Banggood security issue? (Not a video.)

My local distributor counter person has used my (non credit account) for cash walk in buyers to do the same thing. Made me look like a big deal account at the end of the year though....Sounds like BS though.

What? How? Why? My brain hurts. I mean, at least IF that is the truth, they fessed up to it.

What the... they're claiming they used it themselves as some kind of blank-filling placeholder to do a marketing order for someone else. The amount of sense that doesn't make hurts.

Kadah

Nicely played fob-off from Banggood. Dear user, I am Kylie, marketing manager for banggood.com. I was told by customer service that I use your email to place order for another person. I checked that I do made the mistake. So sorry about that. I won't use your email in the future. Have a nice day. Best regards Kylie

Big Clive

'Milk pudding keycaps' was a new one on me. A quick duckduckgo search revealed all!

So far so good while using the app.. I don’t dare using actual credit card number on the site. I use the Apple Pay on the app and things seem to be fine. Only extremely rare occasion when something doesn’t show up. Credited accordingly

Vaughn B.

I use 30 character passwords. It changes every 6 weeks. This is my last password for Patreon -FMb*^*Lak1ACLXgm74O5Mf!3iJddW& - I don't have to do anything apart from the new password and when I need to log on to patreon I get to the log in page and this pops up " !!! PLEASE PRESENT FINGERPRINT !!! " I touch the reader then it fills in the username and password and logs me on without having to click anything...... If I log into a different computer, from another country or fail the fingerprint sensor three times I get a text message to let me know along with a 5 minute life six character password that I have to add along with my fingerprint or master password... Sounds pricey doesn't it !!!!!!!!!!!!!!!!!!!!!!!! Nope ... Usb fingerprint reader £15 on Ebay. Software is Lastpass and its free for PC and your phone.. No I don't work for them or get commision I just think its bloody good. The reason I went for it is that the database file is 2046 RSA bit encrypted on the pc before going up to lastpass. The only bad thing is that if you forget your password you are screwed. The key hash is your master password so FFS write it down and keep it somewhere safe. Since I was advised to do it by a friend who works in cyber security for the MOD I have yet to find anything better. They do actually use it in the MOD in toughbooks as it will keep the crypto chunk in a chip called the TPM that most computers have if its a half decent motherboard and if its got a fingerprint reader then BONUS :-) P.S. You cant use it to log onto windows but hey you cant have it all. All I can say is give it a go. You do get free pro version if someone you recommend it to uses it so I got my whole family on it. Its like a cigar called Hamlet (cue the music) except with my ugly mug the fish jump out of the boat ! :-D (Only oldies will remember the Hamlet adverts if you didn't get the last erm ahem.. Joke)

Yeah, seems they're hosting files for merchants and apparently don't do a good job running anti-virus on the hosted files (both files seem to be from 2018, there's nothing newer). Still a bit shit, but no concern in itself if you're just ordering things off the site (I just did).

I think I had this somewhere a while ago (not sure if banggood). Logging out, clearing banggood cookies/browser data and logging in again fixed it IIRC. Also changed the PW for good measure. I suspect (=talking out if my rear) that their session tokens are handled sloppily and two sessions can get the an identical token by coincidence.

Andreas Schuderer

If you actually read the threat details in the report, it lists a couple of seller-provided ZIP files with trojan-infected Windows binaries in them. There are no issues reported for the site itself (it's a major ecommerce site after all), so as long as you don't download random Windows software from random sellers and run them on ancient Windows machines with no working anti-virus software, you're probably fine :-)

Perhaps Norton could be reacting to one or two shady merchants within Banggood and not the website itself?

I've never visited Banggood before, so I figured if BC uses it, it's gotta be good. In my first attempt to visit the website, Norton got all pissed off and gave me a big red screen saying 'Dangerous Web Page Blocked... highly recommended you do not visit... The details state there are Computer Threats but no Identity Threats.

Checked mine - no issues - all the orders are mine and I remember making all of them.

Benjamin Hall

just checked mine...appears OK thanx for info

John Catterall

From a quick search, Freepay appears to be a cryptocurrency (ORRO) alternative to BitCoin. This could mean someone who illicitly got hold of coins are trying to spend them through compromised accounts. This is definitely something for Bang Good to investigate. Also check your e-mail on haveibeenpwned.com to see if it's in any breaches that include passwords.

Seán Byrne

I would wait for Bang Good to explain as you obviously have access to someone else's personal details, if you do not get a response within a few working days media outlets like The Register love stories like this and normally result in very quick security fixes.

Christopher Smith

Could it be because of Banggoods "buy with other users" discount function?

Odd that thier cost is $0 each time. Both orders are keyboards, which seems like pretty human behaviour. Can you see if the shipping addresses are consistent? Maybe very close to your own?

Looks like it. BG should be able to check it based on the order number.

Paul Schuur

Just checked. Everything looks fine, but I think it's a good thing to recycle your passwords from time to time. Just in case.

Hub Rijcks

Sellers have messed me around a couple of times but Banggood have resolved it directly once approached. I stick with AliExpress for that stuff now as they hold the dosh and only release when disputes are resolved (sellers are keen to resolve as a result). Good luck.

On a similar note someone keeps using my wife's email address for UK store Debenhams, health club application, job interviews and a few others. At first we tried to be helpful in sorting it out.... The last email my wife sent was that "she no longer wanted the job" being offered. Debenhams a few years ago I rang them I told them the house address, what was ordered and returned etc everything ;-) I asked if they would close the account or remove my email ..... I was honest about it and told them I did not know my NAME on the account, Just shows they have a useless email account validation. The last time Debenhams screwed up, they delivered to the wrong address and tried to blame us ? it cost us £20 in phone calls to sort that out. John

John Harrison

Getting Runaround.

Bought Power Supply Early May...Received DOA. 2nd Week In May...Same Day Tried To Get Them To Help, Sent Pictures getting Runaround And Comparison Video With Side By Side Test Alongside My Other Power Supply. They Said They Would Get Back To Me And I Have Politely Responded Back 8 Or 10 Times And Feel Like I'm

Because you didn't lose anything if sounds more like a software bug to me. Software can be just as shitty as hardware.

Simon Mikkelsen

whom else do you use?

Adric Menning

they dump my auth after a about a week.

Adric Menning

Nothing funny in my order history, but thanks for the heads up.

Had problems with BG a few years back. Items were "shipped" and never delivered. Got refunds after a few heated emails. Did have my deal extreme account "hacked" . Same as you, items ordered by someone else but they never touched my bank. Nowadays, I just stick to ebay and wish. Need to order some diy kits soon so they'll be here in time for winter :D Any suggestions?

John Carr

There appears to be someone of that name, and based in Malta, who is a software developer on GitHub. Their two purchases fit in with this. My gut feeling therefore is that it is down to an issue with Banggood's system which they should deal with pronto.

John Russell

Chance that they're still logged in, and Banggood doesn't cut current connections, on password change. See if there's an option to log out current devices/connections

Mine's fine, thanks for the heads up. Haven't bought anything from them in ages .... now what shall I buy :-)

And nothing odd on my orders.

Pixscotland

I've never really thought about where I heard it, but I knew that was Clive's surname somehow.

Pixscotland

Do you mind that your surname is in that screenshot? You normally don’t appear to use it very publically.

Banggood is so much more expensive than other outlets for the same item, I hardly ever use it!

Just checked through my order history, and nothing seems amiss. I'll keep an eye on it though in weeks to come. Cheers for the heads up

thanks for the warning .. ps looks like a ws2811 vid coming up

God 420

My guess would be that there is a software error and they are mixing the two accounts at display time. But that means other people could be seeing your purchase history which is ungood. Either way I am glad I don't deal with BangGood.

Mark Trombley

I haven't used Banggood... this now makes me a bit leery of using them. Hrm! :\

Martel DuVigneaud

Thanks for the heads up Clive👍

Jeff LaHay

Thanks Clive, will do. Put through 160 odd orders and never had a problem, but that's not to say I won't.

Mike Wynne

Just had a look, My order history is all my own.

nothing unexpected in my orders.

Adric Menning

How strange, time for a password change. To banggood I go.

I don't, and now I won't. Alarming.

Stephen King