How these Dream vendors got compromised

It's not something technical it's a stupid OSPEC issue.

Dream allows PGP or password login but also an option that allows either with password or PGP. Which is stupid obviously and dream didn't think that through. It's the default setting as well i believe.

So these knucklehead vendors get a message like this from a potential customer:

Hey i am interested in buying 2000USD worth of THIS product insert link here.

And they fall for it obviously they steal their credentials and then the account gets compromised and they change the PGP key so everyone goes on here and complains its Dream scamming or LE when in reality its just your own damn fault. All they need to do is change the PGP to a LE key and change the password and then they steal the coin and everyone goes on here saying LE is on the case, because look at that key!


Comments


[11 Points] old__school:

You need to edit your post so it makes sense. Thanks for wasting my time


[2 Points] Unity_AndFriends:

Soooo? Your talking about phishing links orrrr?


[2 Points] idontdoanydrug:

Dream is involved in sketchiness though. Deposits disappearing, vendors getting banned.


[1 Points] C66HH12OO6:

We got some groundbreaking stuff here guys.