Spyderco Forums

Those of you purchasing Spyderco Products from Knife Center as I have in the past should be aware of data leaks from this company evidently per Nord VPN security my account with them has been compromised without them informing me as a customer they have suffered a data breach.



I logged in and changes my password, I typically do not permit vendors to save payment methods for later use for exactly these reasons and it has been since 2021 that I was able to purchase anything from them that was not a preorder. ( I don't do preorders)

Blade H.Q. suffered a data breach not too long ago but they did let me know and I had the Credit Card I used reissued with new numbers.

In todays environment data breaches are to be expected it is all in how the company handles it that counts. Thus far I am unimpressed with Knife Center.

I would advise if you have placed a credit card on file with them to remove it and have it reissued by your lending institution. If you have reused a password for this site elsewhere go to all possible sites probably Knife purchasing sites and change your password immediately. Please use different passwords for all sites.

Identity theft is a long, painful expensive and aggravating road to recover from, I have been in the I.T. Industry professionally for over 20 years and have witnessed first hand what people have gone through.

Message placed here not to condemn Knife Center but for the widest possible attention to help other Spyderco Collectors stay safe and secure.

Thanks for the heads up. Can't log in atm, so they might be struggling with something.
No sensitive data stored there, and unique log in credentials, so not anticipating any consequences from this, but will change the password as soon as I'm able to log in.

Thank you for the warning. It is indeed good advice to have a unique password for different online retail sites.

Thank you . I have different passwords for all sites and do not save my cc card anywhere .

If I need to create a new password for a knife retail site, it will be $0ckDraw3r0verL0rd15v

BeggarSo wrote: ↑

Wed Jan 18, 2023 3:49 pm

....
Identity theft is a long, painful expensive and aggravating road to recover from, I have been in the I.T. Industry professionally for over 20 years and have witnessed first hand what people have gone through.
....

Sorry, I just had to insert this from one of my favorite shows ever.

I am a retired system administrator and NOC analyst.

I use password managers to create complex 20+ character passwords. I also use Capital One's ENO to create temporary credit cards that expire, but unfortunately have a temp cc for a preorder.

I do not like my data being "out there" but I want the knives.

I contacted Knife Center and gave them the link to this thread.

I have been receiving spam txt messages and emails from hackers for over a decade and I have even changed phone numbers and email addresses. Without opening to read, I delete everything every day in my inbox and txt messages unless I know who it is that is contacting me, and then I look at links before opening them. I also have GMail security and Trend Micro anti virus checking every email link and txt message.

Nonetheless, according to monthly reports, Trend Micro catches 25 to 50 bad links and malware that his my system every month.

When they ask me to make up responses for the security questions, I use the password manager to create the fake 20+ character responses and I record what the response is for account recovery. I use 2 Factor Authentication for all banking sites.

nerdlock wrote: ↑

Wed Jan 18, 2023 7:30 pm

BeggarSo wrote: ↑

Wed Jan 18, 2023 3:49 pm

....
Identity theft is a long, painful expensive and aggravating road to recover from, I have been in the I.T. Industry professionally for over 20 years and have witnessed first hand what people have gone through.
....

Sorry, I just had to insert this from one of my favorite shows ever.

Lol good one! All I can say is they better watch out my Red Swingline Stapler is missing and we all know what that could lead to>>>> and for those of you who don't https://youtu.be/ePK2Ct10Bo4?t=49

Naperville wrote: ↑

Wed Jan 18, 2023 7:31 pm

I am a retired system administrator and NOC analyst.

I use password managers to create complex 20+ character passwords. I also use Capital One's ENO to create temporary credit cards that expire, but unfortunately have a temp cc for a preorder.

I do not like my data being "out there" but I want the knives.

I contacted Knife Center and gave them the link to this thread.

I have been receiving spam txt messages and emails from hackers for over a decade and I have even changed phone numbers and email addresses. Without opening to read, I delete everything every day in my inbox and txt messages unless I know who it is that is contacting me, and then I look at links before opening them. I also have GMail security and Trend Micro anti virus checking every email link and txt message.

Nonetheless, according to monthly reports, Trend Micro catches 25 to 50 bad links and malware that his my system every month.

When they ask me to make up responses for the security questions, I use the password manager to create the fake 20+ character responses and I record what the response is for account recovery. I use 2 Factor Authentication for all banking sites.

Naperville wrote: ↑

Wed Jan 18, 2023 7:31 pm

When they ask me to make up responses for the security questions, I use the password manager to create the fake 20+ character responses and I record what the response is for account recovery.

Dude, you're the only other crackpot I've ever met who does that. Recently I made a phone call to one of my financial institutions, and the person on the other end had to ask me all the security questions.

Customer Service: Can you give me your mother's maiden name?

Me: Do we have to do this?

CS: Yes, I need to confirm your identity.

Me: Fine. Listen carefully. I'll speak slowly. I(svhB2cwykjm*2kfd8K3c2MeQpur

CS: Very good. Now can you please tell me the name of your best friend in high school.

Me: Sure. R@R8emoEQMQ.udg*q.XrfgF

CS: Thank you. Now can you tell me the make and model of your first car?

Me: Yes I can. It's similar to the other answers. Are you sure you want to keep doing this?

CS: Nah, I'm pretty sure it's you. How can I help you today?

Now that we're well into the 21st century, there's really no excuse for sloppy password handling... or silly security questions that any hacker with a lick of sense can figure out.

I'm impossible to break and relentless about security.

That is what working as a system administrator and NOC analyst in Silicon Valley does to you. From 2000 to almost 2003 I worked for a biotech conducting genomics research and caught a Chinese Green Card Holder, the Director of Bioinformatics, stealing data. Actually, he stole pretty much everything and there were not very good controls at the company.

The VP and Dir of Operations would allow him to "look" at the lab notebooks so he knew precisely what he was looking at. And he had me backing up the genomics data off of robots and handing him the CDs.

I came in one evening on a Saturday night very late and saw him at his desk and wondered what he was doing so I had our IT hub in Huston, TX where our Frame Relay terminated set up a wiretap. They caught him immediately. He was sending the data to China. He was terminated, and 6 months later went to the VP of the business unit's home in Mountain View, California and shot and killed her.

So there you go.

RustyIron wrote: ↑

Thu Jan 19, 2023 12:34 am

Naperville wrote: ↑

Wed Jan 18, 2023 7:31 pm

When they ask me to make up responses for the security questions, I use the password manager to create the fake 20+ character responses and I record what the response is for account recovery.

Dude, you're the only other crackpot I've ever met who does that. Recently I made a phone call to one of my financial institutions, and the person on the other end had to ask me all the security questions.

Customer Service: Can you give me your mother's maiden name?

Me: Do we have to do this?

CS: Yes, I need to confirm your identity.

Me: Fine. Listen carefully. I'll speak slowly. I(svhB2cwykjm*2kfd8K3c2MeQpur

CS: Very good. Now can you please tell me the name of your best friend in high school.

Me: Sure. R@R8emoEQMQ.udg*q.XrfgF

CS: Thank you. Now can you tell me the make and model of your first car?

Me: Yes I can. It's similar to the other answers. Are you sure you want to keep doing this?

CS: Nah, I'm pretty sure it's you. How can I help you today?

Now that we're well into the 21st century, there's really no excuse for sloppy password handling... or silly security questions that any hacker with a lick of sense can figure out.

[+1]

Very good. If we get hacked, at least we did everything possible to prevent it.

jalcon wrote: ↑

Wed Jan 18, 2023 9:25 pm

OP, thanks for posting this. I did not get any notice either, not did my monitoring service give me a heads up.

Probably should mention that LastPass password manager service was also hacked recently and they lost the backup of all customer data. Lots of people will be crying soon if they failed to change all of their passwords & move to another service.

The random long generated passwords for those security questions is overkill and unnecessary. Just putting random words is enough and much easier to use if needed. Just make sure they are not tied to your real information. Besides, like the LastPass hack above, proper hacking is not guessing passwords and security questions, its getting the entire database which includes all your answers and other data. Most of that is not likely to be encrypted, unfortunately. Most of these companies are about making money and not about keeping your data safe.

Naperville wrote: ↑

Wed Jan 18, 2023 7:31 pm

I use 2 Factor Authentication for all banking sites.

Naperville, I'm sure you know this, but if you have the option of 2 Factor Authentication (2FA) by an app or via SMS/email always go with the app (something like Google Authenticator). This is way more secure than SMS or email. Security and convenience don't always mix. Often times, the more "annoying" solution is more secure.

Naperville wrote: ↑

Thu Jan 19, 2023 4:09 am

I'm impossible to break and relentless about security.

That is what working as a system administrator and NOC analyst in Silicon Valley does to you. From 2000 to almost 2003 I worked for a biotech conducting genomics research and caught a Chinese Green Card Holder, the Director of Bioinformatics, stealing data. Actually, he stole pretty much everything and there were not very good controls at the company.

The VP and Dir of Operations would allow him to "look" at the lab notebooks so he knew precisely what he was looking at. And he had me backing up the genomics data off of robots and handing him the CDs.

I came in one evening on a Saturday night very late and saw him at his desk and wondered what he was doing so I had our IT hub in Huston, TX where our Frame Relay terminated set up a wiretap. They caught him immediately. He was sending the data to China. He was terminated, and 6 months later went to the VP of the business unit's home in Mountain View, California and shot and killed her.

So there you go.

What a story!!!

Well...in potentially related news some POS got my debit card info and signed up for GrubHub and just bought $53 worth of McDonald's using my card. Can't really say it's KnifeCenter's fault because it's impossible to pin down how these people get your info but it sure sucks.

Does anyone keep their credit card locked? It can be a pain in the butt to have to unlock it when you want to use it, but I'll get text messages right away when the card is locked and a charge is attempted; it tells me it was denied. So far the only denials I've received are the times I've tested the system. That would be a clue right off the bat that someone has your account number.

By locking the card you don't have to check your account, or wait for the bank to send you a statement every month to see any suspicious activity, the text messages work in real-time. With the card locked the account is essentially dead.

p_atrick wrote: ↑

Thu Jan 19, 2023 9:18 am

Naperville wrote: ↑

Wed Jan 18, 2023 7:31 pm

I use 2 Factor Authentication for all banking sites.

Naperville, I'm sure you know this, but if you have the option of 2 Factor Authentication (2FA) by an app or via SMS/email always go with the app (something like Google Authenticator). This is way more secure than SMS or email. Security and convenience don't always mix. Often times, the more "annoying" solution is more secure.

If they offer the Google Authenticator I use it. Many use email or txt message for a code, and I have no options.

Bolster wrote: ↑

Thu Jan 19, 2023 9:24 am

Naperville wrote: ↑

Thu Jan 19, 2023 4:09 am

I'm impossible to break and relentless about security.

That is what working as a system administrator and NOC analyst in Silicon Valley does to you. From 2000 to almost 2003 I worked for a biotech conducting genomics research and caught a Chinese Green Card Holder, the Director of Bioinformatics, stealing data. Actually, he stole pretty much everything and there were not very good controls at the company.

The VP and Dir of Operations would allow him to "look" at the lab notebooks so he knew precisely what he was looking at. And he had me backing up the genomics data off of robots and handing him the CDs.

I came in one evening on a Saturday night very late and saw him at his desk and wondered what he was doing so I had our IT hub in Huston, TX where our Frame Relay terminated set up a wiretap. They caught him immediately. He was sending the data to China. He was terminated, and 6 months later went to the VP of the business unit's home in Mountain View, California and shot and killed her.

So there you go.

What a story!!!

That's only half the story if you can believe it.

The co business unit in Silicon Valley owes me $35,000 for completed work, milestone bonuses, raises, catching the theft, etc., and they never paid. I complained 2x on Yahoo Financials under their symbol when they were on NASDAQ and the FBI called me in for an interview where for 1hr they tossed me around, screamed at me, told me to not air dirty laundry on Yahoo Financials and to take them to court, as well as they were going to jail me for 90+ days and that I DID NOT HAVE A BILL OF RIGHTS!

I was B.R.O.K.E., living in a van, lost my bride to be(had to call off marriage), and so after all of that I went off to live in my van and study escrima/arnis to learn how to use a knife to defend myself for a year and studied 7 days a week 3 different Filipino knife arts. To this day I prep, and study escrima/arnis/kali by tape/video or in person when I physically can do the training. 2020 and 2021 were bad years for me physically, but so far 2023 looks good to go!

What I learned was that the FBI protects govt and corporate/capitalist interests, not US Citizens.