Results 1 to 4 of 4

Thread: dry247's store may have been hacked

  1. #1

    Default dry247's store may have been hacked

    I run my own mailserver and make my own email addresses up as needed. Each business I email gets a different address to use with me. So if I get spammed or virus/phish emails, I know where they leaked, and can just disable the address if it gets annoying. (I don't have to cave and get a whole new email address if I can't stand the spam anymore)

    Anyway. My paypal address just got phished. I've had that happen a few times before, but I've never seen any hint of identifying information in the email. (I do a bit of forensics on them usually if I'm bored)

    THIS time however, I got a hit. The phish directs me to (the "click here to verify your account information") This link was hidden under two layers of armor to make it very hard for av/spam scanners to spot. It's very rare to see something this well obfuscated.

    I ordered twice from dry247 in june, and paid using paypal.

    I think it's safe to conclude they had a break-in and theft of information including at least some ordering information, including paypal address. And they did the unusual thing of hosting their phishing form on the same server they stole the data from. (they relayed the spam through another hacked server at

    That link is now displaying correct information, so they've probably caught and plugged the hole. But you might want to keep a closer eye on your paypal information for the next few months.

    I'd be curious to know if anyone else here gets one of these.

    EDIT... well I should have kept reading my mail. The very next one was an identical phishing message, sent to the email address I gave drycare for my order.... I'd say I've confirmed a hack beyond all doubt.

  2. #2


    As of this morning I've received two more very different looking phishing attempts to two different email addresses I have used with other vendors. In both cases, the attacks were very specifically customized to look like they came from the business I made the email address for. And in one case they used the exact same image link internally as I found in another one. I believe many of these are coming from the same group of phishers.

    My bet is that they've finally finished digesting all the data they stole from heartbleed and are using it for targetted phishing, sending phishing emails customized to the site where they stole the address from. Everyone should be very much on their guard for phishing emails in general over the next month or so. Anyone that doesn't really understand what this "phishing" is, should read up on it NOW.

  3. #3


    This is an interesting development, everyone kinda just forgot about heart bleed. I would warrent a guess that you're right though, and thanks for the advanced warning on this.
    I will be keeping an eye out for suspicious e-mails.

  4. #4


    I'll concur that dry 247 website was / is breached. I've had the same spam (although it was weeks ago), both for the PayPal and dry247 specific email addresses. On the bright side, they won't have credit card numbers since PayPal holds that data.

Similar Threads

  1. A little late but here is a Dry247 review
    By ForeverSmall in forum Diaper Talk
    Replies: 14
    Last Post: 07-Jun-2014, 00:58
  2. Dry247 Shipping times?
    By Knom in forum Diaper Talk
    Replies: 1
    Last Post: 19-Jun-2012, 03:51
  3. Dry247 or Molicatre SuperPlus?
    By bambinod in forum Diaper Talk
    Replies: 11
    Last Post: 26-May-2011, 02:27
  4. Dry247's backordered FARTHER
    By bambinod in forum Diaper Talk
    Replies: 20
    Last Post: 10-Jan-2011, 23:01
  5. compromised
    By bgi39jsjw0ggg in forum Diaper Talk
    Replies: 21
    Last Post: 08-Aug-2009, 20:33

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  • - the Adult Baby / Diaper Lover / Incontinence Support Community. is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.