Discogs accounts are being hacked by sellers in Ukraine

My account was hacked last week. I am getting reports that several accounts have been hacked from the victims. The Modus Operandi is they sell high dollar items at just below market prices rounded to even $100 or $150 increments, example $300, $450, $700 etc. Free worldwide shipping. You cannot pay through the Discogs' system so they give you a direct PayPal address that is already set up as a "friends and family" payment. This way the victim has no recourse of getting their money back.
I am sure multiple thousands of dollars have been scammed from our community these last couple of weeks. Furthermore, negative feedback is left (of course) which impacts the true owner of the account once they can get it back. The merchandise is non-existent. It did not reside in my inventory. And, of course the scammers do how hold this inventory either. It seems that the accounts are shut down by Discogs once they find out. But in my account's case the scammer had free reign for 3 or 4 days and the "too good to be true" pricing (but still high dollar amounts) generated thousands of dollars in that short time.
There are so many red flags going off, but it is a numbers game and there will always be those who will fall for it.

Every discogs user please change your password NOW! When was the last time you changed yours? Protect yourself. Almost lost $$$ to this scam. And discogs ain’t doing shit either.

Lost money to this... an account named Tekwrx, i'm almost sure that that account has also been hacked.

When is Discogs and Paypal going to fix this?
I'm still trying to get my money back...

45nyc
Every discogs user please change your password NOW! When was the last time you changed yours? Protect yourself. Almost lost $$$ to this scam. And discogs ain’t doing shit either.

I changed my password on a few diff sites recently & discogs is the only one that doesn't send an email to say it's changed

also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

You don't know they're actually "in Ukraine", do you? They might be, but the main thing is that it seems like buyers are being scammed by being tricked into using friends and family payments. Friends and family payments are for people you know and trust and that sort of payment is not allowed on Discogs.

So many people sending f&f payments to a conflict zone.

https://www.discogs.com/sell/seller_feedback/tekwrx

brady

also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

https://support.discogs.com/hc/en-us/articles/4403461442317-How-Do-I-Set-Up-And-Manage-Two-Factor-Authentication-On-My-Discogs-Account-

Plastic-Man
brady
also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

https://support.discogs.com/hc/en-us/articles/4403461442317-How-Do-I-Set-Up-And-Manage-Two-Factor-Authentication-On-My-Discogs-Account-

thanks i'll look into that

I just reported this one -
https://www.discogs.com/seller/coldvinyls/profile

Story from Ukrainian pov - few weeks ago 2 of my colleagues received mails from discogs buyers - someone stole the well-known store names and used the afromentioned scheme (it did not actually work because buyers contacted the actual stores and stores are denied the existence of such records).

I am surprised Discogs still keeping this accounts live and will wait for support answer to highlight them, Discogs needs to have something like authenticity check for accs like these -

https://www.discogs.com/user/LongplayCom
https://www.discogs.com/user/dasojldasksdajklds

This is embarassing for us, and please do not think Ukrainians have actually something to do with this. Changing the country is pretty easy in seller settings, so everything we can do is frequently checking the list of new items in Ukraine and report the suspicious accounts to Discogs.

https://www.discogs.com/user/vinylakyiv

oh, another one.

GramRecordStore
Changing the country is pretty easy in seller settings

Yes, and Discogs exception allowing sellers in Ukraine to remain on the legacy payment platform should not apply to accounts where the address country has changed since February.

GramRecordStore
Story from Ukrainian pov

Out of interest, what payment methods are you using these days?

dunforthemoment
GramRecordStoreStory from Ukrainian pov

Out of interest, what payment methods are you using these days?

Out of context as well. All same, except Russian war here of course.

So PayPal is working for you?

Plastic-Man
brady
also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

https://support.discogs.com/hc/en-us/articles/4403461442317-How-Do-I-Set-Up-And-Manage-Two-Factor-Authentication-On-My-Discogs-Account-

Why does everyone assume I want to put another app on my phone? I do not use my phone for internet access. I have a laptop for this. Besides my phone is running at 80% storage capacity and it really has no room for more apps.

Anyway. Eventually sellers here will get their accounts back like I have. It sure would be nice if the negative reviews were removed. (Yes, I have requested mine to be removed, still waiting)

Kink1956
Plastic-Manbrady
also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

https://support.discogs.com/hc/en-us/articles/4403461442317-How-Do-I-Set-Up-And-Manage-Two-Factor-Authentication-On-My-Discogs-Account-

Why does everyone assume I want to put another app on my phone? I do not use my phone for internet access. I have a laptop for this. Besides my phone is running at 80% storage capacity and it really has no room for more apps.

yeah I should have said im on a PC not a phone, there is no option to set up on PC

No, I am saying that discogs' two step verification assumes I want to put their app on my phone. I am not criticizing you or your post.

How are these accounting being 'hacked'? Just weak passwords?

And yea, this completely sucks but...c'mon buyers...it's 2022. If you're sending hundreds of dollars to unknown people via PP F&F you kinda should know better.

As well as having strong passwords, Sellers should be checking their accounts daily - even if you're just a hobby Seller. These hackers are apparently taking advantage of Sellers with low or no activity. Only takes a minute to check if you've been hacked & then hopefully report before the scams occur.

https://www.discogs.com/user/VinylClub.ua

So, another one, logo of well-known store. I think after a few negatives it’s no use but anyway.

It is hard to believe how easily so many buyers are scammed with the friends and family ploy. Also isn't it amazing how many hard to find and expensive items priced below market suddenly show up on your "want list"? It seems like shooting ducks in a duck pond. Yes, I will be checking my account daily now. I am a hobbyist so I typically only visit my account if there is a sale or if I want to list another CD for sale.

Please let us be nicer to one another.

They may NOT be from Ukraine. They only set up the hacked accounts to say they are from Ukraine so as to get paid "friends and family" by supplying a direct paypal address. If you leave a loophole the size of an eye of the needle, scammers, lawyers and politicians (but I repeat myself) will be able to parallel park a freight train in it.

Kink1956
It sure would be nice if the negative reviews were removed. (Yes, I have requested mine to be removed, still waiting)

This can take a week or two at the moment. Seemingly they have quite a backlog to go through. Just be patient.

DarreLP
How are these account[s] being 'hacked'? Just weak passwords?

Likely.
There doesn't seem to be a lockout after x failed login attempts. So a bot could simply try over and over again until it gets there.

GramRecordStore
All same, except Russian war here of course.

Someone on another thread said that regular commercial Paypal payments don't work into Ukraine, so there's an error message. Is that right? I'm just trying to see how the buyers get persuaded to use F & F payment.

brady
Kink1956Plastic-Manbrady
also no option for 2-step verification, think they need to up their security measures, it's very basic at the moment

https://support.discogs.com/hc/en-us/articles/4403461442317-How-Do-I-Set-Up-And-Manage-Two-Factor-Authentication-On-My-Discogs-Account-

Why does everyone assume I want to put another app on my phone? I do not use my phone for internet access. I have a laptop for this. Besides my phone is running at 80% storage capacity and it really has no room for more apps.

yeah I should have said im on a PC not a phone, there is no option to set up on PC

This is how I did it on my PC:
Download and install Authy Desktop on your PC.
Go to the Discogs 2FA setup page on your account and copy the long string of characters under the QR code.
Go to the Authy app and click on the plus sign in the top right-hand corner and paste the string of characters into the box.
The rest is pretty straightforward.

Kink1956
No, I am saying that discogs' two step verification assumes I want to put their app on my phone. I am not criticizing you or your post.

sorry Kink1956, my not so clear post was agreeing with you, there should be more security features on this site for both PC & phone users, its standard on most sites now

loukash mentioned a good one above, "lockout after x failed login attempts"
or even an email to let you know somebody has tried to log in x amount of times

these should be priority for the developers instead of updating the youtube player

massenmedium
GramRecordStoreAll same, except Russian war here of course.
Someone on another thread said that regular commercial Paypal payments don't work into Ukraine, so there's an error message. Is that right? I'm just trying to see how the buyers get persuaded to use F & F payment.

Correct. To get PayPal business payment access in Ukraine you have to be officially registered as business, and this way you can work with US or EU PayPal business account, receive payments via Discogs and your buyers will receive PayPal protection.

Why people agreeing to do F&F I don’t know.

Yes, there are restrictions for Ukrainians in PayPal but most sellers from Ukraine anyway receiving payments via Discogs / PayPal business.

loukash
There doesn't seem to be a lockout after x failed login attempts

Hmm...yea, that seems bad. :/

oldschoolpunker1982
Scammers from Ukraine, I have heard it all now. I wonder if their proceeds are going into the war effort?

Possibly, or desperate people trying to feed their families as they have nothing left, or organised crime gangs exploiting the situation. In all likelihood its all of the above.

I've noticed a lot of former Soviet block sellers from countries such as Poland and Hungary offering friends and family payment discounts. Not a chance. Payment via PayPal Discogs link only for me.

Be careful folks. Use your savvy.

They rely a lot on volunteer helpers in the forums, but that doesn't always address issues.

Same scammer different country! Now as Belarus instead of Ukraine. https://www.discogs.com/sell/seller_feedback/dumping

It is probably a boiler room operation. This page would be more revealing:
https://www.discogs.com/seller/dumping/profile

45nyc
Same scammer different country! Now as Belarus instead of Ukraine. https://www.discogs.com/sell/seller_feedback/dumping

Kink1956
It is probably a boiler room operation. This page would be more revealing:
https://www.discogs.com/seller/dumping/profile

?

The page I linked shows his non-existent inventory. All the accounts that were hijacked have expensive LP and some CDs that are priced below market and when listed it shows up on want lists.

Kink1956
The page I linked shows his non-existent inventory. All the accounts that were hijacked have expensive LP and some CDs that are priced below market and when listed it shows up on want lists.

I'm sorry for trying to sell vinyls on a vinyl marketplace! Just because you used your profile to scam and then pretended you were "hacked" doesn't mean everyone does, stop projecting.

dumping
Just because you used your profile to scam and then pretended you were "hacked" doesn't mean everyone does, stop projecting.

Wow! That's pretty much as conclusive as it can be.

Is there any reason why you have determined the Original Poster (OP)'s post as a pretence under the guise of a "hacked" situation?

dumping
Kink1956The page I linked shows his non-existent inventory. All the accounts that were hijacked have expensive LP and some CDs that are priced below market and when listed it shows up on want lists.

I'm sorry for trying to sell vinyls on a vinyl marketplace! Just because you used your profile to scam and then pretended you were "hacked" doesn't mean everyone does, stop projecting.

Good luck with that. Tell me are you a one person operation or are you working with a team? I want to let you know your car warranty is expiring soon, and I can sell you an extension. Or maybe you would like to sell your house for cash, no closing costs. How about I send you a money order for your "vinyls" collection, in fact I will send you $1000 more than what you are asking. Just cash my money order and send back the $1000 in good faith and I will have someone come by and pickup the records later. I am a beautiful Russian woman looking to marry an old man who will treat me like a princess. Speaking of princesses, I am one from Nigeria. Just send me your bank account and I will help you invest to make a fortune. I promise I do not have herpes.

dumping
Kink1956The page I linked shows his non-existent inventory. All the accounts that were hijacked have expensive LP and some CDs that are priced below market and when listed it shows up on want lists.

I'm sorry for trying to sell vinyls on a vinyl marketplace! Just because you used your profile to scam and then pretended you were "hacked" doesn't mean everyone does, stop projecting.

Also your inventory looks familiar. How can it be hacked accounts tend to have similar inventory? Are these rare records not so rare in East EU?

Folks, if a rare record shows up on your want list and you go to purchase it, but cannot go through normal Discogs channels to pay, then the "seller" gives you a direct paypal address but it is set up for "friends and family" payment. There are some red flags you should be paying attention to. And paying attention is free.

Same thing is going on on some classified ads sites I frequent:
- Offering a popular and rare product under price (for example, the Beatles 2014 mono LP box).
- Accepting Paypal as payment.
- Using an Ukrainian PP account to deactivate Goods & Services, only offering Friends & Family instead.

massenmedium
GramRecordStoreAll same, except Russian war here of course.
Someone on another thread said that regular commercial Paypal payments don't work into Ukraine, so there's an error message. Is that right? I'm just trying to see how the buyers get persuaded to use F & F payment.

Yes that is exactly how this works (against me at least). After having used the platform to purchase an item and obligating myself to pay for the item via paypal, i went to use my paypal account as i have done for many items before, and the response was ""To comply with international regulations, this transaction has been declined"". Hmm...okay, so i decided to use my credit card to make my payment, and for some reason i get the same response "To comply with international regulations, this transaction has been declined". I have no idea what the fuck an F&F payment is, i just know i am obligated to pay this seller and so after multiple attempts to pay via discogs (both paypal and credit card), i log into my own paypal account and make the payment to this seller who has like 1400 feedback and was so kind as to provide their email address.
I renew my call to discogs to not allow sellers from Ukraine if there no way way to use discogs payment to system to comply with the buyers obligation to make the payment. In fact it is exactly this monkey wrench that allows the seller/hacker to pull this off.

I think it's foolhardy to ignore two warnings that you were about to do something shady with your own money. But Discogs probably have some responsibility here, and they have tried to do the "right thing" initially.

This would not be a problem for buyers if 1. They understood the concept of "too good to be true" and 2. NEVER send money Friends and Family. Look at paypals rules. If you send this method you will NOT have buyer's protection because the F&F method is exactly that. It is to pay your daughter for a graduation present, to loan your brother money for a car. Or to pay back your dad for the jamb he got you out of. It is NOT for services or merchandise. As for sellers who got their account hacked, well, that is something completely out of our control. It was not based on a bad decision. It happened because of a data breach or hacking of some kind. These hackers CLAIM to be from Ukraine. They could be from anywhere.

dunforthemoment
I think it's foolhardy to ignore two warnings that you were about to do something shady with your own money. But Discogs probably have some responsibility here, and they have tried to do the "right thing" initially.

Well thats kind of my whole point....if its "foolhardy" or "shady" to make a paypal payment to a seller from Ukraine, how in the hell does this platform allow a seller from Ukraine whose only payment method is paypal. The time to tell me such a thing is before the contract is entered into, not after. I reiterate, it is this opening, which discogs absolutely should fix, that allows this hack to work so well.

Is there anything you could have done differently in hindsight?

As for me as a seller? I COULD have been checking my account on a daily basis. I usually only sign on when I have a sale or if I want to list something. I did not sign on between June 5 and June 18, so the hacker had control of my account for at least a week before I signed on. But all these highend LPs at great prices show up on many people's want list notifications. People move fast like sharks to blood stumbling over each other to finally buy that elusive LP for a great price $400 instead of the usual $600 for example) and no not care HOW they pay, friends and family be damned. And some here say they don't even KNOW what friends and family entails. It means you will NEVER get your money back short of an INTERPOL investigation. Yeah, that will never happen.

I wouldn't be surprised if Interpol are interested in something of this scale, with the whiff of sanctions-busting about it.

Interpol agent: RED ALERT Discogs customers are being scammed, calling all cars, calling all cars be on the lookout for Snidely Whiplash hiding in his mother's basement with a fake offshore Paypal account.

It's organised crime using compromised computer networks, even if it does look a bit wanky when you examine it.

Yes, I was just interjecting a little levity. You are right, as I have said this is probably a boiler room operation that is hacking all sorts of websites and accounts and taking advantage of paypal's Ukraine policy at the moment. They get in quick and make loads of money in the 3-5 days it takes to temporarily take over the accounts before being shut down. Then it takes several more days for the REAL account owner to get his or her account back. And THEN they have to contact everyone to inform them what is going on. By then it may be too late to help some, but I know for a fact some have been warned in time BEFORE they made the payments. Then the latest step is to regain your reputation. Some of the accounts are current but inactive or abandoned. So sometimes the original owner may NEVER know their old account has been hacked. They either created a new account long ago, or they have left Discogs altogether having never shut down their account permanently.

DGF
massenmediumGramRecordStoreAll same, except Russian war here of course.
Someone on another thread said that regular commercial Paypal payments don't work into Ukraine, so there's an error message. Is that right? I'm just trying to see how the buyers get persuaded to use F & F payment.

Yes that is exactly how this works (against me at least). After having used the platform to purchase an item and obligating myself to pay for the item via paypal, i went to use my paypal account as i have done for many items before, and the response was ""To comply with international regulations, this transaction has been declined"". Hmm...okay, so i decided to use my credit card to make my payment, and for some reason i get the same response "To comply with international regulations, this transaction has been declined". I have no idea what the fuck an F&F payment is, i just know i am obligated to pay this seller and so after multiple attempts to pay via discogs (both paypal and credit card), i log into my own paypal account and make the payment to this seller who has like 1400 feedback and was so kind as to provide their email address.
I renew my call to discogs to not allow sellers from Ukraine if there no way way to use discogs payment to system to comply with the buyers obligation to make the payment. In fact it is exactly this monkey wrench that allows the seller/hacker to pull this off.

So it worked with my hacked account, too. I just got it back (EIGHT days after it was hacked), and the seller tried this trick for vinyls about a few thousand dollars. One guy paid, I am in contact with him. At them moment I can't list my inventory, because the account is still banned from Discogs, I think I have to wait another three or for days for answer. The worst thing is, that my inventory could be gone, about 1000 CDs and LPs I listed over the years.

mimer111de
The worst thing is, that my inventory could be gone, about 1000 CDs and LPs I listed over the years.

Haven't you ever exported your inventory?
https://discogs.com/users/export – also available via link at the bottom of https://discogs.com/sell/manage where you'd then reimport you spreadsheet.
Every seller should make a backup export a monthly habit.

loukash
mimer111deThe worst thing is, that my inventory could be gone, about 1000 CDs and LPs I listed over the years.
Haven't you ever exported your inventory?
https://discogs.com/users/export – also available via link at the bottom of https://discogs.com/sell/manage where you'd then reimport you spreadsheet.
Every seller should make a backup export a monthly habit.

No, I have to admit that I haven't. I never thought that hacking Discogs accounts could be interesting for anybody, so I didn't care much about safety stuff. My fault, I know. Every other shop and marketplace has a support which can help you inbetween minutes and can restore your data. I didn't think that support at Discogs is non-existent. Now I know better.

mimer111de
I never thought that hacking Discogs accounts could be interesting for anybody, so I didn't care much about safety stuff.

Opportunity makes a thief.

mimer111de
Every other shop and marketplace has a support which can help you […] restore your data.

Perhaps Discogs can as well?

mimer111de
I didn't think that support at Discogs is non-existent.

Well, it is, er… existent, but… yeah. I hear you. Just give them time and repeatedly insist on more thorough replies.

Sometimes it can also happen that archive.org has a few snapshots. Your page unfortunately doesn't: https://web.archive.org/web/*/discogs.com/seller/mimer111de/profile

At the end of the day, it's definitely better to be safe on your own than sorry later. We all can learn from our earlier mistakes. ;)

loukash
mimer111deI never thought that hacking Discogs accounts could be interesting for anybody, so I didn't care much about safety stuff.
Opportunity makes a thief.

mimer111deEvery other shop and marketplace has a support which can help you […] restore your data.
Perhaps Discogs can as well?

mimer111deI didn't think that support at Discogs is non-existent.
Well, it is, er… existent, but… yeah. I hear you. Just give them time and repeatedly insist on more thorough replies.

Sometimes it can also happen that archive.org has a few snapshots. Your page unfortunately doesn't: https://web.archive.org/web/*/discogs.com/seller/mimer111de/profile

At the end of the day, it's definitely better to be safe on your own than sorry later. We all can learn from our earlier mistakes. ;)

Discogs has about 50 paid employees. eBay has more than 13.000. I think you can't await miracles. I just researched these facts, didn't know them before. I think I will have to rebuild my account, and partitially, it is my own fault. As I am a business journalist, I will tell the story during the next few days in some german radio stations. Maybe it can help to speedup help or prevent further cases.

Please let us be nicer to one another.

oldschoolpunker1982
Just give to Ukraine is all I can add. Save democracy. Ben Stiller told Zelensky that Zelensky was his hero, I suggest everyone have this same attitude. I am considering donating my small collection to Ukraine so as to save our freedoms,. Save the world and support Ukraine, our governments say so. Also stop covid, take your boosters and wear those masks even while driving alone or when riding your bicycle in the rain. Do your part!!

lol

Someone's into the paint thinner again.....

Please let us be nicer to one another.

BLOCKED/IGNORED

Cheers! Have a great day!

Thank for all of the coherent responses.

Guess yours weren't coherent because you edited them all.

DGF
I have no idea what the fuck an F&F payment is, i just know i am obligated to pay this seller and so after multiple attempts to pay via discogs (both paypal and credit card), i log into my own paypal account and make the payment to this seller who has like 1400 feedback and was so kind as to provide their email address.

OK... well I get how they're doing it and not to blame you but -

Presumably (as in, this is how it normally looks) when you send the money to the email address you will have a choice of "sending to a friend" or "paying for something (this offers protection etc.)".

You're "obligated" to pay but the only possible consequence of not paying would be a negative feedback mark. But Discogs forbids using friends and familly payment so if that's all the seller can accept you're not obliged to pay at all and any negative feedback would be almost certainly removed by Discogs.

massenmedium
DGFI have no idea what the fuck an F&F payment is, i just know i am obligated to pay this seller and so after multiple attempts to pay via discogs (both paypal and credit card), i log into my own paypal account and make the payment to this seller who has like 1400 feedback and was so kind as to provide their email address.
OK... well I get how they're doing it and not to blame you but -

Presumably (as in, this is how it normally looks) when you send the money to the email address you will have a choice of "sending to a friend" or "paying for something (this offers protection etc.)".

You're "obligated" to pay but the only possible consequence of not paying would be a negative feedback mark. But Discogs forbids using friends and familly payment so if that's all the seller can accept you're not obliged to pay at all and any negative feedback would be almost certainly removed by Discogs.

Well thats very interesting. I just read the terms of service (for the very first time) and it says "Users can pay with PayPal in all countries worldwide, except Israel and Turkey." which clearly is a lie because the only method i was able to use paypal to make a payment to Ukraine was apparently some secret way which doesnt give me protection and everyone in here is shitting on me as some evil TOS violator. (Actually i was just the victim of a scam....but OK).

Bonus, nowhere in the TOS does it say a thing about Paypal with your friends and family, whatever that is, can you point to the language forbidding this?

On a happy note i just received a notice from Paypal that my money was returned.

DGF
nowhere in the TOS does it say a thing about Paypal with your friends and family, whatever that is, can you point to the language forbidding this?

We recommend that You review the terms and conditions for the payment provider You select to understand Your rights and responsibilities pursuant to that payment provider. In all cases, users will be transferred to the payment provider’s website to authorize their payment.

DGF
i get the same response "To comply with international regulations, this transaction has been declined"

etc

Ok now i see. Paypal TOS says "You must not use the “send money to a friend or family member” feature in your PayPal account when you are paying for goods or services."

So to recap: Discogs TOS says "Users can pay with PayPal in all countries worldwide, except Israel and Turkey." The buyer obligates themselves to pay for a good and attempts to use Paypal to make a payment to a seller in a country that isnt Israel or Turkey. (In this case Ukraine) Paypal wont do the transaction via normal paypal payment or credit card claiming "To comply with international regulations, this transaction has been declined". Paypal's own TOS says "You must not use the “send money to a friend or family member” feature in your PayPal account when you are paying for goods or services."

I once again call for Discogs to not allow sellers from Ukraine (or better yet hackers claiming to be from there) because it is legally impossible to comply with the Discogs/Paypal TOS to pay for the goods.

You're not in Ukraine, technically. Did you expect them to have worded it well though?

Hope Discogs programmes Multi-factor Authentication MFA ASAP

Ideally they could verify if sellers that claim to be located in Ukraine are business sellers. They could also block accounts that have changed location to Ukraine since February. Otherwise blocking accounts with the location set to Ukraine outright would be the only way to completely protect buyers from the scammers, but that's obviously very unfair to actual sellers in Ukraine and not a good look for any company.

Again though, you're not actually legally obliged to complete an order. You have the right to cancel it. Negative feedback isn't a legal consequence.

Kip_Drordy
SpareGroovesDiscogs website needs a Multi-factor Authentication MFA ASAP

+ 1

When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping, have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

A factor in authentication is a way of confirming your identity when you try to sign in.

Let's say you're going to sign into your work or school account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!

But if you have multifactor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.

The extra security comes from the fact that somebody trying to break into your account is probably not using your device, so they'll need to have that second factor to get in.

100%

Collectively we've all got some learnings to onboard for the go-forward.

DGF
Ok now i see. Paypal TOS says "You must not use the “send money to a friend or family member” feature in your PayPal account when you are paying for goods or services."

So to recap: Discogs TOS says "Users can pay with PayPal in all countries worldwide, except Israel and Turkey." The buyer obligates themselves to pay for a good and attempts to use Paypal to make a payment to a seller in a country that isnt Israel or Turkey. (In this case Ukraine) Paypal wont do the transaction via normal paypal payment or credit card claiming "To comply with international regulations, this transaction has been declined". Paypal's own TOS says "You must not use the “send money to a friend or family member” feature in your PayPal account when you are paying for goods or services."

I once again call for Discogs to not allow sellers from Ukraine (or better yet hackers claiming to be from there) because it is legally impossible to comply with the Discogs/Paypal TOS to pay for the goods.

Sellers actually from Ukraine can sell using our legacy platform. But *any* sales that complete off of Discogs.com are in violation of our seller terms of service. So, If a seller asks you to complete off-site via PayPal or any other method, Just Say No.

I never thought I'd unironically quote Nancy Regan. Well, it's been one of those apocalypses.

Any payment method other than PayPal would be off-site on the legacy system, wouldn't it? Although that's moot in the case of the scammers as they only seem to be requesting PayPal payment anyway.

As DGF says, buyers are left unable to pay, the only legit option they're given is one that doesn't work, intentionally so in the case of the scammers.

A new one here: https://www.discogs.com/seller/Vlad.A/profile#

45nyc
A new one here: https://www.discogs.com/seller/Vlad.A/profile#

Is this thread made to report everyone from certain countries because "reasons"? I have never dealt with you

Vlad.A
45nycA new one here: https://www.discogs.com/seller/Vlad.A/profile#
Is this thread made to report everyone from certain countries because "reasons"? I have never dealt with you

No, but you very much appear to be one of the people who is scamming people..... a Beatles UK demo 45 for $500 or best offer? Really? Every one of your listings is hundreds of dollars, all are extremely rare, all are free shipping, all are 'rounded up' to the nearest $100. And you've just "re-appeared" after a few years with no sales..... red flags everywhere here!

And Fresh Air for only $6000.... perfect. Or Nothing for only $2500. What could go wrong?

mimer111de
days in some german radio stations.

"Wytch" radio stations please?

GramRecordStore
I just reported this one -
https://www.discogs.com/seller/coldvinyls/profile

Story from Ukrainian pov - few weeks ago 2 of my colleagues received mails from discogs buyers - someone stole the well-known store names and used the afromentioned scheme (it did not actually work because buyers contacted the actual stores and stores are denied the existence of such records).

I am surprised Discogs still keeping this accounts live and will wait for support answer to highlight them, Discogs needs to have something like authenticity check for accs like these -

https://www.discogs.com/user/LongplayCom
https://www.discogs.com/user/dasojldasksdajklds

This is embarassing for us, and please do not think Ukrainians have actually something to do with this. Changing the country is pretty easy in seller settings, so everything we can do is frequently checking the list of new items in Ukraine and report the suspicious accounts to Discogs.

It's sad good Ukrainian people are being used and abused for the last 100 years by the Bolshevik-Marxist / Zionists. God bless you.

Kink1956
oldschoolpunker1982Just give to Ukraine is all I can add. Save democracy. Ben Stiller told Zelensky that Zelensky was his hero, I suggest everyone have this same attitude. I am considering donating my small collection to Ukraine so as to save our freedoms,. Save the world and support Ukraine, our governments say so. Also stop covid, take your boosters and wear those masks even while driving alone or when riding your bicycle in the rain. Do your part!!

lol

LOL LOL He's trolling - but who would listen to an Actor(s) shill to begin with . Zelensky and Stiller together again !

pinkindustries
mimer111dedays in some german radio stations.

"Wytch" radio stations please?

SWR Aktuell, SWR1, SWR DasDing, to name a few.

———————————————————

pburns3
(removed by user)

It is really unwise to openly admit you breached the rules of a site on its forum.

It's against advice to but I don't think Discogs would penalise a buyer for paying outside Discogs, especially if it's because the "seller" tried to scam them. No need to cause them further concern!

I get it. Just trying to help anyone else in a similar situation.

Blackpapercrown
It is really unwise to openly admit you breached the rules of a site on its forum.

I believe I've just encountered one. I've committed to buy the item but not paid for it yet. Awaiting some photos... The seller's site is in Germany, with a latin pseudo and has reacted on some of his feedbacks to spanish speaking buyers/sellers in spanish and now he says he's Ukrainian. What a blend EH ! When I'll know if he's a scam that hacked that seller's site I'll report it, name and shame on here as well and cry for the bargain I've missed that never existed in the first place.

hello everyone my account was usurped today July 9, 2022, my real name is edwin alcarraz perez, I'm from Peru, I don't know how they did it but today I was able to see my discogs page with a different name: Olena123, and with email: olshklia @outlook.com
before my nick was "insurreccion" and my real email was [email protected]
if there was any scam it was while I was sleeping, I take advantage of the time change. I couldn't do anything, I already warned everyone now.
I warn you so you don't get scammed.
I do not speak English, only Spanish

Kink1956
My account was hacked last week. I am getting reports that several accounts have been hacked from the victims. The Modus Operandi is they sell high dollar items at just below market prices rounded to even $100 or $150 increments, example $300, $450, $700 etc. Free worldwide shipping. You cannot pay through the Discogs' system so they give you a direct PayPal address that is already set up as a "friends and family" payment. This way the victim has no recourse of getting their money back.
I am sure multiple thousands of dollars have been scammed from our community these last couple of weeks. Furthermore, negative feedback is left (of course) which impacts the true owner of the account once they can get it back. The merchandise is non-existent. It did not reside in my inventory. And, of course the scammers do how hold this inventory either. It seems that the accounts are shut down by Discogs once they find out. But in my account's case the scammer had free reign for 3 or 4 days and the "too good to be true" pricing (but still high dollar amounts) generated thousands of dollars in that short time.
There are so many red flags going off, but it is a numbers game and there will always be those who will fall for it.

hello everyone my account was usurped today July 9, 2022, my real name is edwin alcarraz perez, I'm from Peru, I don't know how they did it but today I was able to see my discogs page with a different name: Olena123, and with email: olshklia @outlook.com
before my nick was "insurreccion" and my real email was [email protected]
if there was any scam it was while I was sleeping, I take advantage of the time change. I couldn't do anything, I already warned everyone now.
I warn you so you don't get scammed.
I do not speak English, only Spanish

Got it the first time thanks.

I was hacked as well on July 8 2022. I'm up in Canada and the internet company I use was down for the entire day. I finally was able to sign on and saw about 20 new items for sale on my account all with the $500 $1000 $2000 prices. I sent a ticket to discogs as my password has been changed but I still had access to most features on here and was able to shut down most of the issues.
Just looked on my account again (July 10) and they are able to link their paypal account to my discogs account. Since my password has been changed, I can't remove [email protected] from here. At least this time they didn't try listing anything as I can still shut that down

Just found a different email address on my account of [email protected]. Haven't heard back from discogs about this yet. Hope they do soon as I can't keep up with this. I also realized they changed my account name from fuzzyt to fudzi.

All of you guys whose accounts have been compromised (and in fact anyone else as well) should look up https://haveibeenpwned.com if your mail addresses or passwords are listed in any of the known data breaches.

But as already noted above, I strongly suspect weak user passwords being the primary source for these "hacks" in the first place. Learn from that, guys!

hello everybody, I have been hacked too since last night.

my profile used to be djRebus but the scummer changed the name, adding _records onto it.
then he changed also password and email, so even if I managed to login somehow I couldn't change anything as both of changes are chained.
I mean if you want to change password, they will send the instructions into the fake email given by the imposter.
If you want to change email, you need to place the hidden new password.

So how the hell we are going to retrieve our profiles?

Another one?

https://www.discogs.com/seller/ErikMusicOne/profile

ATLRecordBoy
Another one?

https://www.discogs.com/seller/ErikMusicOne/profile

Can confirm. Almost got scammed by this account earlier this week.