Yesterday, September 28, I received an email telling me that they had made changes to my QRZ account. They had changed the password, but I was able to log in by requesting a new one. When I logged in I realized that I had no content on my blog, all my photos had been deleted and I only had less than a third of my contacts made. Fortunately they couldn't delete my records. I am manually recovering my recorded QSOs, however, I wonder if a backup of users is saved in QRZ and if this information can be recovered. How can we protect ourselves from these actions that harm us? Thank you. Julio OA4DXW
Thanks Dave, I already did that a few minutes ago. Thanks for the support. 73 cordial from OA4DXW, July
Same here, account hacked about one week ago, was able to recover my passwords, but that is it. All my record are gone and QRZ ,com have no backups.
Very unfortunate news. I had a spreadsheet record of all my contacts and I had to enter them in an ADIF file and then upload them to QRZ.com. Fortunately, my confirmations were not deleted nor were the few Awards that I had already achieved. For the rest I had to rebuild the blog and verify my information as a radio amateur. I recommend activating double-step confirmation in your access to QRZ.com, I feel a little more secure since I activated it. I hope you manage to restore most or all of your contacts. 73 cordials from Lima, Peru Julio OA4DXW
Where on the QRZ website is the place to change your password?? After seeing this thread, I thought I would strengthen my password as it is quite weak currently. A look on my QRZ account showed no easy way to change the password.
You can enter at the following link: https://www.qrz.com/page/site.html In the Support item, enter the Change Password option, from then on it is very simple. Good Luck, Success. Julio OA4DXW QAP
This is a good reminder we should save our sites especially if have lots of stuff on it like I do. I just saved my large QRZ page to my PC saving as HTML. If every hacked I think... I an easily just copy and paste lots of written stuff back in but may have to recreated the pictures? If hacker deleted the pictures would be gone, I believe - not an expert. the HTML copy would have the links to the actual pictures say in jpg format but would have been deleted on the QRZ server. For my about 15 websites the server saves as a tar file and I download them periodically in addition to backups on the server. Fortunately have never had to use them. I created first site many decades ago after reading "HTML for Dummies" and then created with Front Page. I have never tired to learn more modern coding and have never found a program as easy to use as the old, now long gone Front Page. I originally used OS/2 and Wang long before Windows had a GUI (just dos)
Let's be clear: you were "phished" and willingly handed your password to the scammer. Still bad of course - but "hacked" is a strong word - your account was never "hacked". It was taken over by a scammer to whom you handed your credentials. There's never been one documented case of a QRZ account being "hacked". But there have been hundreds of well-documented cases where a user was fooled into handing over login credentials. NEVER EVER enter your password into an email or text request dialog no matter how believable it might look - QRZ WILL NEVER ASK FOR YOUR PASSWORD that way and will NEVER send a message that says "please verify your account". Anyone seeing any message like this, whether by email, text, or some webpage outside of QRZ should immediately exit. And also to be clear: QRZ has 100% backups of the entire site - every byte - totaling petabytes of data. If the site were ever to fully go down (some sort of catastrophic failure with AWS servers - very very unlikely), the entire site would be restored from the backup. But USERS are responsible for keeping backups of their own personal data (logbook contacts specifically). It's not possible to parse out the logbook file of a single user (OK, it's possible - but is simply not a service QRZ offers). Your logbook data was not "lost". It was maliciously deleted by the Italian scammer whom you handed your password. He did it to be mean and nasty, knowing full well what he was doing. Who knows why - but that's exactly what happened - he even saw the warning that said "Deleting your logbook cannot be undone. Are you sure you want to do this?" and did it anyway. We just need to keep the terms clear - facts are important. Dave W7UUU
And, if you're already using it, adding 2-Factor Authentication with a phone/application 6-digit rolling code authenticator will stymie someone who steals or you give your password. It was briefly a requirement for posting on the Swapmeet section before the subscription requirement and closure of "wanted". It's slightly inconvenient once a month when my session expires. Not a big deal!
No, that's not correct. QRZ has never "required" users to use 2FA. This has been talked about, but the reality of getting compliance from hundreds of thousands of users, most of whom will never benefit from the security it affords, is pretty low. So it's never been made a requirement. You MAY be thinking of the "ID Verified" program QRZ had for a year. But that was not 2FA - it was an entirely different program and only ran for about a year. However, it's a VERY GOOD IDEA for all users to use 2FA!! Simply hover over your call sign on any Forums page, then scroll to "Second Factor Authentication" and follow the simple steps. You can use a cell phone or any one of the "Authenticator apps" out there - Google has a good one. The idea is the scammer might get your password (due to a phishing scheme) but unless they also steal your cell phone, they cannot log into your account. Dave W7UUU
Well, being "highly suggested" at the time for Swapmeet was where I started using it! I also use a forwarding address for my visible email so I can be more suspicious of things that come in direct on that. A bit of suspicion goes a long way with the internet these days.
Facts are top of the tree when it comes to stuff like this. I noticed a poster who wanted to change their password - never a bad idea - but it sounds pretty much like a waste of time in this case. I know a few people who have had stuff 'hacked' but not were actually hacked - they were all phished. Many people think you have to be dumb to give away your credentials, but I tend to disagree - you have to be dumb or technically dumb. A mate had his Whatsapp 'hacked' but it turned out he gave his details to scammers. Not a hack to be seen. His IQ is very high, MENSA high, but he was stupid anyway. I keep all my passwords in a Google sheet, but I'll post the one I use on this site here and now. FDat3(7) Of course that isn't my password, it's a reminder code so I know what the password is. I can keep that locally and on G-drive without the slightest risk of anyone working it out. To do so they need to know an old nom de plume I used 20 years ago, my doctor's telephone number from around the same time, and how my very strange head works. Dodgy emails informing me I have a package stuck somewhere, or my latest bank statement is ready get deleted instead of opened. Whatsapp numbers I don't know get ignored, and my phones are set so SMS messages don't leave a notification - I just dump the lot without reading them whenever I get around to looking at the titles. No porn, drug, or dating sites are ever opened on any of my devices, and anything that required payment to read is ignored. I was bad before the Bjorka / breach forums mess, but I'm even worse now. That site was an absolute eye opener for net security - the quick version of the hackers' manual is - Look for fools. The vast majority of hacks were easy to guess passwords like Password1. My portablw WiFi is named 'password is password1' I have hours of fun watching people try to use it. You can always tell because they hit their keyboard harder after each attempt to type in the password.
The phishing schemes are getting better all the time. Now they have much more realistic fakes of websites and services many of us use, and their English phrasing has become better. It even extends to seemingly innocent things like a fake notice of a delivery problem from a well known package service or the post office, but with them wanting information from you which the legitimate service would never ask for. Scammers like to target elderly people because (as a group) we are more likely to let our guard down due to technology ignorance and mental decline. Hams are generally older so we are in the prime target group. Be careful out there!
