Bitcoin Forum

So who got em?

###############################
###############################

Dwolla

July 18, 2011 | Published by DWOLLA.

Good afternoon Dwolla user!

It's come to our attention that one of the merchants whom you have done business with has had some security issues.

While we have not seen anything like this effecting Dwolla users directly, we suggest taking a moment to change your password to alleviate any concerns.

To reset your password simply follow these steps:

   1. Login here
   2. Click Settings
   3. Click Change Password

If you have any questions at all please do not hesitate to respond to this e-mail.

Thank you for your time.

- Dwolla Team


2

 

facebooktwitterblog

You are receiving this newsletter because you have signed up for a Dwolla account, an invitation, or have direct communication with one of our employees.

Dwolla Corp. 1312 Locust, Suite 204. Des Moines IA 50309

Support@dwolla.org - Phone. 515.462.0047
Sent to <removed> Unsubscribe | Update Profile | Forward to a Friend

Sent to <removed> — why did I get this?
unsubscribe from this list | update subscription preferences
Dwolla · 206 6th Ave. E. · Suite 1104 · Des Moines, IA 50309

###############################
###############################

me

I got this e-mail too.  Dwolla does business with many other types of industries, not just bitcoin.  So, did a bitcoin related site get hacked or did some other obscure website get hacked?

I got one.

Oh, and only in Iowa would they actually name a street after a crop-destroying pest:

I

"effecting"

They might figure that some people use the same password for both Dwolla and Mt Gox. It's probably just a precaution.

I'm sure everyone who has even a remote chance of being affected got one of these emails. I doubt it's related to bitcoin at all.

I as well

Aren't they a little behind on this news though??

I got one and I've only ever used Dwolla for Mt. Gox.

I think they are warning everyone who uses Dwolla.  I don't think they are notifying people based on who they have sent/received from.
Edit: I'm stupid, "one of the merchants whom you have done business with"

I have a Dwolla account which I used to transfer money to Mt. Gox a couple of weeks ago.  I have not got one of these emails.  So it's likely that this is not related to Mt. Gox, or is related only to those who initiated transfers to Mt. Gox before the accounts were re-verified.

I received this email too. I've only ever used Dwolla for Mt. Gox and exchangebitcoins.com.

I'm curious as to what prompted this.

I do notice that their "reset PIN" page is not functioning and/or disabled [update: is successful as I do get an email with a new PIN, but see an error page on the site]:
 - http://www.dwolla.com/error.aspx?aspxerrorpath=/forgot_pin.aspx

Got one.

Same here.  I got the email and have only used it with MtGox and my bank.

I got one, and realized my existing Dwolla password was horribly weak, so I changed to something much better.

Ha. I changed my password, and the new password they emailed me doesn't work. Good job!

i got the email too, but i already changed my password to a much stronger one ever since the mtgox database leak

I got the same email and realized that the 'Login here' link doesn't point to dwolla.com or dwolla.org. It may be on the up-and-up, but certainly looks like a phishing email. Be careful.

Definitely phishing. If you reset your password by following the link in this email, change it again if you can, then check your history and notify Dwolla immediately. Do not ever follow links from emails that supposedly lead to financial institutions.

Some people got a phishing email, maybe. The one I got was legit. The link redirected to https://www.dwolla.com/default.aspx. Not that I used it, but I did check it.

Actually, hmm - I just checked where the link actually went, and it was a 302 redirect that does land at a Dwolla https page. So maybe it was legit. I still don't recommend following links like that; if you do reset your password, you should do so by typing https://www.dwolla.com into the address bar directly.

I assumed it was phishing and actually reported it to their phishing report email address. It seemed impossible that it was really from Dwolla since the URL in the email was not pointing to dwolla.com

I can't imagine why they would set up a redirect like that. Maybe the phishing attempt was reported to the hosting company and they neutralized it by redirecting to the dwolla site?

Nope, they mass mailed everyone via MailChimp instead of directly.

We were able to identify and catch two dwolla hackers last week. The hackers had used the leaked Mt.Gox passwords. 

The e-mail was sent via "mail3.uk1.mcsv.co.uk "

So... definitely suspicious

Didn't you look it up?


[Querying whois.nic.uk]
[whois.nic.uk]

    Domain name:
        mcsv.co.uk

    Registrant:
        MailChimp.com

    Registrant type:
        Unknown

    Registrant's address:
        512 Means St.
        Suite 404
        Atlanta
        GA
        30 318
        United States

    Registered through:
        GoDaddy.com, Inc.
        URL: http://www.godaddy.com

    Registrar:
        Key-Systems GmbH [Tag = KEY-SYSTEMS-DE]
        URL: http://www.Key-Systems.net

    Relevant dates:
        Registered on: 08-Mar-2010
        Renewal date:  08-Mar-2012
        Last updated:  02-Jun-2010

    Registration status:
        Registered until renewal date.

    Name servers:
        udns1.ultradns.net
        udns2.ultradns.net

    WHOIS lookup made at 04:11:06 19-Jul-2011

--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:

    Copyright Nominet UK 1996 - 2011.

You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.org.uk/whois, which
includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

I got this email from dwolla. My email linked to mtgox was not the same as the one that I had linked to dwolla, so that made me think that it probably wasn't a phishing attempt.
It still looks really suspect though.

I sent a support ticket to dwolla and they sorted out my password issue. Turns out you can't copy/paste your new password from their email because some goofy formatting information gets inserted as well. Oh, and the email from MailChimp was legitimate, if ill-advised.

I got it.

I got it too

I sent a support email to Dwolla and they confirmed they did indeed send that email.

Stop being so pedantic...  (first thing I noticed too)