Spam from VRMUST

I created a special email address just for Pimax site/forum and I just got an email from VRMUST about some kind of VR store.

Does Pimax sells our email addresses, how did they got my address?

@Heliosurge @PimaxUSA @Pimax-Support @PimaxVR

14 Likes

Thats a good question I got the same $hit…

2 Likes

Same here… :wink:

2 Likes

Yes me also . …

2 Likes

I can’t say as a mod. I don’t have access to those details. At a guess it might be a trusted partner. My email address is freely available on here.

But this exert from Terms of Use. Does give them ability in some terms to share email addresses.

Now don’t confuse that with me condoning or condemning them. Sharing this info without a notification if this is the case.

3 Likes

Same here…I got the same Spam…

Thanks for the information. It’s surprised us when we heard this. Pimax would never intend to do this in the past or in the future. We will investigate it and update you.

B.R.
Konger

9 Likes

@Konger, thank you for looking into this! I first thought it was the company producing Pimax accessories but it does not look like it’s the case.

1 Like

If you have a unique address for Pimax forum and Pimax did not sell it then the other viable explanation is that someone hacked the forum database (or was it your “generic” Pimax address, you used for a Kickstarter or support tickets?).

BTW: I got the spam too, but it went into the spam folder directly and on my “generic” address, so I cannot really tell from where the leak came.

This address is unique to Pimax forum and newsletters, it’s different from my KS address. I didn’t register on support. KS was hacked a while ago, I get spam on it too but it’s just generic spam.

1 Like

Then I guess it is safe to assume the forum db has been hacked too, probably even without Pimax knowing.

1 Like

We today set up an IT group to study this issue. Will update you the progress later.

B.R.
Konger

4 Likes

On the VRMust forum:

This is quite alarming, hopefully one pimax have had a chance to look (quickly!!) into this they can explain how our email addresses have been obtained and what (if any) other information has had the potential to also be acquired?

8 Likes
2 Likes

Ages back someone pointed out how easy it was to extract our information from pimax. Something like ‘3 lines of Python code and a forum username’ was all that was needed to get all of our details. Name, home address, email…
I believe pimaxusa just scoffed at it and belittled him.
The OP on the thread then hacked his own account to show how easy it was.
Got written off, I seem to remember further belittling and ‘I worked for NASA’ was the response. No listening, no learning…
I got the spam as well.

4 Likes

Are my credit card details safe ?

1 Like

The security risk I’m remembering was only our personal details. But if you trust pimax to do a competent job of anything then you haven’t been paying attention.

2 Likes

I believe the answer to the security risk to our personal details and the need to fix it was along the lines of:
[PimaxUSA]

234d

I guess receiving personal attacks are part of the job etc… But FYI I ran one of the large IT dept’s at NASA for 10 years and worked in FCR (Now MCC-H) for 4. Developed satellite ground station encryption routines that were in use for many years. I was also worked inside a team evolving the NIST-ITL standard as well for fingerprint identification before I went the private route and the arm I ran had 1,900 direct reports in 2018.

[End quote]

So I guess that means he didn’t fix the security leak on pimax then.

3 Likes

This was the old pre order self check link. This was fixed up later as I had elevated the concern here on the forum with @rava to open pimax team members via PM.

From my understanding the leak had more to do with user name & address & maybe delivery date if en route. Nevertheless a very serious security issue.

3 Likes

I got the same email as well,

Maybe this is something that needs to be taken up with GDPR as pimax has an obligation to keep our data safe.

KraitPhantom