My Ohm Account Hacked, then cashed out to an Amazon card!

JeffoffJeffoff Member Posts: 14
edited November 2018 in General Discussion
Hello all, On Nov. 13th, my OhmHour Account was hacked! I saw an email saying I requested a password reset. So I logged on to Ohm hour, and my password was the same as it was. I then checked my points and about 6500 worth was gone! I immediately notified Ohm, but as we all know responses come a day or so later. So days go by as I discuss this with an Ohm employee back and forth. Finally I learn from my own research that my points were converted to an Amazon Gift Card. So just now I tried to use that gift card code at Amazon, and that the code has already been redeemed! So I called Amazon customer Service and they said there is no way to see what was purchased or where it was sent to. Very frustrating as these situations need to be dealt with immediately, but due to this archaect communication set up, the thief is already done the harm and long gone. So be aware, check your accounts now and make sure your account points have not been stolen like in my case! Never let your points build up too, keep the balance low. I just sent this info to Ohm, but who knows when they will see it. Also, this all started after I bought a TPLink plug where they redeem $17.50 after you link your Kasa account and add the switch. Maybe that’s where the thief got my code? Who knows, but the TP Link Credit from Ohm was made on November 12, 2018, and one day later, my account was cashed out to an Amazon Card and card code immediately used. One other thing that is highly suspicious to me is, there was an email from Ohm sent to me saying my passcode request was received, yet when I logged on, it was not changed. I logged right in a day later with same code. So whoever hacked the account may if requested password change as a diversion. They had to of known my code, otherwise it would of been changed to their new code, right? So could this of been a hack from within either Ohm or Kasa? To get the TPLink refund I did have to re-link accounts to add the new switch. That involved me stating my passcode into Ohm again, and these two accounts did have the same passcodes on that date.

Comments

  • jserramcjserramc Member Posts: 351

    Wow, so many problems now to add this to it! years ago I was in a survey program and ahd about $50 saved in it. I went to log in and couldn't. I contacted company, they said I cashed out to pay pal and closed account. Back and forth, especially considering I did not have a Pay Pal at the time. contacted Pay pal they too said they could not see where it went. Survey company finally admitted there was a hack, reinstated my points. I officially cashed out a few weeks later. So frustrating. I hope you are able t resolve this!

  • SFPowerSaverSFPowerSaver SFMember Posts: 44

    The email you got about the requested password reset could have been a phishing email and not actually from OhmConnect. Did you click any links in that email? Do you think they were able to get your password that way?

  • JeffoffJeffoff Member Posts: 14
    I saw the Email day’s after the Account was cashed out. I never clicked on anything in the email when I finally opened it. I saw the title, and immediately went to log in Ohm, and my Apple saved login and passcode got me in! So the code was never changed! Yet some person had already cashed my balance to 0! That’s why I saw the passcode change email sent as maybe just a diversion. Because if my password really was changed, they never change it back to original right? After I saw my account was hacked, I did change my passcode direct through the Ohm website settings. No email was generated on my passcode change. Its done all through the website and doesn’t involve any emails between Ohm and the customer. So that’s why I think this might be an Ohm employee, or a Kasa Employee ( more likely) because this happened immediately after I linked my Kasa again to Ohm for a TP link promo credit. Anyhow to answer you question, I’m well aware of phishing emails and never click on links, instead I forward them to businesses abuse/ fraud Departments. Ohm on the other hand allows help requests to go unanswered for days! Weeks. They responded to only 10% of my help messages reagarding this! And responses are never focused on the issue and are vague and off topic almost from the seriousness of a security breach between Kasa and Ohm. By the way, I am not experiencing any other security breaches in any other accounts. But as a precaution I will be changing some codes.
  • cwiedcwied San MateoMember Posts: 141

    Is there any chance someone had access to your computer or phone to get on OhmConnect? This is not sounding like a remote hack. Given that you have a saved login, it would be easy for someone to get into your account if they had access to the browser you use to log in. They might have hit "forgot password" before realizing that you had a saved password.

    I would strongly recommend against saving passwords for any accounts that have any monetary value.

  • JeffoffJeffoff Member Posts: 14
    No, I access OHM only two places. From my phone, or my home computer which only I have access too. My 12 year old son has his own computer and phone, and never has any reason to use my computer. My wife only watches TV. Neither of my family members have stolen from me, nor has either hacked into any of my accounts. At the time of the hack, I used the same passcode for Ohm and Kasa. I have since changed both.
  • JeffoffJeffoff Member Posts: 14
    My help messages to Ohm are still unanswered! You folks responded faster and more frequently than Ohm has! That’s pretty sad!
Sign In or Register to comment.