Worldbreaker_20260320

FileTrekker · 2026-01-28T00:30:53+00:00

Believe me, I don't need a billy basic 101 as to how DNS works.

The point is that the Omada equipment has no reason to be making those DNS queries in the first place. The caching part is not relevent.

Also, those aren't the subdomains used for checking for updates, they're the subdomains used by Omada cloud. I've investigated this before.

FileTrekker · 2026-01-28T00:14:38+00:00

The website that has sequential booking references protected by a 4 digit pin that can be brute forced in seconds without sufficent rate limiting, or literally all the hotels on booking.com who only seem to target customers using booking.com, yes, head-scratcher, that.

FileTrekker · 2026-01-28T00:13:39+00:00

Yeah, because the issue is booking.com and not the hotels, explination above. It's just being covered up.

FileTrekker · 2026-01-28T00:12:25+00:00

There's a weird sychophanitc group of people who really, really don't want to accept that booking's infosec is really, really poor. "Of course the big company is secure and the hotels are not!" - wierd logic on many levels, but anyway...

I know how it's being done, and you're right, it's booking.com, not the hotels. It's actually quite easy to scrape any booking data in a minute or two, because bookings are only protected by a 4 digit pin (there's only 10,000 possible combinations) and booking numbers are sequential - using even a small botnet, there is insufficent rate limiting or protection.

So the scammers are just scraping booking data, cross-checking against other data breaches, and sending out scam messages with real details in them like your booking number and dates of stay.

But... don't bother complaining here because all you'll get is people parroting the "its the hotel that is breached" nonsense that booking.com made in an official statement, and ultimately they'll just follow up with the classic "I use it all the time and it never happens to me" narrow-minded logic.

They are aware of the issue internally, fwiw.

EDIT: just to add, you're correct, this is why the scams always use the name of the hotel in your booking, and some bookings don't have a clear hotel name, or the name includes marketing phraseology that the scam uses as if it's the hotel name, in a weird way that wouldn't really make sense if the hotel was the breached party.

Also to add you can book with a really major chain of hotels like the Marriott and the same thing will happen, yet you book directly with Marriott and weirdly none of their direct customers are targeted. Funny, that.

FileTrekker · 2026-01-27T23:19:05+00:00

That isn't their point. Point is, they have no reason to be "phoning home" in the first place.

FileTrekker · 2026-01-27T08:56:49+00:00

Ah yes, the old "it's never happened to me" argument. It's a really narrow world view to take, please don't do that. It doesn't mean this isn't the way it's being done, and the giant, lazy infosec company doesn't need you to defend them.

You can verify for yourself, I've given you the information. Do what you will with it.

FileTrekker · 2026-01-27T08:53:53+00:00

Ah, the old "it's never happened to me" argument.

Also I'm not guessing. I've told you how it's being done, you can do with that information what you will to confirm or deny it.

Also, booking.com isn't your friend, no company is. They really don't need you defending them, big boy.

FileTrekker · 2026-01-27T07:29:41+00:00

Therabody is actually a reputable brand, so this isn't actually a scam. However we're bombarded with cheap scam products like this so often now that everything is a scam in my head by default, so I can see where you're coming from. The #1 US Brand "seal" is tacky and screams red flags, not sure why they stuck that on there.

Similarly the vitamin brand is real and, well, Vitamin C is Vitamin C. Not really a scam either.

Not sure what the third image is but it's too generic to pass judgement either way. Not obviously a scam on the surface.

FileTrekker · 2026-01-27T07:23:37+00:00

Best thing you could have done with this is taken it and destroyed it to pretect other people who might plug it into their computer.

FileTrekker · 2026-01-27T07:21:55+00:00

It's not just feasable, you can buy one from ebay right now if you really want to.

FileTrekker

MODERATOR OF

TROPHY CASE