Info Rhythmic Robot has been hacked.
-
ChamomileShark ChamomileShark https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=25116
- KVRAF
- 3243 posts since 12 May, 2004 from Oxford, UK
So don't attempt to buy from them over the next few days.
Got this email
"Dear Friend of Rhythmic Robot,
Important: please read the whole email
Over the past week our site has been hacked – here's what you need to know
Last weekend, we started having what we thought were technical issues with our website (we sent you a mailshot about these). It now turns out that the site was the victim of a very aggressive, persistent hacker. We closed the site down and are now in the process of migrating it from our existing web servers to a much more secure hosting platform which will, we sincerely hope, prevent this kind of thing ever happening again.
But meanwhile, the hacker has cloned our site and is operating it with the slightly-altered URL spelling of "rhythmicsrobot.com" – with an "s" in the middle. We're also aware that he is sending out fake invoice emails trying to get customers to pay him. We are in the process of trying to get this site closed down by its hosting provider.
It's very important that you know the following:
Your financial details are safe. Financial details (credit card numbers etc) are NEVER stored with us: all payments on our site are handled throughPayPal's highly-secure servers. So whatever method of payment you've used to pay with us in the past, is safe.
Your email address was stored on our site, and I'm really sorry to say we have to assume the hacker has access to that. The worst that can come from this, I would think, is the kind of phishing scam that he's attempting by sending out fake invoices: many of these will be caught automatically if your email program has a spam setting, but...
...If you get ANY invoice email that seems to come from us, IGNORE IT COMPLETELY and just delete it. In general, please be vigilant about emails that claim to come from Rhythmic Robot but which don't look like our usual "house style". Please check any links in emails before clicking on them.
Do not try to buy anything from the site at the moment. Or any site that looks like us. We'll send you a proper announcement once things are completely resolved and safe.
We are in the process of alerting the necessary authorities of this data breach.
Finally, we are determined to get this sorted; and the moment it is, we'll get in touch with one of these typically-colourful mailshots to let you know.
We apologise sincerely for this. We have engaged an excellent team of specialists to take charge of resolving the matter and hosting the site for us: we're not leaving this up to Mongo, we've got the pros in.
Thank you for your support and for your patience, and again, we're deeply sorry that this has happened.
Best wishes,
The Professor (and Mongo)"
Got this email
"Dear Friend of Rhythmic Robot,
Important: please read the whole email
Over the past week our site has been hacked – here's what you need to know
Last weekend, we started having what we thought were technical issues with our website (we sent you a mailshot about these). It now turns out that the site was the victim of a very aggressive, persistent hacker. We closed the site down and are now in the process of migrating it from our existing web servers to a much more secure hosting platform which will, we sincerely hope, prevent this kind of thing ever happening again.
But meanwhile, the hacker has cloned our site and is operating it with the slightly-altered URL spelling of "rhythmicsrobot.com" – with an "s" in the middle. We're also aware that he is sending out fake invoice emails trying to get customers to pay him. We are in the process of trying to get this site closed down by its hosting provider.
It's very important that you know the following:
Your financial details are safe. Financial details (credit card numbers etc) are NEVER stored with us: all payments on our site are handled throughPayPal's highly-secure servers. So whatever method of payment you've used to pay with us in the past, is safe.
Your email address was stored on our site, and I'm really sorry to say we have to assume the hacker has access to that. The worst that can come from this, I would think, is the kind of phishing scam that he's attempting by sending out fake invoices: many of these will be caught automatically if your email program has a spam setting, but...
...If you get ANY invoice email that seems to come from us, IGNORE IT COMPLETELY and just delete it. In general, please be vigilant about emails that claim to come from Rhythmic Robot but which don't look like our usual "house style". Please check any links in emails before clicking on them.
Do not try to buy anything from the site at the moment. Or any site that looks like us. We'll send you a proper announcement once things are completely resolved and safe.
We are in the process of alerting the necessary authorities of this data breach.
Finally, we are determined to get this sorted; and the moment it is, we'll get in touch with one of these typically-colourful mailshots to let you know.
We apologise sincerely for this. We have engaged an excellent team of specialists to take charge of resolving the matter and hosting the site for us: we're not leaving this up to Mongo, we've got the pros in.
Thank you for your support and for your patience, and again, we're deeply sorry that this has happened.
Best wishes,
The Professor (and Mongo)"
Pastoral, Kosmiche, Ambient Music https://markgriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
-
- KVRian
- 991 posts since 29 May, 2011 from Germany
Below is the mail that I received. That hacker apparently copied the whole shop, and when trying (with random name/address entered) to check out, I was even taken to the regular PayPal login page, so it might be worth it to trace where the money goes. Shame I couldn´t get the products I wanted at 50% off though
"Dear Friend of Rhythmic Robot,
As we are constantly looking for new ways to improve our customer value and to ensure their satisfaction.
We are happy to inform you that we reviewed the price lists of all our products.
This has made it possible for our company to be reducing the prices by 50% for all the products.
https://www.rhythmicsrobot.com
If you would like to place an order at this new price, or ask any questions regarding this matter, please do not hesitate to contact us
In the meantime, we thank you again for doing business with our company."
"Dear Friend of Rhythmic Robot,
As we are constantly looking for new ways to improve our customer value and to ensure their satisfaction.
We are happy to inform you that we reviewed the price lists of all our products.
This has made it possible for our company to be reducing the prices by 50% for all the products.
https://www.rhythmicsrobot.com
If you would like to place an order at this new price, or ask any questions regarding this matter, please do not hesitate to contact us
In the meantime, we thank you again for doing business with our company."
- KVRAF
- 8618 posts since 29 Sep, 2010 from Maui
What's worse is the business that don't even realize they have been compromised. I can say
for sure that someone was able to get my credit card data and use it recently. Not saying
it has anything at all to do with this incident, just saying to keep a close eye on your
funds as a rule in this day and age.
for sure that someone was able to get my credit card data and use it recently. Not saying
it has anything at all to do with this incident, just saying to keep a close eye on your
funds as a rule in this day and age.
-
- KVRAF
- 6465 posts since 8 Jun, 2009
A lot of the time, the details and credit cards used to pay for domains and hosting are stolen and they funnel the money through some mule who probably doesn't realise their Paypal account is being used.epiphaneia wrote: Sun Aug 02, 2020 9:09 am Below is the mail that I received. That hacker apparently copied the whole shop, and when trying (with random name/address entered) to check out, I was even taken to the regular PayPal login page, so it might be worth it to trace where the money goes.
The hacker might be an idiot and used their own but it seems unlikely as they've got a complete fake site with a shopfront up and running very quickly and seem to have been trying to milk the user base as fast as they can before they get shut down.
-
- KVRist
- 264 posts since 25 Oct, 2008
Had an email through from Rhythmicsrobot has the extra s in it.
-
ChamomileShark ChamomileShark https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=25116
- KVRAF
- Topic Starter
- 3243 posts since 12 May, 2004 from Oxford, UK
A further email for those who aren't on the newsletter
"More information about the recent hack
...please read carefully, some of this information is very important
Since yesterday's mailshot explaining that our website has been hacked, we've been able to look more closely into what's happened and we've also had specific questions come in from some of you which deserve to be answered. We're also aware that the hackers are now using the cloned site to solicit for business, which is a real worry since accessing their fake site and putting in credit card details etc would be very dangerous. So do please read the following carefully.
1. THERE IS NOW A FAKE WEBSITE SENDING FAKE EMAILS
The hacker is using a cloned version of our website and calling it rhythmicsrobot (with an "s" in the middle of the website address). He has started sending out fake "phishing" emails with the title "WE'RE BACK !!" and from the mailing address "Rhythmics Robot" (with an "s") which read:
Dear Friend of Rhythmic Robot,
As we are constantly looking for new ways to improve our customer value and to ensure their satisfaction. We are happy to inform you that we reviewed the price lists of all our products.
This has made it possible for our company to be reducing the prices by 50% for all the products.
(fake site address, with an "s" in the middle)
If you would like to place an order at this new price, or ask any questions regarding this matter, please do not hesitate to contact us
In the meantime, we thank you again for doing business with our company.
Needless to say, following the link to the site, and trying to buy something from him, is effectively handing over both money and information to a criminal. Keep away, trash the email, don't follow the links. We are pursuing action to have this site taken down, but of course he may simply relocate it. You may be able to set your email program to recognise emails from "rhythmicsrobot" with an "s" as spam.
2. FULL LIST OF THE DATA TO WHICH THE HACKER HAS ACCESS
Our eCommerce suite, WooCommerce, stores data about you in order to process your orders. We have to assume the hacker has access to all of this. Please read this bit carefully so you can see what applies to you.
YOUR PASSWORD The hacker will have access to the password you set on our site. If you stuck with the default password set for you, this isn't an issue. But if you changed the password to the same one that you use elsewhere on the web, there is a security risk. For example – if you used the same password for RhythmicRobot, FaceBook and PayPal, the hacker might try to access those other sites using your password.
WHAT SHOULD YOU DO? This is important! Log in to any other sites that you believe may have the same password you used on RhythmicRobot, and change the password – ideally to something "strong" including letters, symbols and numbers in a random order. Use different passwords on different websites.
YOUR EMAIL ADDRESS As we outlined above, the hacker is already sending "phishing" emails to some of our customers, trying to encourage them to visit the fake site.
WHAT SHOULD YOU DO? Ignore these emails, don't click on any links, and ideally set your email program to flag anything from rhythmicsrobot (with an "s") as spam.
YOUR NAME, ADDRESS AND PHONE NUMBER Storing these is a legal tax requirement in the EU: we are required to maintain records of who our customers are and where they're from. The hacker will have access to your name, postal address and possibly your phone number.
WHAT SHOULD YOU DO? We think there is nothing you need to do about this one. This information is all effectively "public domain", and can be easily be read from electoral registers, phone books etc online. He hasn't gained anything here that wasn't already widely available, and although it sounds unsettling, in order for your name and address to be of any malicious use (for example, in identity theft), he would also need bank account details, Social Security details, date of birth, etc, none of which we store. We want you to be aware of this element of the breach, but we don't think you should be worried by it.
3. ARE MY CREDIT CARD DETAILS REALLY SAFE?
Yes – card details, payment information and so on were not handled by our site but by PayPal, which is really secure. BUT, as we said above, if you used the same web password for RhythmicRobot and any other website – especially PayPal – you should log in to those other sites and change your password.
4. WHAT HAPPENS NEXT
We are taking all the steps we can to deal with the situation. If you change your passwords for other sites, and ignore phishing emails from the fake site, we think you can now relax and let us get on with this. Steps we're taking include:
Informing the data protection authorities of the breach
Relocating the site to more secure servers
Changing all on-site passwords
Ensuring the site is as secure as possible for the future
We hope to be properly up and running again in the near future – probably around the end of August or beginning of September.
We're genuinely, deeply sorry for any worry or hassle this causes you. If you've got any further questions, of course do please get in touch and we'll do our best to answer them. We are, and have always been, a small business trying to make cool musical instruments; dealing with a really nasty criminal attack is a new one for us, but we're determined to fight back.
Finally – a huge, heartfelt thank you to all of you who've written in with messages of support and sympathy, practical suggestions for how to proceed, or offers to go and hunt the hacker down and do unspeakable things to him. We're incredibly lucky to have customers like you: you guys are the best
"
"More information about the recent hack
...please read carefully, some of this information is very important
Since yesterday's mailshot explaining that our website has been hacked, we've been able to look more closely into what's happened and we've also had specific questions come in from some of you which deserve to be answered. We're also aware that the hackers are now using the cloned site to solicit for business, which is a real worry since accessing their fake site and putting in credit card details etc would be very dangerous. So do please read the following carefully.
1. THERE IS NOW A FAKE WEBSITE SENDING FAKE EMAILS
The hacker is using a cloned version of our website and calling it rhythmicsrobot (with an "s" in the middle of the website address). He has started sending out fake "phishing" emails with the title "WE'RE BACK !!" and from the mailing address "Rhythmics Robot" (with an "s") which read:
Dear Friend of Rhythmic Robot,
As we are constantly looking for new ways to improve our customer value and to ensure their satisfaction. We are happy to inform you that we reviewed the price lists of all our products.
This has made it possible for our company to be reducing the prices by 50% for all the products.
(fake site address, with an "s" in the middle)
If you would like to place an order at this new price, or ask any questions regarding this matter, please do not hesitate to contact us
In the meantime, we thank you again for doing business with our company.
Needless to say, following the link to the site, and trying to buy something from him, is effectively handing over both money and information to a criminal. Keep away, trash the email, don't follow the links. We are pursuing action to have this site taken down, but of course he may simply relocate it. You may be able to set your email program to recognise emails from "rhythmicsrobot" with an "s" as spam.
2. FULL LIST OF THE DATA TO WHICH THE HACKER HAS ACCESS
Our eCommerce suite, WooCommerce, stores data about you in order to process your orders. We have to assume the hacker has access to all of this. Please read this bit carefully so you can see what applies to you.
YOUR PASSWORD The hacker will have access to the password you set on our site. If you stuck with the default password set for you, this isn't an issue. But if you changed the password to the same one that you use elsewhere on the web, there is a security risk. For example – if you used the same password for RhythmicRobot, FaceBook and PayPal, the hacker might try to access those other sites using your password.
WHAT SHOULD YOU DO? This is important! Log in to any other sites that you believe may have the same password you used on RhythmicRobot, and change the password – ideally to something "strong" including letters, symbols and numbers in a random order. Use different passwords on different websites.
YOUR EMAIL ADDRESS As we outlined above, the hacker is already sending "phishing" emails to some of our customers, trying to encourage them to visit the fake site.
WHAT SHOULD YOU DO? Ignore these emails, don't click on any links, and ideally set your email program to flag anything from rhythmicsrobot (with an "s") as spam.
YOUR NAME, ADDRESS AND PHONE NUMBER Storing these is a legal tax requirement in the EU: we are required to maintain records of who our customers are and where they're from. The hacker will have access to your name, postal address and possibly your phone number.
WHAT SHOULD YOU DO? We think there is nothing you need to do about this one. This information is all effectively "public domain", and can be easily be read from electoral registers, phone books etc online. He hasn't gained anything here that wasn't already widely available, and although it sounds unsettling, in order for your name and address to be of any malicious use (for example, in identity theft), he would also need bank account details, Social Security details, date of birth, etc, none of which we store. We want you to be aware of this element of the breach, but we don't think you should be worried by it.
3. ARE MY CREDIT CARD DETAILS REALLY SAFE?
Yes – card details, payment information and so on were not handled by our site but by PayPal, which is really secure. BUT, as we said above, if you used the same web password for RhythmicRobot and any other website – especially PayPal – you should log in to those other sites and change your password.
4. WHAT HAPPENS NEXT
We are taking all the steps we can to deal with the situation. If you change your passwords for other sites, and ignore phishing emails from the fake site, we think you can now relax and let us get on with this. Steps we're taking include:
Informing the data protection authorities of the breach
Relocating the site to more secure servers
Changing all on-site passwords
Ensuring the site is as secure as possible for the future
We hope to be properly up and running again in the near future – probably around the end of August or beginning of September.
We're genuinely, deeply sorry for any worry or hassle this causes you. If you've got any further questions, of course do please get in touch and we'll do our best to answer them. We are, and have always been, a small business trying to make cool musical instruments; dealing with a really nasty criminal attack is a new one for us, but we're determined to fight back.
Finally – a huge, heartfelt thank you to all of you who've written in with messages of support and sympathy, practical suggestions for how to proceed, or offers to go and hunt the hacker down and do unspeakable things to him. We're incredibly lucky to have customers like you: you guys are the best
Pastoral, Kosmiche, Ambient Music https://markgriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
-
ChamomileShark ChamomileShark https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=25116
- KVRAF
- Topic Starter
- 3243 posts since 12 May, 2004 from Oxford, UK
ok, they've just sent a further note
"PS – further info on passwords
This is better news: I'll keep it brief...
I've checked with our new, pro site hosts and they confirm that the passwords stored in our eCommerce database were encrypted to the same standards used by WordPress. They're not in plain text. This means the hacker has no direct access to your password.
But in the words of our new IT guys, "encrypted passwords could in theory be decoded by a hacker with a lot of resources".
Under the circumstances we still think it's best practice for you to follow our suggestion in the previous email for changing your password on any sensitive sites you visit – things like PayPal, online banking if you use it, etc. But still, I hope this is reassuring.
I also hope that you now have all the information you need about this – so I'm going to leave you alone to get on with your Summer! If you have any questions, just reply and ask; we'll try to get back to you as a matter of urgency."
"PS – further info on passwords
This is better news: I'll keep it brief...
I've checked with our new, pro site hosts and they confirm that the passwords stored in our eCommerce database were encrypted to the same standards used by WordPress. They're not in plain text. This means the hacker has no direct access to your password.
But in the words of our new IT guys, "encrypted passwords could in theory be decoded by a hacker with a lot of resources".
Under the circumstances we still think it's best practice for you to follow our suggestion in the previous email for changing your password on any sensitive sites you visit – things like PayPal, online banking if you use it, etc. But still, I hope this is reassuring.
I also hope that you now have all the information you need about this – so I'm going to leave you alone to get on with your Summer! If you have any questions, just reply and ask; we'll try to get back to you as a matter of urgency."
Pastoral, Kosmiche, Ambient Music https://markgriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
-
- KVRAF
- 10367 posts since 2 Sep, 2003 from Surrey, UK
Also, Norton Safe Web flags the site as "Caution". I guess that could be upgraded (downgraded?) to "Warning" or "Unsafe" or ...
- KVRAF
- 44083 posts since 11 Aug, 2008 from clown world
Another one:
What a c*ntRhythmic Robot <info@rhythmicsrobot.com>
Dear Friend of Rhythmic Robot,
As we are constantly looking for new ways to improve our customer value and to ensure their satisfaction.
We are happy to inform you that we reviewed the price lists of all our products.
This has made it possible for our company to be reducing the prices by 50% for all the products.
https://www.rhythmicsrobot.com
If you would like to place an order at this new price, or ask any questions regarding this matter, please do not hesitate to contact us
In the meantime, we thank you again for doing business with our company.
Check NOW
The Professor (and Mongo)
This is the same method MJ used when he was working on Anthony Marinelli's Thriller.
-
- KVRist
- 379 posts since 15 Jan, 2012 from UK
Hi guys,
Many thanks for reposting our emails here – that's very kind of you. I logged in this morning intending to do it myself, but you'd beaten me to it!
We are strongly on the case of these guys: we've had the fake site taken down by its hosts, and have reported it to Google, Norton etc; but of course there's the strong possibility it'll pop up again elsewhere, and meanwhile phishing emails may still continue to emerge, so do please remain vigilant.
Our intention is to relaunch the genuine site in early September or thereabouts, at which point of course we'll let the community know. For now, please don't try to visit us or anyone claiming to be us – that will help keep a lid on things.
Meanwhile, huge thanks to everyone who's offered to help. We've had some humbling advice and offers from cybersecurity professionals, programmers, web specialists and other hugely knowledgeable folks, all very much on our side. We're extremely grateful to all of you.
Best wishes, and see you soon,
The Professor (and Mongo)
Many thanks for reposting our emails here – that's very kind of you. I logged in this morning intending to do it myself, but you'd beaten me to it!
We are strongly on the case of these guys: we've had the fake site taken down by its hosts, and have reported it to Google, Norton etc; but of course there's the strong possibility it'll pop up again elsewhere, and meanwhile phishing emails may still continue to emerge, so do please remain vigilant.
Our intention is to relaunch the genuine site in early September or thereabouts, at which point of course we'll let the community know. For now, please don't try to visit us or anyone claiming to be us – that will help keep a lid on things.
Meanwhile, huge thanks to everyone who's offered to help. We've had some humbling advice and offers from cybersecurity professionals, programmers, web specialists and other hugely knowledgeable folks, all very much on our side. We're extremely grateful to all of you.
Best wishes, and see you soon,
The Professor (and Mongo)
-
ChamomileShark ChamomileShark https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=25116
- KVRAF
- Topic Starter
- 3243 posts since 12 May, 2004 from Oxford, UK
Glad to be of help.
Pastoral, Kosmiche, Ambient Music https://markgriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
Experimental Music https://markdaltongriffiths.bandcamp.com/
-
- KVRian
- 991 posts since 29 May, 2011 from Germany
Now if there was a real 50% off-sale though... 
-
- KVRAF
- 2069 posts since 13 Dec, 2016
the professor wrote: Tue Aug 04, 2020 10:27 am Hi guys,
Many thanks for reposting our emails here – that's very kind of you. I logged in this morning intending to do it myself, but you'd beaten me to it!![]()
We are strongly on the case of these guys: we've had the fake site taken down by its hosts, and have reported it to Google, Norton etc; but of course there's the strong possibility it'll pop up again elsewhere, and meanwhile phishing emails may still continue to emerge, so do please remain vigilant.
Our intention is to relaunch the genuine site in early September or thereabouts, at which point of course we'll let the community know. For now, please don't try to visit us or anyone claiming to be us – that will help keep a lid on things.
Meanwhile, huge thanks to everyone who's offered to help. We've had some humbling advice and offers from cybersecurity professionals, programmers, web specialists and other hugely knowledgeable folks, all very much on our side. We're extremely grateful to all of you.
Best wishes, and see you soon,
The Professor (and Mongo)
Sorry to hear what happened to you and your business.
What is, except of hiring expensive security specialists and teams.. the best way to protect our websites from being hacked? Will a super strong password do the job or is even that no problem for agressive hackers?
All the best to you!
Its over for Bitwig--CUBASE WON !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
