KaiDomain sent me another user's login credentials. [UPDATED]

21 posts / 0 new
Last post
TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110
KaiDomain sent me another user's login credentials. [UPDATED]

At this time I don’t want to disclose the circumstances surrounding this email in case the issue is exploitable. I have reached out to KaiDomain letting them know of this issue.

I take data security very seriously. As a precaution, I’d recommend changing your password to another password you do not use elsewhere, and if you use your current password on any other site you may want to change it there too especially if you use the same email.

P.S. Mods, if this is in the wrong forum, I apologize in advance.

Update: I have received an email from KD stating that the email was part of a test. While it seems odd for a test, hopefully this means everyone’s accounts are intact and that KD will continue to work on their systems.

Edited by: TheShadowGuy on 08/07/2018 - 09:03
Paul321
Paul321's picture
Offline
Last seen: 2 weeks 5 hours ago
Joined: 03/07/2015 - 09:44
Posts: 589
Location: Hawleyville, USA

The users accounts may be compromised, so changing your password at the least is a wise move.

Paul-

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110
Paul321 wrote:
The users accounts may be compromised, so changing your password at the least is a wise move.

I’m paranoid about data security. I’d like to stress that, since it is entirely possible this is an isolated incident. I know a lot of other users here use KD, so I wanted to put forth that recommendation pending more info since I’d want someone else to do the same for me.

duramax
Offline
Last seen: 7 hours 36 min ago
Joined: 07/06/2018 - 05:19
Posts: 171
Location: Garage

well, at least someone is getting account details. My old account is “gone”, a new one didn’t work and I practically gave up on ordering from them. Which is a shame, I really liked their old website.

you can also no longer filter for new products, only other, less interesting criteria.

MRsDNF
MRsDNF's picture
Online
Last seen: 12 min 59 sec ago
Joined: 12/22/2011 - 21:18
Posts: 12394
Location: A light beam away from the missus in the land of Aus.

Have you had a response from KD yet TheShadowGuy?

My current and or voltage measurements are only relevent to anything that I measure.

Budget light hobby proudly sponsored by my Mastercard and unknowingly paid for by a hard working wife. 

djozz said "it came with chinese lettering that is chinese to me".

old4570 said "I'm not an expert , so don't suffer from any such technical restrictions".

Old-Lumens. Highly admired and cherished member of Budget Light Forum. 11.5.2011 - 20.12.16. RIP.

 

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110

Negative. All I have is their normal customer service contact info though, and I don’t know what their turnaround times are normally like.

MRsDNF
MRsDNF's picture
Online
Last seen: 12 min 59 sec ago
Joined: 12/22/2011 - 21:18
Posts: 12394
Location: A light beam away from the missus in the land of Aus.

My current and or voltage measurements are only relevent to anything that I measure.

Budget light hobby proudly sponsored by my Mastercard and unknowingly paid for by a hard working wife. 

djozz said "it came with chinese lettering that is chinese to me".

old4570 said "I'm not an expert , so don't suffer from any such technical restrictions".

Old-Lumens. Highly admired and cherished member of Budget Light Forum. 11.5.2011 - 20.12.16. RIP.

 

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110

Thanks, I left a comment there.

XXX-Man
XXX-Man's picture
Offline
Last seen: 4 hours 41 min ago
Joined: 07/02/2016 - 04:50
Posts: 650
Location: Zagreb, Croatia

Is that user’s name Thomas?
I got it too.

"With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied – chains us all, irrevocably."

My reviews:

Sofirn SF36 /// Thorfire VG10S /// Sofirn C8F

Barkuti
Barkuti's picture
Offline
Last seen: 2 hours 30 min ago
Joined: 02/19/2014 - 14:46
Posts: 2897
Location: Alhama de Murcia, Spain

duramax wrote:
… My old account is "gone", a new one didn't work and I practically gave up on ordering from them. Which is a shame, I really liked their old website.

I hear you duramax. In my opinion, the new website (pardon me in advance) is a  piece of shite. Period.

You can still access the old site here: http://old.kaidomain.com/

I like the good old Kaidomain. Wink

 

Cheers Party

 

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110
XXX-Man wrote:
Is that user’s name Thomas? I got it too.

PM incoming.

moderator007
moderator007's picture
Offline
Last seen: 1 hour 4 min ago
Joined: 12/23/2012 - 04:47
Posts: 2335
Location: North Carolina

Barkuti wrote:

duramax wrote:
… My old account is “gone”, a new one didn’t work and I practically gave up on ordering from them. Which is a shame, I really liked their old website.

I hear you duramax. In my opinion, the new website (pardon me in advance) is a  piece of shite. Period.


You can still access the old site here: http://old.kaidomain.com/


I like the good old Kaidomain. Wink


 


Cheers Party


 


Have you ordered anything from the old site link. I don’t care for the new site either.
If I can order there, I’ll just use the old site.
Barkuti
Barkuti's picture
Offline
Last seen: 2 hours 30 min ago
Joined: 02/19/2014 - 14:46
Posts: 2897
Location: Alhama de Murcia, Spain

moderator007 wrote:
… Have you ordered anything from the old site link. I don't care for the new site either. If I can order there, I'll just use the old site.

Mmm… because Big Smile it's there, I have no reason to believe it wouldn't work. They're having a lot of issues with the new site, thus I'm sure they're still making use of the old site to some extent, at least while they manage to get the new @#$% fully working. Or so I think.

Problem is they're no longer updating the old site's product listing. Sad

 

Cheers Party

moderator007
moderator007's picture
Offline
Last seen: 1 hour 4 min ago
Joined: 12/23/2012 - 04:47
Posts: 2335
Location: North Carolina

Thanks for the update. Thumbs Up
I’m mostly interested in the older hard to find stuff anyway. I’ll try the old site my next order. Wink

Sivy
Offline
Last seen: 1 month 1 day ago
Joined: 05/08/2014 - 09:00
Posts: 76
Location: Kent, England

I also had this , I ordered through their Aliexpress shop , and got an email saying they had set up an account on thier Kidomain site for…… Thomas !!!!

I replied to their email asking who Thomas was and told them I already had and account in my own email address to that site.

I also asked them how long it would be for my old purchase history would be listed on my new account.

Just revisited my account to change my password as very sensibly suggested above , did this then noticed a new line in the order history …… Archive order history before 1 July 2018, all my old orders are shown there Big Smile

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110

According to KaiDomain, the email was sent as some sort of test.

Seems a bit… odd for a test, but hopefully that means everyone is fine.

eas
eas's picture
Offline
Last seen: 2 hours 38 min ago
Joined: 07/14/2014 - 18:53
Posts: 1222
Location: PNW

The mail I received was also to “Thomas.”

I also noticed that the provided login credentials included what appeared to be a temporary password. Not a great practice, but not actually any different than providing a password reset or account confirmation link, provided that it expires if unchanged, just as such links typically do.

I’m tending to believe that this was a “test,” though a somewhat sloppy one. If that is the case, I suspect that they did leak the name/email of one of their (former?) customers.

This non-political signature is not non-political.

lumenzilla
lumenzilla's picture
Offline
Last seen: 21 hours 40 min ago
Joined: 06/09/2015 - 04:18
Posts: 600
Location: DIY, Indonesia

I also received the same email from KD with subject “kaidomain.com KD User Account Registration”.

I contacted the staff and they asked me to ignore the mail.

www.lumenzilla.com

leaftye
Offline
Last seen: 43 min 4 sec ago
Joined: 07/25/2012 - 17:43
Posts: 4213
Location: San Diego, CA

Are you guys making sure you’re not being phished? First of all, DO NOT click on a “Kaidomain” link in that email. It could send you to a site that looks like the real deal, and then log your real username and password as you attempt to log in. If you want to sign into KD, then do it the same way you always do it.

Have you guys checked the email headers? Even if they appear legit, I still would not use any links provided in that email.

The low mode should be lower.

Reviews: Efan IMR18350 700mAh 10.5A, <a href="http://

XXX-Man
XXX-Man's picture
Offline
Last seen: 4 hours 41 min ago
Joined: 07/02/2016 - 04:50
Posts: 650
Location: Zagreb, Croatia

leaftye wrote:
Are you guys making sure you’re not being phished? First of all, DO NOT click on a “Kaidomain” link in that email. It could send you to a site that looks like the real deal, and then log your real username and password as you attempt to log in. If you want to sign into KD, then do it the same way you always do it.

Have you guys checked the email headers? Even if they appear legit, I still would not use any links provided in that email.


There is no link in email and it’s sent from real Kaidomain email address.

"With the first link, the chain is forged. The first speech censured...the first thought forbidden...the first freedom denied – chains us all, irrevocably."

My reviews:

Sofirn SF36 /// Thorfire VG10S /// Sofirn C8F

TheShadowGuy
Offline
Last seen: 2 weeks 4 days ago
Joined: 07/18/2016 - 20:44
Posts: 110
eas wrote:
I’m tending to believe that this was a “test,” though a somewhat sloppy one. If that is the case, I suspect that they did leak the name/email of one of their (former?) customers.

I’m not sure if this actually makes me feel any better. I suppose I could hope they made up an email address or something for testing.

leaftye wrote:
Are you guys making sure you’re not being phished? First of all, DO NOT click on a “Kaidomain” link in that email. It could send you to a site that looks like the real deal, and then log your real username and password as you attempt to log in. If you want to sign into KD, then do it the same way you always do it.

Have you guys checked the email headers? Even if they appear legit, I still would not use any links provided in that email.

This wasn’t a phishing attempt nor from a spoofed address.