QR data leak?

Old Dec 13, 2020, 4:03 pm
  #1  
Original Poster
 
Join Date: Jun 2018
Posts: 935
QR data leak?

Ive just received an email relating to 50% off the purchase of emails. Have checked the email address its come from - looks legitimate.

its: [email protected]

when clicking through the link, my phone popped up with a message stating that my account details were involved in a leak. It invited me to let the phone create a new password.

Anyone else had this?! Cant see it mentioned anywhere else at the moment.
Tofino87 is offline  
Old Dec 13, 2020, 5:29 pm
  #2  
 
Join Date: Dec 2007
Posts: 223
qatar probably detected that the same username and password you use for Qatar were also used on another website that was compromised.
pstation is offline  
Old Dec 13, 2020, 5:36 pm
  #3  
 
Join Date: Nov 2018
Location: HKG, BHX, MAN
Programs: Qatar Gold (OWS), Asiana Diamond (*G)
Posts: 1,493
It's best to check if the email is actually theirs by completing a 'general enquiry' form. Also change your QRPC password on qatarairways.com.
realgaga is offline  
Old Dec 13, 2020, 6:44 pm
  #4  
FlyerTalk Evangelist
 
Join Date: Apr 2001
Location: MEL CHC
Posts: 20,920
Clicking links in emails is always dangerous
The legitimate address can be masquerading for a scam address

https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
Mwenenzi is offline  
Old Dec 13, 2020, 8:35 pm
  #5  
FlyerTalk Evangelist
 
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
Originally Posted by Mwenenzi
Clicking links in emails is always dangerous
The legitimate address can be masquerading for a scam address

https://qmiles.com.websiteoutlook.com/
https://www.whois.com/whois/qmiles.com
Indeed.
This link masquerading is a common cause of trouble.
Better to never click on a link.
brunos is offline  
Old Dec 13, 2020, 9:04 pm
  #6  
FlyerTalk Evangelist
 
Join Date: Apr 2001
Location: MEL CHC
Posts: 20,920
Originally Posted by brunos
Indeed.
This link masquerading is a common cause of trouble.
Better to never click on a link.
Originally Posted by Tofino87
<snip>
when clicking through the link, my phone popped up with a message stating that my account details were involved in a leak. It invited me to let the phone create a new password.
<snip>
So giving your new password & details to a scammer?
Mwenenzi is offline  
Old Dec 13, 2020, 10:58 pm
  #7  
FlyerTalk Evangelist
 
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
Originally Posted by realgaga
It's best to check if the email is actually theirs by completing a 'general enquiry' form. Also change your QRPC password on qatarairways.com.
Wise suggestion.
It could be a real email from QR or a scam.
But asking your phone to self-generate a password is weird.
brunos is offline  
Old Dec 13, 2020, 11:15 pm
  #8  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,883
From what the OP has described, it sounds like a function of Google Chrome running your username and password through a database of known compromised credentials. It's hard to be certain but it sounds like it.

https://support.google.com/chrome/thread/23534509?hl=en

the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
plunet is offline  
Old Dec 14, 2020, 1:45 am
  #9  
FlyerTalk Evangelist
 
Join Date: Jul 2006
Location: Hong Kong, France
Programs: FB , BA Gold
Posts: 15,495
Originally Posted by plunet
From what the OP has described, it sounds like a function of Google Chrome running your username and password through a database of known compromised credentials. It's hard to be certain but it sounds like it.

https://support.google.com/chrome/thread/23534509?hl=en

the way the scan works if is that it is not specific to the site you're are logging into, just that your username and password combination has been compromised sometime someplace. This shows why it is a very bad idea to use the same password on multiple websites, once your creds are compromised in one place they can log in elsewhere.
I doubt. According to the OP he received a message sent apparently from some QR mailbox.
Google Chrome sends a popup warning when you login to Chrome (maybe to other Google applications).
brunos is offline  
Old Dec 14, 2020, 1:50 am
  #10  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,883
Originally Posted by brunos
I doubt. According to the OP he received a message sent apparently from some QR mailbox.
Google Chrome sends a popup warning when you login to Chrome (maybe to other Google applications).
If the pop up happened after entering a username and password, then the behaviour is aligned with the Chrome compromised creds function. But if the pop up happened before a username and password was entered, then I agree it was probably a phishing site.
plunet is offline  
Old Dec 14, 2020, 4:09 am
  #11  
 
Join Date: Oct 2015
Location: Economy, mostly :(
Programs: Skywards Gold
Posts: 7,801
It's trivial to sent any "From" email, I could send you an email right now appearing to be from @qatar.com. the only way to check the actual sender is via the message headers but as many companies use third party email sending tools even this isn't a foolproof way to ensure an emails veracity
skywardhunter is offline  
Old Dec 14, 2020, 4:46 am
  #12  
Original Poster
 
Join Date: Jun 2018
Posts: 935
Originally Posted by skywardhunter
It's trivial to sent any "From" email, I could send you an email right now appearing to be from @qatar.com. the only way to check the actual sender is via the message headers but as many companies use third party email sending tools even this isn't a foolproof way to ensure an emails veracity
Hi All, thanks for your replies. Very helpful to get other peoples two cents.

Ive opened an enquiry with QR and theyve asked for a screenshot of the QMiles offer email, which Ive duly submitted.

Regarding the email header, I clicked through this to display the actual email address it was sent from (as I know I could send an email purporting to be from the White House, for example, if I wanted to).

Well see what QR come back with, but in the meantime Ill be changing my password via the legit website.



The email address it came from
Tofino87 is offline  
Old Dec 14, 2020, 4:56 am
  #13  
Original Poster
 
Join Date: Jun 2018
Posts: 935

The email... with private details removed
Tofino87 is offline  
Old Dec 14, 2020, 1:09 pm
  #14  
Original Poster
 
Join Date: Jun 2018
Posts: 935
Originally Posted by plunet
If the pop up happened after entering a username and password, then the behaviour is aligned with the Chrome compromised creds function. But if the pop up happened before a username and password was entered, then I agree it was probably a phishing site.
Confirmed, not solely related to QR. A genuine issue was picked up.

Needless to say every account now has different passwords, which are significantly more robust.
joachimm likes this.
Tofino87 is offline  
Old Dec 14, 2020, 3:33 pm
  #15  
 
Join Date: Sep 2015
Location: BOS
Programs: Hyatt Glob/UA Gold
Posts: 601
Originally Posted by Tofino87
Confirmed, not solely related to QR. A genuine issue was picked up.

Needless to say every account now has different passwords, which are significantly more robust.
This is always a good time: https://haveibeenpwned.com/. I find myself in new breaches every 3-4 months. It is legit, they check your email only, but can give you info about whether your password was part of the breach, and whether it was stored in cleartext or encrypted, sometimes how likely it is that your password has been cracked using rainbow tables, etc.

It's just a good idea to have separate passwords for all of your points & miles & financial accounts (+ google) and to change them every 3-6 months at least.
joachimm is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.