server. But I would like to know how Russian scam artists know to send these letters to FFL holders.

    I already know my Security Clearance was stolen, according to the SD they stole Security clearances going all the way back to 1982. Friends of mine with the ASA reported they were notified of theirs being stolen. That should be no surprise considering they stole 1.5 TB of F-35 data right off Pentagon servers. All of this is freakin ridiculous. The reason it is believable is because, at least for me, I know for a fact 2 other companies with my data in the last four weeks, plus another 5 or 6 over the last year.

    I'm more pssed off about being scammed about a scam than actually being scammed.
    frodo and Sum Gy Custom Firearms like this.
  15. TankerHC

    TankerHC Distinguished Poster

    And for those who do not know, here is a quick way to find out (And get alerted) if your accounts were part of a data security breech if a company has been hacked. It was designed by White Hat Hacker Alen Puzec and is backed up by CNet and PCWorld, ZDNet, Digital Trends as well as a bunch of other tech sites. Completely legit.

    Have I been pwned? Check if your email has been compromised in a data breach
    frodo likes this.
  16. rigrat

    rigrat Semper Fi

    I rcv'd a notice from Aimsupply also saying they hacked my drivers license info. Funny that was from way back over 5 years ago that I bought ammo from there.
    frodo likes this.
  17. gutdoc

    gutdoc Distinguished Poster

    Hopefully AIM will come out with some news sooner than later. Natchez SS has been hit along with Wideners recently. Now this, whatever it is. Thanks for the above link, THC, if that's really you and not another hacker.
    frodo and Sum Gy Custom Firearms like this.
  18. TankerHC

    TankerHC Distinguished Poster

    An update. The Firearm Blog posted a "large" notice on AIM's FB page concerning the hack.

    BUT, along with my above post and the fraud letter, this:

    In the long list of Data Breaches, AIM isn't there. I searched through them and it is just not there and my alerts from previous breeches are there but no alert on AIM.

    Digging down further the immediate location of this company is in Poland.

    Reading up on their free offering of ID Protection, other companies offered the same protection, but it protects no one and was the "Fraud of the day" alert when Target offered it. There are two versions of the same "ProtectMyID" and the one offered protects nothing, unless you decide to buy the rest. It is an Experian product and an attempt to sell ID Insurance.

    Other companies, like Target, have given this product away "Free" which has me wondering if some of these data breeches are not themselves frauds by those companies to sell ID Protection Insurance. Google it and you will see ProtectMyID (Free) protects nothing unless you buy the rest outside Experian.

    On the back, bottom of page two of the letter you will see a disclaimer. And it clearly states what they offer is not all of it (whats in the letter), it says "The description herein is a summary and intended for informational purposes only and does not include all terms and conditions and exclusions of the policies described. The last sentence says "Coverage may not be available in all areas".

    What coverage? Well the Company is AIG. American International Group Inc. Plenty on that company.

    "American International Group, Inc. – also known as AIG – is an American multinational insurance corporation with more than 88 million customers in 130 countries. AIG companies employ over 64,000 people in 90 countries. The company operates through three businesses: AIG Property Casualty, AIG Life and Retirement and United Guaranty Corporation (UGC). AIG Property Casualty provides insurance products for commercial, institutional and individual customers. AIG Life and Retirement provides life insurance and retirement services in the United States. UGC focuses on mortgage guaranty insurance and mortgage insurance. AIG also focuses on global capital markets operations, direct investment and retained interests.

    AIG was a central player in the financial crisis of 2008. It was bailed out by the federal government for $180 billion, and the government took control. The Financial Crisis Inquiry Commission (FCIC) of the US government concluded AIG failed primarily because it sold massive amounts of insurance without hedging its investment. Its enormous sales of credit default swaps were made without putting up initial collateral, setting aside capital reserves, or hedging its exposure — a profound failure in corporate governance, particularly its risk-management practices."

    American International Group - Wikipedia, the free encyclopedia

    And "AIG to Pay $800 Million to Settle Securities Fraud Charges by SEC

    Over $1.6 Billion to be Paid to Resolve Federal and New York State Actions


    Washington, D.C., Feb. 9, 2006 — The Securities and Exchange Commission announced today the filing and settlement of charges that American International Group, Inc. (AIG) committed securities fraud. The settlement is part of a global resolution of federal and state actions under which AIG will pay in excess of $1.6 billion to resolve claims related to improper accounting, bid rigging and practices involving workers’ compensation funds.

    The Commission announced the settlement in coordination with the Office of the New York State Attorney General, the Superintendent of Insurance of the State of New York and the United States Department of Justice, which have also reached settlements with AIG.

    The settlement with the Commission provides that AIG will pay $800 million, consisting of disgorgement of $700 million and a penalty of $100 million, and undertake corporate reforms designed to prevent similar misconduct from occurring. The penalty amount takes into account AIG’s substantial cooperation during the Commission’s investigation."

    AIG to Pay $800 Million to Settle Securities Fraud Charges by SEC; Press Release No. 2006-19; February 9, 2006

    Scanning the QM Code on the letter shows a Return Mail Processing Code just like it says between the AIM Logo and your name. Return mail processing is used by marketing firms, collection agencies and other companies to clean up their mailing lists.

    This is a fraud, but a legal fraud. And what people should be pissed about is AIM selling their mailing lists of FFL's to this scam of a company who used it to claim there was a data breech. I do not believe there was any sort of data breech. so far I have looked and no one has been protected by this version of ProtectMyID and in fact by signing up then responding to email allowed malware in that THEN hijacked their accounts. If there was an actual data breech it would surprise me.

    "Yesterday, Pam Zekman of CBS reported on how one consumer who signed up for ProtectMyID after the Target breach was stunned to become an ID theft victim:

    Identity thieves charged $1,400 at one department store and $6,000 more on two credit cards they opened in Walters name.

    Walters says he got no alerts from ProtectMyID.

    “They said we don’t see anything. And I was just flabbergasted. I was like, ‘What do you mean you don’t see anything. How could you not see anything? There’s two accounts open. There’s charges on them, and you see nothing?’”

    The service didn’t see anything, apparently, because the free protection package Target paid for only monitored credit bureau reports from one company: Experian, the company that operates ProtectMyID.

    “That is the biggest hole in this net,” says William Kresse of Governors State University, an anti-fraud authority. “Some of these credit protection services only use one of the three credit reporting services.”


    Experian says it takes consumer concerns very seriously and there was no sign of an error in the Walters case."
  19. TankerHC

    TankerHC Distinguished Poster

    This is going to come back to bite AIM Surplus in the ass, there are other customers on their FB page talking about calling their Attorneys Monday.
  20. mascott

    mascott Distinguished Poster MSGO Supporter

    AIG are nothing but crooks!! I've dealt personally with them!!!