šŸšØ Urgent - suspicious messages being received by members - do not open them!

Hello @Twogreys

Just to let you know that I have passed this information across to our Tech Team and Membership Services. They have advised if thereā€™s a chance that you entered your card details on the phishing page as well, then itā€™s important that you follow the advice as shown below and report this issue to your bank. I have sent you a DM and I also recommend that you contact Membership Services directly at support@trustedhousesitters.com.

Sam.

No.
I emailed them regarding the situation and they sent me an email that they said had been sent to all those affected. When I pointed out that it obviously hadnā€™t, because I hadnā€™t received it (but had received one of the phishing invites), and asked for a response to my questions, I didnā€™t receive a reply.
Iā€™m unsurprised, frankly. I donā€™t see me continuing to use the platform beyond my renewal this year.

1 Like

Moderators moving this to this thread seems to indicate that THS believes that the whole site may be severely compromised by hackers.

1 Like

Hi @pietkuip

Thatā€™s not the case - weā€™re simply keeping anything relating to the suspicious messages that were sent out in the same discussion so that itā€™s easier to keep any updates together.

THS have already been able to confirm that there was a phishing attempt targetting THS members which has now been resolved, and have been able to confirm that the indident was caused by three member accounts being compromised due to the use of shared or weak passwords. You can find my update here if you missed it.

If you have any further concerns please drop Membership Services a line.

THS clearly does not want to see this discussed in public. Not forthcoming at all, for example about how large this was. Ok, off to the unofficial forums then.

2 Likes

Hi @pietkuip

I donā€™t think thatā€™s a fair statement, as weā€™ve purposely provided a place to discuss the issue, and shared any updates that we can from the team.

Weā€™ve already confirmed the scope of the issue i.e. three people had their accounts compromised due to weak or shared passwords, and given any other information that we can.

As you know, the Forum team can only really pass on information given by the wider team, so if you feel concerned, I recommend contacting Membership Services directly as theyā€™re better equipped to help you.

Exactly the same here. Seriously considering not renewing. It does not seem this breach has been communicated well to members and promises of emails to those affected seems patchy at best given the number of people on here who have received no direct official communication. This is incredibly worrying given only around 10% of members are on this Forum and would have no other way of knowing there was a potential breach of their data.

Whilst appreciating the efforts of @Jenny it should be an issue that is taken very seriously at the highest level of THS and broadcast on the website with emails sent to all members.

2 Likes

I hear what youā€™re saying @LizBCN - I passed your comments over to the team.

If I get any further info that I can share back then Iā€™ll be happy to do so.

Hello everyone,

I have a final update from the THS team with regards to the recent phishing incident:

"Hi all,

Thank you to everyone who has contributed to this thread.

We take the recent phishing attempt very seriously and want to share an update with you now that we have concluded our investigation.

We have found no evidence to suggest that any information was leaked from the TrustedHousesitters systems.

Our investigation found that the three members responsible for the phishing attempts had their TrustedHousesitters accounts compromised. We spoke with those members and they confirmed that they had been using the same email and password combinations for a number of different websites. Itā€™s highly probable that this information was shared on the dark web.

To clarify, we have no evidence to suggest that the credentials were leaked from the TrustedHousesitters systems. Furthermore, we have no evidence that suggests any wider data breach has occurred.

We have taken a number of preventative measures regarding the unauthorized messages that were sent via our messaging platform alongside steps to ensure that only trusted links and URLs can be added to messages.

The safety and security of our members and their data is of utmost importance. We can assure members that our investigation was thorough and weā€™re happy to move forward and wonā€™t be providing further updates."

2 Likes

@Jenny Thanks for the update. I have still not received any email from THS regarding this breach. I would also like confirmation that this breach was reported to the ICO as it is a legal requirement for a data breach to be reported to them within 72hrs.

2 Likes

Hi @Shannon

Sorry to hear that.

I donā€™t have any further information or updates other than what Iā€™ve posted above, so the Forum team wonā€™t be able to help any further with this, though Iā€™m happy to pass over your feedback to the team.

1 Like

@Jenny I asked months ago in the product requests that THS introduce 2FA to secure accounts. This is industry practice for platforms containing sensitive information. Had they implemented the suggestion the likelihood of this happening would be significantly reduced. Hopefully they will take heed and do something about it ASAP.

6 Likes

Since this incident on 8th Jan - (where I along with many others received spam invitations to sit in my personal e-mail address inbox ) - I have not been receiving the usual THS notification e-mails .

Anyone else noticed this with their e-mails ?

I saw by chance that over the last week I have received 3 invitations to sit into my THS inbox ā€¦( they appear to be genuine ones ) but because I hadnā€™t received the usual THS notification e-mail to my personal inbox - I was unaware .

Also a host left a review and again no THS e-mail to notify me .

I did get an e-mail inviting me to join Tailblasers which I was suspicious of since it was the only e-Mail from THS since the spam ones -

@Silversitters weird things have happened for us too. We didnā€™t get the spam/phishing fake sit invites but suddenly our email notifications started going through to our old email address that we changed with THS last year, even though our account correctly showed our current email address. We contacted MS and it got fixed. However on 20 Jan, we also got that Tailblazers invite email. Havenā€™t had time to look at it properly or click on any links, thankfully, as it looks authentic. Your post reminded me about it so Iā€™ve just emailed it to THS asking if itā€™s really from them as the sender email address is a bit odd. Iā€™ll update you when I hear back.

@Jenny do you know about the Tailblazers invitation emails?

Hi @Crookie

I can confirm that the Trusted Tailblazers email came from THS :slight_smile:

Thanks @Jenny I just received an email reply from MS saying
ā€œI can confirm that this email is genuine. We have recently launched the Tailblazerā€™s program, and have sent out emails to a few sitters.ā€
@Silversitters itā€™s not a scam! :rofl:

1 Like