I was a long time SMSDiscount member until today. I had a credit of 10Euros of which I only used 8 and that was six months ago. Well a few days ago I noticed that someone logged into my account and used all of my credit by calling some numbers in Uganda and such.
I got concerned not only about the used credit, but because someone knew my password! I contacted support about it, and I immediately shared all the information I had. They reply 3 days later with the following sentence:
"Please change your password. Also change the password of your e-mail address and sip device. Never use the old password again and never share your login details with anybody."
I have never shared my password, and I have never used the login details I used for my smsdiscount account anywhere else. I told them that and how I believe it's most likely their fault (a breach in their database or someone brute-forced my account) and they reply the following:
"Most likely your e-mail account has been hacked but we are not responsible for the fact that your account got hacked. We are not intimidated by your threats, we advise you to have an expert look at your computer and firewall."
Now I'm a computer technician for 20 years and I have never been humiliated in this way.
1. They suggest that my email got hacked. If my email WAS hacked, the "hacker" would have reset the password of my SMSDiscount account in order to gain access to my SMSDIscount account, but instead the password was NEVER changed! It was the very first I entered when I created my SMSDiscount! Then again if my email got hacked, SMSDiscount was going to be the last thing a hacker would look for.
2. I'm a reseller of Kaspersky and Avast antiviruses. I also setup routers with firewalls to customers. That's what I do for living. And they suggest that an expert should take a look at my computer, what a joke.
3. And if I had some kind of a keylogger on my computer to capture my smsdiscount login details, how could he do it when I did not login into my account for more than 6 months?
4. They didn't even offer me a log file of the "mysterious hacker" to help me in my investigation. That was the least they could do. Nothing, Na-da.
What I think it's most likely that happened:
1. Someone bruteforced my account and gained login, but the "support" (notice the quotation marks) didn't want to tell me that and instead blame me thinking that I'm just a regular stupid client not knowing anything about computers.
2. Someone hacked into their database and stole login info, but they won't tell so they don't lose their reputation.
3. I had unused credit and never logged into my account for 6 months. They thought maybe this guy won't ever use his credit again, let's give his login details to someone else, maybe he will come back to buy more credits.
Anyway, I'm very disappointed from a company of that rank. I thought there are no glitches there, but I guess international crisis hit them hard. Now I'm not sure if my paying details are compromised. If the person who breached into their database could stole my login details I'm sure he didn't stop there. He might have my payment details as well. That means changing my credit card.
BE AWARE OF THIS COMPANY, DO NOT GIVE THEM YOUR DETAILS! THEY ARE NOT SAFE!