Concerns with BMSBattery's Security

Good or bad experience with a vendor? This is the place to discuss it. READ THE RULES BEFORE POSTING HERE!
Post Reply
gutyex
1 µW
1 µW
Posts: 2
Joined: Sep 16, 2015 8:49 am

Concerns with BMSBattery's Security

Post by gutyex » Dec 21, 2017 8:47 am

I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.

dapuma
1 mW
1 mW
Posts: 10
Joined: Nov 15, 2017 4:57 pm

Re: Concerns with BMSBattery's Security

Post by dapuma » Dec 22, 2017 6:37 pm

That is usually something you shouldn’t worry about. A lot of websites, forums, etc do this. Unless it was emailed by an actual person, I wouldn’t worry about it. Most likely it is automated

Buk___
10 kW
10 kW
Posts: 717
Joined: Jul 28, 2017 5:59 pm

Re: Concerns with BMSBattery's Security

Post by Buk___ » Dec 22, 2017 8:49 pm

gutyex wrote:
Dec 21, 2017 8:47 am
I'm in need of some new parts for my bike, primarily a battery as it's several years old now. After some hunting around I found all the bits I need on BMSBattery.Com and signed up to place an order, but quickly had second thoughts when they e-mailed me the password I'd just set online in plain text.
This suggests a lack of security and makes me hesitant to order anything through them as I can't be sure they will keep my payment details secure. I've e-mailed them about this but received no reply yet.
Usual advice is: change your password as soon as you receive notification.

User avatar
Sunder
10 MW
10 MW
Posts: 2454
Joined: Sep 06, 2011 11:24 pm
Location: Sydney, Australia

Re: Concerns with BMSBattery's Security

Post by Sunder » Jan 11, 2018 4:16 pm

If you recieve a full or partial password, it means your password is not encrypted and visible to admins of the sites as well as any hackers who gain access to the site.

Ensure that the password is NOT used for any other account and especially your email. There are criminals out there who have "scanning lists". They know for example, that they will never break into a gmail account because Google's security is too good. Instead, they break into small shops and forums that don't invest in security at all. They get the email and password from the weak site, and try it against every other site on their scanning list like email, facebook, instagram, etc. To see if you reused the password.

If you have reused the password anywhere, change them all as soon as possible.
eBike: Q100H on 16S with Phaserunner FOC Controller
eMotorscooter: Vectrix VX-1 on 36S
eCar: Mitsubishi Outlander PHEV... Waiting for warranty to expire
eHouse: Still on grid, but with LTO batteries and 3kw LF inverter...

After 5 builds, the best advice I can give, is start with high quality products. I prefer http://www.ebikes.ca

User avatar
Sunder
10 MW
10 MW
Posts: 2454
Joined: Sep 06, 2011 11:24 pm
Location: Sydney, Australia

Re: Concerns with BMSBattery's Security

Post by Sunder » Jan 11, 2018 4:28 pm

Maybe this borders on paranoid, but I do work in cybersecurity/fraud prevention.

Imagine the password you set for BMSB was the same as your email and Paypal password. As Dapuma said, it was automated so no human has seen your password yet.

You order a couple high value goods and they're DOA. BMSB believes you're at fault and refuses any refund. You raise a Paypal dispute. Losing this money could wipe out all profits to BMSB. They can't afford for the Paypal dispute to go your way. So they retrieve your password and find it works on Paypal and your email! They log in, cancel the dispute, go to your email and delete all evidence that they cancelled it.

By the time you realise, its too late. Paypal says you cancelled it and refuses to start a new one.

This is all hypothetical of course, but possible any time you reuse a password with a site that doesn't care about security.
eBike: Q100H on 16S with Phaserunner FOC Controller
eMotorscooter: Vectrix VX-1 on 36S
eCar: Mitsubishi Outlander PHEV... Waiting for warranty to expire
eHouse: Still on grid, but with LTO batteries and 3kw LF inverter...

After 5 builds, the best advice I can give, is start with high quality products. I prefer http://www.ebikes.ca

Post Reply