I wasn't too concerned when BBI was recently hacked, since the password I used to log into BBI was an extremely old one, and none of my other online accounts still used that password. Or so I thought.
I completely forgot about my Turbotax account, which used the same ID and password as BBI.
Today, I discovered that somebody had logged into my Turbotax account, and filed my federal taxes for me. Every number entered into my tax return was bogus, with the ultimate goal of having a $514 refund direct deposited into a mystery bank account.
I'm not 100% certain this was due to the BBI breach, but all signs suggest that it was. The Turbotax rep informed that they just had a 3rd party security firm perform a complete analysis of their infrastructure just 2-3 weeks ago, who concluded that Turbotax had not been compromised in any way.
I just wanted to give you guys a heads up, in case this was related to the BBI breach. If you use that old BBI password anywhere else, make sure you change it, just to be on the safe side.
Holy mackerel
I thought that would have just been a common sense move. Sorry to hear about what happened but I just don't understand why you'd use your TurboTax password anywhere else.
Thanks for the heads up...what a fucking pain in the ass now.
Never even thought TurboTax would be a concern.
Everything recent has different usernames and credentials, outside of some older gaming platforms that I still might use, but those are all configured for 2-factor authentication and all have varying passwords.
I've actually got some background in security. This was a huge (and dumb) oversight on my part.
I'm not here to point fingers. I'm not here bitching. I'm simply here to give you dicks a heads up, in case anybody dismissed the potential impact of the recent breach here.
I'm on hold with TurboTax right now.
I should change my password now to the same as my BBI password (which I never changed b/c this is the only site where I use that password).
the bigger issue is that now someone has the social sec numbers for my entire family.
Hope things work out for both of you guys. Shitty.
lol, I'm on their website right now also. Multi-tasking!
that way you can see any new accounts opened with that SSN.
Lifelock will do it too but in Mass the credit reporting agencies need to provide you an annual credit report free of charge, not sure about your state.
that way you can see any new accounts opened with that SSN.
Lifelock will do it too but in Mass the credit reporting agencies need to provide you an annual credit report free of charge, not sure about your state.
Federal law requires each of the credit agencies to provide you with one free report per year. Here is the site to get them:
Annual Credit Report - ( New Window )
yeah, it's not like e-mail addresses were part of the hacked information that was posted in pastebin along with the passwords
Quote:
it but maybe consider lifelock?
lol, I'm on their website right now also. Multi-tasking!
That royally sucks man. I'm sorry to hear that. I listen to consumer advocate Clark Howard a lot and he seems to think credit monitoring software like Lifelock are essentially useless. As Steve in KY stated, go to the three major credit bureaus and freeze your credit. MUCH more effective for protection purposes.
Quote:
to hear about that, but why would TurboTax have the same user id that you use on BBI?
yeah, it's not like e-mail addresses were part of the hacked information that was posted in pastebin along with the passwords
exactly, my email that I used on here was compromised and locked out by yahoo after the BBI hack. Had to jump through hoops to prove that I am me so they would unlock it
User ID = 12345
Password = password.
But I quess I'll have to change them now.
User ID = userid
Password = 12345.
I have a thousand passwords for different things. I use my password for BBI and Turbo Tax the least out of any of them.
I never thought that a football website would get hacked and steal my password and use that as a link to submit a fraudulent tax return. Fun stuff, right? Yeah, read through my sarcasm.
Oh yeah...after almost two hours on the phone with TurboTax (1 hour and 45 minutes of that was on hold)...they can do absolutely nothing. They basically read from a website that my wife found in a 5 minute google search. This shit will probably haunt me for years. Plus, now I need to spend hundreds of dollars every year for god knows how long just to protect my family's identity through one of those lifelock type of services.
Awesome night.
You can find this form here:
http://www.irs.gov/pub/irs-pdf/f14039.pdf
I also need to file a complaint with the FTC:
http://www.consumer.ftc.gov/features/feature-0014-identity-theft
If you prefer a phone call:
FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261
Here are some steps from the IRS on what to do if your SSN is compromised:
http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft
Turbotax also offered me 2 free years of fraud protection with Experian, which I accepted. They are also arranging for a CPA to assist with my taxes this year, free of charge. I didn't raise any fuss at all during my call, so these were simply good will gestures. I hope you received the same offers.
I guess the thing that dawned on me is how shitty the security at TurboTax is. I mean, they've got all of your personal data on file and all you need is a simple password to get in? It's ten times harder to log in to pay my Home Depot bill. And once you are in, you can't see any personal info anyway. Fucking TurboTax.
Ned, don't believe so. At least what was posted on pastebin only contained the current password
Ned...the hacker took a snap shot of the e-mails and BBI passwords at the time of the hack. Old passwords are not stored.
It also looks like more than half the e-mail addresses we had on file were actually so old that they were no longer valid.
Walt in MD : 9:16 pm : link : reply
And your car got stolen? You wore a short dress and got molested?
The password is, haveaseatrightthere..
Ned...the hacker took a snap shot of the e-mails and BBI passwords at the time of the hack. Old passwords are not stored.
It also looks like more than half the e-mail addresses we had on file were actually so old that they were no longer valid.
What does it matter anyway if he used his handle? Passwords weren't public and the hacker got those anyway. Many email addresses were hidden but the hacker got those anyway. Might as well take my handle too. Shit happened and people got fucked. What else is there to do but move on.
Quote:
does anyone know if old passwords were seen by the hackers? (formerly Ned Higgins) Thankfully I changed my password a few months ago to an obscure one that was unique to BBI.
Ned, don't believe so. At least what was posted on pastebin only contained the current password
Thanks Mook. Horror stories like this make me incredibly paranoid. Thankfully I was able to file my taxes but after reading this I changed my password on my tax site and my yahoo email too.
Everything recent has different usernames and credentials, outside of some older gaming platforms that I still might use, but those are all configured for 2-factor authentication and all have varying passwords.
I've actually got some background in security. This was a huge (and dumb) oversight on my part.
I'm not here to point fingers. I'm not here bitching. I'm simply here to give you dicks a heads up, in case anybody dismissed the potential impact of the recent breach here.
I didn't mean to be a prick was just joking...hope it all works out..
The problem is (and the reason you will need the Advocate's help) is that the IRS is so backlogged with ID theft cases that it can take them over a year to process your actual return, bc the initial fraudulent return is treated as original and yours as the amended one.
Good luck getting this straightened out. The only account password i forgot to change was my Earthlink account and that got hacked.
The feds have to make sure tax refunds are not sent to accounts where the receiving person cannot be identified. It's not easy but it's something that has to be done.
I've heard about this from several people.
This was absolutely the result of the hacking issue with BBI. TurboTax wasn't hacked. These jerkoffs find vulnerable websites to steal info from (user ids and passwords) and use that info for their identity theft purposes. If they are lucky, they find a crack in the armor, as was the case with me and others here on BBI. The only reason they were able to access my TurboTax is because the stole my password from BBI and it was the one password I didn't think to change.
After finding that it wasn't TurboTax's fault, they did absolutely nothing. It still boggles my mind how awful their security is. TurboTax has ALL my personal info and all you need is a simple password to access it. Every single merchandising website masks credit card numbers...why wouldn't they do the same with soc sec numbers and other personal data? Why not make it more difficult to access?
Quote:
stop taking returns for a while especially from Turbo Tax (Georgia was one of them), because of an issue with people filling false tax returns a few weeks back? This may not have been an issue with BBI.
This was absolutely the result of the hacking issue with BBI. TurboTax wasn't hacked. These jerkoffs find vulnerable websites to steal info from (user ids and passwords) and use that info for their identity theft purposes. If they are lucky, they find a crack in the armor, as was the case with me and others here on BBI. The only reason they were able to access my TurboTax is because the stole my password from BBI and it was the one password I didn't think to change.
After finding that it wasn't TurboTax's fault, they did absolutely nothing. It still boggles my mind how awful their security is. TurboTax has ALL my personal info and all you need is a simple password to access it. Every single merchandising website masks credit card numbers...why wouldn't they do the same with soc sec numbers and other personal data? Why not make it more difficult to access?
I just did a quick google search are all these people on BBI using Turbo Tax.
Google search of turbo tax hacked - ( New Window )
Quote:
In comment 12153497 Fred in Atlanta said:
Quote:
stop taking returns for a while especially from Turbo Tax (Georgia was one of them), because of an issue with people filling false tax returns a few weeks back? This may not have been an issue with BBI.
This was absolutely the result of the hacking issue with BBI. TurboTax wasn't hacked. These jerkoffs find vulnerable websites to steal info from (user ids and passwords) and use that info for their identity theft purposes. If they are lucky, they find a crack in the armor, as was the case with me and others here on BBI. The only reason they were able to access my TurboTax is because the stole my password from BBI and it was the one password I didn't think to change.
After finding that it wasn't TurboTax's fault, they did absolutely nothing. It still boggles my mind how awful their security is. TurboTax has ALL my personal info and all you need is a simple password to access it. Every single merchandising website masks credit card numbers...why wouldn't they do the same with soc sec numbers and other personal data? Why not make it more difficult to access?
I just did a quick google search are all these people on BBI using Turbo Tax. Google search of turbo tax hacked - ( New Window )
Fred, I really don't understand your point. No, I don't think that all the people affected by the TurboTax issue are on BBI. Obviously. If that was your point then it was a stupid one.
But, yes, I firmly believe that my TurboTax was hacked as a direct result of the BBI breach. Are you really trying to argue otherwise? I really hope you are not that dense.
User ID = 12345
Password = password.
But I quess I'll have to change them now.
User ID = userid
Password = 12345.
You fool! You didn't even change your password!
My suggestion: 54321
You're welcome.
It has my credit card linked to it, and fortunately it is not the same as my bbi info.
I don't understand what info was stolen that allowed someone to file a return for you - to my knowledge, turbo tax is software package where your return, and personal info is stored on your desktop NOT by turbo tax - it sounds like spyware or some other hack on your machine rather than turbo tax. Not saying anything about whether it was related to BBI, just trying to understand how your personal info is stored by turbo tax.
It has my credit card linked to it, and fortunately it is not the same as my bbi info.
I don't understand what info was stolen that allowed someone to file a return for you - to my knowledge, turbo tax is software package where your return, and personal info is stored on your desktop NOT by turbo tax - it sounds like spyware or some other hack on your machine rather than turbo tax. Not saying anything about whether it was related to BBI, just trying to understand how your personal info is stored by turbo tax.
No, you have an account with Intuit.
So which one of fekers trying to log into my gmail account from SE florida?
People who are bashing a guy that came here to help others suck FYI and I hope your Karma gets you. When it does I hope nobody tries and make you feel bad for posting information that may affect others. It looks like at least one other guy was affected by this also. I respect those that came back and at least apologized though.
Best of luck to whoever got screwed in this whole thing. Hopefully it resolves.
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Maybe...maybe not. But coincidence is a funny thing. There are a number of people on this thread alone that were hacked in some fashion after the BBI breach. Two of us on TurboTax.
But, just coincidence, right?
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Except that has nothing to do with what happened here. The article says that they need your SSN and they create a fraudulent account. The two people here have legitimate accounts that were hacked. Big difference.
I have a feeling that there will be lawyers having conversations over this when all is said and done.
Quote:
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Maybe...maybe not. But coincidence is a funny thing. There are a number of people on this thread alone that were hacked in some fashion after the BBI breach. Two of us on TurboTax.
But, just coincidence, right?
Well coincidence is usually the end product of multiple factors. Sorry, but i am a novice at IT stuff and i even knew not to use a password for a damn football site as one for my important personal stuff. Sorry this happened to you but much of the blame lies with yourself
Quote:
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Except that has nothing to do with what happened here. The article says that they need your SSN and they create a fraudulent account. The two people here have legitimate accounts that were hacked. Big difference.
I have a feeling that there will be lawyers having conversations over this when all is said and done.
They don't get someones SSI from BBI.
Quote:
In comment 12154630 montanagiant said:
Quote:
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Except that has nothing to do with what happened here. The article says that they need your SSN and they create a fraudulent account. The two people here have legitimate accounts that were hacked. Big difference.
I have a feeling that there will be lawyers having conversations over this when all is said and done.
They don't get someones SSI from BBI.
That's not what he's saying...
Quote:
In comment 12154630 montanagiant said:
Quote:
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Maybe...maybe not. But coincidence is a funny thing. There are a number of people on this thread alone that were hacked in some fashion after the BBI breach. Two of us on TurboTax.
But, just coincidence, right?
Well coincidence is usually the end product of multiple factors. Sorry, but i am a novice at IT stuff and i even knew not to use a password for a damn football site as one for my important personal stuff. Sorry this happened to you but much of the blame lies with yourself
Ahhh...and there it is...the asshole comes out. What's the matter, did I offend your precious BBI?
My only mistake was trusting that a "damn football site" would not be so careless with their members data. Sorry your a dickhead but much of that is on yourself.
Quote:
In comment 12154677 PhiPsi125 said:
Quote:
In comment 12154630 montanagiant said:
Quote:
Quote:
Robert Lee and Shane MacDougall, both former security executives at Intuit, spoke with KrebsOnSecurity.com about the company's dubious practices: Identity thieves have been creating fake accounts in droves to cash in on strangers' legitimate refunds. It's a simple maneuver: plug in someone else's Social Security number and other tax identification, then go through the same TurboTax steps as normal—only they bank the refund deposit, not you:
Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company's service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.
"If I sign up for an account and file tax refund requests on 100 people who are not me, it's obviously fraud," Lee said in an interview with KrebsOnSecurity. "We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts."
It's a near perfect online scam: with hacked social security numbers and other personally identifying fragments flooding the web, fraudsters need only create a free TurboTax account to siphon away someone else's refund. And because TurboTax allows filers to pay for the price of the software with their refund before they actually receive it, there's no need to submit or falsify a credit card number—it's free money for both Intuit and crooks.
Even more disturbingly, MacDougall says he was brushed off by management when he told them their company was providing an extremely easy and effective way to steal from the very people it purports to help:
"Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn't do anything that would 'hurt the numbers'," MacDougall wrote in his SEC filing. "Complainant repeatedly offered solutions to help stop the fraud, but was ignored."
link - ( New Window )
Maybe...maybe not. But coincidence is a funny thing. There are a number of people on this thread alone that were hacked in some fashion after the BBI breach. Two of us on TurboTax.
But, just coincidence, right?
Well coincidence is usually the end product of multiple factors. Sorry, but i am a novice at IT stuff and i even knew not to use a password for a damn football site as one for my important personal stuff. Sorry this happened to you but much of the blame lies with yourself
Ahhh...and there it is...the asshole comes out. What's the matter, did I offend your precious BBI?
My only mistake was trusting that a "damn football site" would not be so careless with their members data. Sorry your a dickhead but much of that is on yourself.
Actually you started the shitty aspect of the conversation with being snide at the end of your first response. Look, I just posted info you should know and you got defensive about it and a bit shitty, i just played off of that in my last response. I hopre this all ends up well for you but IMO saying you "trusted a football site" with info that is vital, really is pretty ignorant. Especially given the fact of what you do for a living. I hope you get it cleared up but the blame spreads well across all parties on this.
Listen, I really don't care to sit here and argue this with BBI drones like you. I'm knee deep in shit, pissed off, and the last thing i really want to hear is the BBI groupies defend BBI and tell me I'm ignorant and its all my fault.
Its probably best if this thread is just deleted.
I hope the fact that Turbo Tax abuses this shit helps you rectify this, but being what you call a "BBI Drone" has nothing to do with it. Being ignorant about the internet does though