Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 01-14-2020, 11:43 AM   #121
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,486
Quote:
Originally Posted by John Galt III View Post
Here's a question I have. I'm starting up membership in a new Credit Union. I just want a CD there. Would I be safer NOT setting up an online banking account with them, than setting one up which could be hacked? A hacker would need to get into my email account in order to set up the banking account.
Why can't the hacker just use your data where its stored? If Vanguard allowed me to run one SQL statement I'd make everything on their systems mine(I really would not attempt it as you will be found out, prosecuted and sent to prison).

Point is yes you could do that. It may not help depending upon how the hack is implemented.
__________________

MRG is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-14-2020, 01:39 PM   #122
Recycles dryer sheets
Kwirk's Avatar
 
Join Date: Mar 2006
Posts: 307
Quote:
Originally Posted by John Galt III View Post
Here's a question I have. I'm starting up membership in a new Credit Union. I just want a CD there. Would I be safer NOT setting up an online banking account with them, than setting one up which could be hacked? A hacker would need to get into my email account in order to set up the banking account.
Why would the hacker need to get into your email account? Will there be no snail mail?
__________________

Kwirk is online now   Reply With Quote
Old 01-14-2020, 02:46 PM   #123
Full time employment: Posting here.
ownyourfuture's Avatar
 
Join Date: Jun 2013
Posts: 881
Warning: Profanity
I love my smart phone & everything it can do, but when it comes to business, whether it be Fidelity, American Express, Banking, etc.
I'll do that at home on my iMac.


__________________
"No beast so fierce but knows some touch of pity, but I know none, therefore am no beast"
ownyourfuture is offline   Reply With Quote
Old 01-14-2020, 05:27 PM   #124
Recycles dryer sheets
Archman's Avatar
 
Join Date: Nov 2010
Posts: 86
Perhaps an account was set up my a secret benefactor. And now he/she will not be able to add to that account.
Archman is offline   Reply With Quote
Old 01-14-2020, 05:32 PM   #125
Recycles dryer sheets
Archman's Avatar
 
Join Date: Nov 2010
Posts: 86
Quote:
Originally Posted by littleb View Post
No money lost since I called within a few days of the Fidelity email.
Today, I saw on Fox Business News that Fidelity will cover your losses if you get hacked. I'm gonna have to check that out, since I have accounts with Fidelity.
Archman is offline   Reply With Quote
Old 01-14-2020, 06:11 PM   #126
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,486
Quote:
Originally Posted by Archman View Post
Today, I saw on Fox Business News that Fidelity will cover your losses if you get hacked. I'm gonna have to check that out, since I have accounts with Fidelity.
Fidelity, Schwab, and Vanguard all have about the same thing. They're the only ones I know of who can do that. Check out their website most of what they expect is common sense security things.
MRG is online now   Reply With Quote
Old 01-14-2020, 06:24 PM   #127
Recycles dryer sheets
 
Join Date: Aug 2013
Location: Pebble Beach & Merritt Island
Posts: 140
"I also have my password manager on my phone where you need to know the Master Password (20 characters)".



Want to say something about passwords here. Longer passwords do not mean better passwords. The best passwords pull from 4 character sets: a...z, A...Z, 0...9, $...&. A password that pulls from all 4 character sets (if allowed by the website) that is 8 characters long is better than a password that is twice as long that pulls from 3 of the character sets. No need to make long, complicated passwords. There is more to it, but will leave it at that.
gooddog is offline   Reply With Quote
Old 01-14-2020, 06:24 PM   #128
Recycles dryer sheets
 
Join Date: Oct 2016
Posts: 148
I just skimmed through the thread and I have to agree with the people that don't think this was a hack. It makes no sense to hack in like this and actually create an account. If I was a criminal I'd be trying to get money out as fast as possible if I had had gained access to the account.


Here's my best guess as to what happened:


Somebody decided to set up an IRA account at Fidelity before the end of the year and typo'ed an incorrect SSN. The incorrect SSN matched your SSN and got attached to your account since they probably index the accounts using SSN in their database (That would make sense to me since SSNs are supposed to be unique). They logged in using their own credentials and the fraud department saw a valid login in the logs and just initially assumed they logged in using your credentials. I'll bet they've figured it out by now but are likely waiting for a bug fix before letting you know what happened. Or they may not want to admit what really happened as security is always a sensitive area with financial companies.



There's probably another person that is wondering why their account was never set up properly.


Having worked for a software security vendor to large financial firms (although not specifically Fidelity) you won't believe how creaky some financial software is. A lot of it was originally well designed but as endless new features are hastily added over the years to compete with what other companies are offering the software gradually becomes unwieldy and in some cases downright incomprehensible - especially when many of the original programmers are no longer there.



Other possibilities that people have already mentioned that seem viable to me are employee data entry error or some obscure year-end software bugs.
NameRedacted is offline   Reply With Quote
Old 01-14-2020, 06:29 PM   #129
Recycles dryer sheets
 
Join Date: Aug 2013
Location: Pebble Beach & Merritt Island
Posts: 140
What NameRedacted ^ said. Think that is probably correct.
gooddog is offline   Reply With Quote
Old 01-14-2020, 07:34 PM   #130
Recycles dryer sheets
cranberryjoe's Avatar
 
Join Date: May 2013
Location: Western US
Posts: 164
Quote:
Originally Posted by gooddog View Post
Want to say something about passwords here. Longer passwords do not mean better passwords. The best passwords pull from 4 character sets: a...z, A...Z, 0...9, $...&. A password that pulls from all 4 character sets (if allowed by the website) that is 8 characters long is better than a password that is twice as long that pulls from 3 of the character sets. No need to make long, complicated passwords. There is more to it, but will leave it at that.
I disagree. Password length is extremely important even if you're using a complex password. An 8 character password can be cracked by brute force in hours, maybe minutes if the attacker is using today's fastest computers. Each additional character you add increases by an order of magnitude the time it takes to brute force a password.

Here is some password advice from ProtonMail https://protonmail.com/blog/how-long-should-my-password-be/ Later in the article they suggest 15 as the absolute minimum safe password length today. I've read the same advice at many other sites.
Quote:
There are two ways to make it more difficult for someone to brute force your password: make your password longer (by using more characters), and make it more complex (by using a greater variety of character types, like numbers and capital letters). Note, however, that length is much more effective than complexity at preventing a brute force attack.
__________________
Life is good
cranberryjoe is offline   Reply With Quote
Old 01-14-2020, 07:48 PM   #131
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
MRG's Avatar
 
Join Date: Apr 2013
Posts: 8,486
Quote:
Originally Posted by NameRedacted View Post
I just skimmed through the thread and I have to agree with the people that don't think this was a hack. It makes no sense to hack in like this and actually create an account. If I was a criminal I'd be trying to get money out as fast as possible if I had had gained access to the account.


Here's my best guess as to what happened:


Somebody decided to set up an IRA account at Fidelity before the end of the year and typo'ed an incorrect SSN. The incorrect SSN matched your SSN and got attached to your account since they probably index the accounts using SSN in their database (That would make sense to me since SSNs are supposed to be unique). They logged in using their own credentials and the fraud department saw a valid login in the logs and just initially assumed they logged in using your credentials. I'll bet they've figured it out by now but are likely waiting for a bug fix before letting you know what happened. Or they may not want to admit what really happened as security is always a sensitive area with financial companies.



There's probably another person that is wondering why their account was never set up properly.


Having worked for a software security vendor to large financial firms (although not specifically Fidelity) you won't believe how creaky some financial software is. A lot of it was originally well designed but as endless new features are hastily added over the years to compete with what other companies are offering the software gradually becomes unwieldy and in some cases downright incomprehensible - especially when many of the original programmers are no longer there.



Other possibilities that people have already mentioned that seem viable to me are employee data entry error or some obscure year-end software bugs.
That's a very plausible explanation. I spent a few years working around that "creaky financial software". "Quirks of operation" is preferred to "creaky", someone paid good money for that junk. Much was written back when development was rewarded for delivering efficient code.

Social security number is frequently used as a secondary index column in mutual fund software solutions. I'm not sure why typing any SSN would be allowed to freely traverse their database, maybe that is the bug? Who knows, it's amazing how people can take something so simple and convolute it all up.

I'd agree any fund/brokerage will understand exactly who did what if they want to. Certainly if they believe it's a hack there's logs to go through that break app's transactions down . Obviously their explanation will be cleansed by the right internal people.
MRG is online now   Reply With Quote
Old 01-14-2020, 07:52 PM   #132
Thinks s/he gets paid by the post
 
Join Date: Jun 2016
Posts: 3,268
The title should be changed on this thread to Fidelity Account Jacked.
COcheesehead is offline   Reply With Quote
Old 01-14-2020, 07:54 PM   #133
Recycles dryer sheets
 
Join Date: Aug 2013
Location: Pebble Beach & Merritt Island
Posts: 140
For those who doubt:


These two passwords are of equal length, but one has the additional character set of symbols. These are both being (theoretically) hacked with a super computer. The extra character set takes the same length password (10 characters) from 2 MILLENNIA to break to 121 MILLENNIA.


Of note, I was hacking systems for the government as far back as 1982.



PASSWORD with extra character set: T3535^hike


TIME TO BREAK

121:MILLENNIA
3:CENTURIES
3ECADES
7:YEARS

PASSWORD without extra character set: Fa38896j89
TIME TO BREAK

2:MILLENNIA
3:CENTURIES
4ECADES
4:YEARS
gooddog is offline   Reply With Quote
Old 01-14-2020, 08:52 PM   #134
Thinks s/he gets paid by the post
teejayevans's Avatar
 
Join Date: Sep 2006
Posts: 1,363
Quote:
Originally Posted by cranberryjoe View Post
I disagree. Password length is extremely important even if you're using a complex password. An 8 character password can be cracked by brute force in hours, maybe minutes if the attacker is using today's fastest computers. Each additional character you add increases by an order of magnitude the time it takes to brute force a password.

Here is some password advice from ProtonMail https://protonmail.com/blog/how-long-should-my-password-be/ Later in the article they suggest 15 as the absolute minimum safe password length today. I've read the same advice at many other sites.
You’re assuming unlimited tries, I don’t think any financial system would allow that. Usually they freeze account, sometimes for a period of time and sometimes requires you to call.
teejayevans is offline   Reply With Quote
Old 01-15-2020, 04:44 PM   #135
Thinks s/he gets paid by the post
ivinsfan's Avatar
 
Join Date: Feb 2007
Posts: 4,572
Quote:
Originally Posted by NameRedacted View Post
I just skimmed through the thread and I have to agree with the people that don't think this was a hack. It makes no sense to hack in like this and actually create an account. If I was a criminal I'd be trying to get money out as fast as possible if I had had gained access to the account.


Here's my best guess as to what happened:


Somebody decided to set up an IRA account at Fidelity before the end of the year and typo'ed an incorrect SSN. The incorrect SSN matched your SSN and got attached to your account since they probably index the accounts using SSN in their database (That would make sense to me since SSNs are supposed to be unique). They logged in using their own credentials and the fraud department saw a valid login in the logs and just initially assumed they logged in using your credentials. I'll bet they've figured it out by now but are likely waiting for a bug fix before letting you know what happened. Or they may not want to admit what really happened as security is always a sensitive area with financial companies.



There's probably another person that is wondering why their account was never set up properly.


Having worked for a software security vendor to large financial firms (although not specifically Fidelity) you won't believe how creaky some financial software is. A lot of it was originally well designed but as endless new features are hastily added over the years to compete with what other companies are offering the software gradually becomes unwieldy and in some cases downright incomprehensible - especially when many of the original programmers are no longer there.



Other possibilities that people have already mentioned that seem viable to me are employee data entry error or some obscure year-end software bugs.
Could be, but the odd thing is the zero balance.. one would something would have been deposited in a new account...the end of year really means nothing for an IRA..
ivinsfan is offline   Reply With Quote
Old 01-16-2020, 11:25 AM   #136
Recycles dryer sheets
 
Join Date: Oct 2016
Posts: 148
Quote:
Originally Posted by ivinsfan View Post
Could be, but the odd thing is the zero balance.. one would something would have been deposited in a new account...the end of year really means nothing for an IRA..

I imagine they they didn't deposit anything because they don't see the account. Only the OP is seeing the account?



It's all just guesswork on our end really since we have no visibility inside Fidelity's systems.
NameRedacted is offline   Reply With Quote
Extra Zero Balance Account for DW
Old 01-16-2020, 11:47 AM   #137
Moderator
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 5,736
Extra Zero Balance Account for DW

I thought nothing of it, but when I set-up DW's Fidelity, she got an 'extra' zero balance account. I didn't review the whole thread, but a few posts made me think this story might be relevant here.

DW had a tIRA and Roth for a long time at Fidelity, but no brokerage account and no money market account. She got a windfall sum that she didn't want to put in her normal spending account (gets no interest), so I opened a Fidelity brokerage account.

When "done", under the section "Investment Accounts", she now has "INDIVIDUAL - TOD" with a cash position (SPAXX**) and an equity position.

But also, and something I didn't specifically ask for, under a section called "Savings, Checking and Spending Accounts" is another "INDIVIDUAL - TOD" and it has a position "CORE**" with a description of "UNFUNDED CORE POSITION".

I'm not sure why this 'extra' account was added, but I didn't see that it was doing any harm.
sengsational is offline   Reply With Quote
Old 01-16-2020, 12:14 PM   #138
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Posts: 4,068
Quote:
Originally Posted by sengsational View Post
I thought nothing of it, but when I set-up DW's Fidelity, she got an 'extra' zero balance account. I didn't review the whole thread, but a few posts made me think this story might be relevant here.

DW had a tIRA and Roth for a long time at Fidelity, but no brokerage account and no money market account. She got a windfall sum that she didn't want to put in her normal spending account (gets no interest), so I opened a Fidelity brokerage account.

When "done", under the section "Investment Accounts", she now has "INDIVIDUAL - TOD" with a cash position (SPAXX**) and an equity position.

But also, and something I didn't specifically ask for, under a section called "Savings, Checking and Spending Accounts" is another "INDIVIDUAL - TOD" and it has a position "CORE**" with a description of "UNFUNDED CORE POSITION".

I'm not sure why this 'extra' account was added, but I didn't see that it was doing any harm.
That sounds like their cash management accounts, a brokerage account with a separate but related checking account. I have a few old ones and they screw up Quicken a bit. Probably a selection you made while opening the account, maybe by default.
Animorph is offline   Reply With Quote
Old 01-20-2020, 02:16 PM   #139
Full time employment: Posting here.
 
Join Date: Jun 2016
Posts: 975
Quote:
Originally Posted by sengsational View Post
I thought nothing of it, but when I set-up DW's Fidelity, she got an 'extra' zero balance account. I didn't review the whole thread, but a few posts made me think this story might be relevant here.

DW had a tIRA and Roth for a long time at Fidelity, but no brokerage account and no money market account. She got a windfall sum that she didn't want to put in her normal spending account (gets no interest), so I opened a Fidelity brokerage account.

When "done", under the section "Investment Accounts", she now has "INDIVIDUAL - TOD" with a cash position (SPAXX**) and an equity position.

But also, and something I didn't specifically ask for, under a section called "Savings, Checking and Spending Accounts" is another "INDIVIDUAL - TOD" and it has a position "CORE**" with a description of "UNFUNDED CORE POSITION".

I'm not sure why this 'extra' account was added, but I didn't see that it was doing any harm.

Nothing evil. Fidelity IRA's have a default investment called the CORE position. In some cases its FDIC insured bank. Sometimes the CORE investment can be changed, sometimes there are no other options available.
There are usually "learn more about CORE positions" links all over the Fidelity website.
https://www.fidelity.com/learning-ce...position-video
__________________

Spock is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Amazon Account Hacked DFW_M5 Other topics 13 10-25-2019 04:47 PM
Amazon Account Hacked SumDay Technology, Media & e-Gadgets 36 10-08-2019 08:37 AM
Transfer HSA account to my Fidelity HSA account fh2000 FIRE and Money 4 08-12-2019 12:27 PM
Which Facebook Account was Hacked? TromboneAl Technology, Media & e-Gadgets 14 07-29-2019 03:14 PM
Ronstar's account hacked? braumeister Forum Admin 7 07-08-2017 04:41 PM

» Quick Links

 
All times are GMT -6. The time now is 12:26 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2020, vBulletin Solutions, Inc.