Vendor GlazzyEyez-----NO LONGER IN POSSESSION OF DREAM ACCOUNT

Hello, I am vendor GlazzyEyez from Dream. I have discovered that I can no longer access my account on dream. My PGP key has been changed, I did not have 2FA activated. I believe my login credentials were taken from AB or Hansa by LE and thus any unencrypted communication compromised.

I would advice my customers to cease all communications with this account.

EDIT: Noticed that the new PGP key belongs to the Dutch National Police.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Take care and be very careful at this delicate times.

Signing out!

GlazzyEyez -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBCgAGBQJZcTr0AAoJEJax5LRBbMeeyDQH/joSTYkBYdPSue02Yg0Zetwe /MT3A2uULGSHVX3Pey65kI223bisi9uJtzyAgAkEL6jyHgzxOv5r6TJN0LzKaUR9 RlppgZGzwAKIceSpQZFfgO34MXl1p+9LxmPo+pVaO+CIjTMdhEaNqMyQ5QOboXee AhLjRID6EwRtm9TPEr4xDw6kmD20sLOqtGl/c9GSlXDTK1kgvITyH2ieQYTlJEP0 mgUOdhC/Mtea+9uuSmW/xhcgKEbg1YspMcGaD34IfxHcvYU0Tg7cZO7w/ttKEl/g XYaEh6Ug9NtT41NZDks1M4iEtXJACwC8UkDmQmmAAoiBLHHF9jnbuXBR+fx44RI= =UrCJ -----END PGP SIGNATURE-----


Comments


[1 Points] wombat2combat:

the signature check out, you can verify it with his old key from grams http://grams7enufi7jmdl.onion/infodesk/vendor/0x96B1E4B4416CC79E

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA512

Take care and be very careful at this delicate times.

Signing out!

GlazzyEyez 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1

iQEcBAEBCgAGBQJZcTr0AAoJEJax5LRBbMeeyDQH/joSTYkBYdPSue02Yg0Zetwe /MT3A2uULGSHVX3Pey65kI223bisi9uJtzyAgAkEL6jyHgzxOv5r6TJN0LzKaUR9 RlppgZGzwAKIceSpQZFfgO34MXl1p+9LxmPo+pVaO+CIjTMdhEaNqMyQ5QOboXee AhLjRID6EwRtm9TPEr4xDw6kmD20sLOqtGl/c9GSlXDTK1kgvITyH2ieQYTlJEP0 mgUOdhC/Mtea+9uuSmW/xhcgKEbg1YspMcGaD34IfxHcvYU0Tg7cZO7w/ttKEl/g XYaEh6Ug9NtT41NZDks1M4iEtXJACwC8UkDmQmmAAoiBLHHF9jnbuXBR+fx44RI= =UrCJ 
-----END PGP SIGNATURE-----


[42 Points] Ph1lthyD:

Vendor who isn't using 2FA and same passwords across markets.

Smart move dude...


[10 Points] at69:

so you used the same credentials across markets? seriously?


[6 Points] watchingjeffsessions:

Isn't this what REVOCATION CERTIFICATES are for rather than signed messages?

PGP 102: When you generate a keypair, generate a revocation certificate as well. Then, put it away someplace very safe. You know, in case this EXACT THING HAPPENS.

It boggles my mind that we on the DNMs only take advantage of a sliver of what PGP has to offer...


[4 Points] None:

[deleted]


[5 Points] PM_UR_DNM_TAKEDOWNS:

You should have had better OPSEC. Password reuse is the biggest mistake and leads to a lot of hacks.


[1 Points] StonedturtIe:

Wait what??? Wow... Just wow.


[1 Points] cindelle2:

youre a vendor who doesnt use 2-fa? hmm. well having been around this scene for as long as I have you learn the hard way.... no 2-fa=no secuirty


[1 Points] AutoModerator:

To format PGP encrypted messages, signed messages or keys properly on reddit please follow these instructions.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[1 Points] Cafe_racerr:

Well that's it, it's done then


[1 Points] vendurr:

you sure you didnt get phished?


[1 Points] trouauei2016:

How can you find out to whom a pgp signature belongs to?