SearchLight

Level 9
Verified
I was perusing Ebay and came across inexpensive offers for VPNS such as ExpressVPN and Nord compared to the regular purchase prices. I was wondering how they can be offered so cheaply. If they are unused credentials is one thing. If hacked, then how secure are these VPNS really if the info is readily available despite all the VPN security hype.
 

L0ckJaw

Level 11
Verified
Malware Tester
Was looking at the offers, and to be honest, i dont trust it. ExpressVPN has never offererd a Lifetime license.

This line in the sellers info :


2. How is it a lifetime key? This is because they are on subscription plans, which renews/recurs over a period of time.

Makes me not trust this seller. Looks to me he renews the license himself after a year, what will happen if he receives a lot of money and stops selling the item ? Better buy it officially at the ExpressVPN website.
 

permar4

Level 1
I saw nord accounts of 3 years for 5€... I find it very cheap and a seller asked not to change the password
 

Threadripper

Level 7
Scam Warning

Almost all are hacked accounts, hence why you're told to not change the password to not alert the real account owner. As so many people use said accounts, it doesn't take long for someone to change the email and password to their own and lock everyone else out, then the real owner contacts support and everybody loses out - but the scammers.

This is assuming the VPN company doesn't detect abuse first as so many people are using one account and outright ban it.

There's many examples on the Windscribe subreddit of accounts being hacked...

Example 1:
"18 minutes after you submitted your ticket, the person who hacked your account also submitted a ticket asking to change the username. Good thing you provided the license code as that's the only thing that proves you're the account owner."

Example 2:
"We disabled your account because your credentials were leaked online and your account was compromised. We wanted to prevent any further changes to the account as well as prevent abuse of our service so we temporarily banned it until you can set a new password."
 
Last edited:

SearchLight

Level 9
Verified
Figured as much but if Express and Nord are SO secure, how could these accounts have been hacked from their systems unless the owners themselves were hacked, and did not know enough to use secure passwords instead of easy to remember ones?
 

Threadripper

Level 7
Figured as much but if Express and Nord are SO secure, how could these accounts have been hacked from their systems unless the owners themselves were hacked, and did not know enough to use secure passwords instead of easy to remember ones?
Reused passwords 99.99% of the time, Windscribe refer people to HaveIBeenPwned after restoring access to their account and all examples I've seen have had (often several) pwned accounts.
 

L0ckJaw

Level 11
Verified
Malware Tester
Figured as much but if Express and Nord are SO secure, how could these accounts have been hacked from their systems unless the owners themselves were hacked, and did not know enough to use secure passwords instead of easy to remember ones?
I bet they have the account name and password from stolen mail accounts, and not from Express or Nord themself.
 

SearchLight

Level 9
Verified
I guess the moral is to get in the habit of using strong passwords wherever you can, as opposed to easy to remember ones. I use to do that until I educated myself more about online security. Started to use a Password Generator and Roboform or LastPass to remember them as they were complicated. Yes an inconvenience but a necessity for peace of mind.
 
  • Like
Reactions: venustus

Threadripper

Level 7
I guess the moral is to get in the habit of using strong passwords wherever you can, as opposed to easy to remember ones. I use to do that until I educated myself more about online security. Started to use a Password Generator and Roboform or LastPass to remember them as they were complicated. Yes an inconvenience but a necessity for peace of mind.
I think the complete opposite, the amount of times people (my parents for one) have to reset passwords because they forget them, yet they always use the same set of passwords is unreal. My memory is crap, remembering ONE password and using security keys for 2FA is way easier in every single way (other than setting it up, of course).
 
  • Like
Reactions: venustus

SearchLight

Level 9
Verified
I think the complete opposite, the amount of times people (my parents for one) have to reset passwords because they forget them, yet they always use the same set of passwords is unreal. My memory is crap, remembering ONE password and using security keys for 2FA is way easier in every single way (other than setting it up, of course).
Understand your frustration, and respect your opinion. I use Roboform to avoid the memory issues, too. One password to remember for me but many different ones employed on my other accounts to help deter info theft. Btw, I also got on the 2FA bandwagon with security keys.
 
Last edited:

Cortex

Level 11
I have been selling network gear, not so much now though for many years & still have 100% feedback, it's hard work keeping people happy - A 'friend' recently bought a cheap AV key off Ebay for a 3 year 3 user at a cheap price then found out it was a single user (what do you expect for a pittance - Doh) Anyway after contacting the seller he/she knew everything about Ebay policy & at the end he kept the single user key (for as long as it lasts that is)

But the seller had a large amount of products yet been a seller for a very few months & has already quite a few negative/neutral feedback & soon wont sell much at all because of this in time - Maybe been a seller for a while until the bad feedback builds up then on to a new account with the same keygen rubbish, fake accounts. I look for feedback & how long the seller been a member. If it's really cheap I feel it wont last?