DISH Hacked - Websites are BACK ONLINE!

[Josephinelcajon]

Since the hack has anyone been answering this number?

Only number I ever used is 800-333-3474

 

[vtsat]

Only number I ever used is 800-333-3474

I tried calling both numbers. They have the same recording and wait times. (66 mins) Last week when I called they said the wait time was 23 minutes and it took me well over an hour to get through. The woman that answered the phone said she worked in retention but she was on the standard line to help customers. Unfortunately she couldn't help because she said she couldn't get into any of the accounts and told me to try calling back this week. However, she couldn’t guarantee me they would be able to get into the accounts this week either.

 

[HipKat]

Someone correct me if this has been updated , (888) 496-1260

It's not currently in service

 

[Szumi]

I didn't realize that Dish had a problem until three days ago when I went online to pay my bill. Isn't there requirements to notify customers when there is a data breach? I've seen nothing.

This morning I had an email saying I have an appointment to change out my equipment. I never made an appointment.

11 am while I was at work, dish came, dish went.

A little while ago I get an email saying stay tuned, a tech is in the area and is going to call to change out equipment. I'm in no hurry, when they change out the LNB, I doubt they can get signal, the dish will need to be moved and the ground is frozen still.

I didn't bother call them to say don't come, I figured it would be pointless given their problems.

 

[drwatson618]

It's not currently in service

When I spoke to retention on Sunday, he told me to call back to finalize my cancellation on 3/26. The number he gave me was (888) 383-2309, but that number doesn’t seem to be working.

 

[Josephinelcajon]

I didn't realize that Dish had a problem until three days ago when I went online to pay my bill. Isn't there requirements to notify customers when there is a data breach? I've seen nothing.

This morning I had an email saying I have an appointment to change out my equipment. I never made an appointment.

11 am while I was at work, dish came, dish went.

A little while ago I get an email saying stay tuned, a tech is in the area and is going to call to change out equipment. I'm in no hurry, when they change out the LNB, I doubt they can get signal, the dish will need to be moved and the ground is frozen still.

I didn't bother call them to say don't come, I figured it would be pointless given their problems.

They can move the dish without going inside but can not do any work without someone over 18 present the entire time. If you can try calling in the middle of the night.

 

[Almighty1]

Its very interesting and the timing as well.

Works the same way before you sue someone, you do a asset search to see what they are worth. If they are worth $0, no point in suing them as you will get $0. So it's better to target companies that you at least know what they have in assets especially when it's a public traded company who has $4.7 Billion for market capitalization who makes $17.9 Billion in revenue annually.

 

[Almighty1]

This is why I keep saying that this was Dish Network’s version of 9/11. A full blown terrorist attack.

I wouldn’t feel so secure about banks, either. I forgot which one it was but the largest Ransom paid was $40 million by a bank.

But they have gone after smaller companies and smaller entities like our US marshals office. I bring that one up a lot because it was in the media. They went after some Catholic church association or something like that.

I found a generic list with some other information about that group

KEY DETAILS​

• Prominent Threat: In just two months, the Black Basta gang has added nearly 50 victims to their list as of the publishing of this report, making them one of the most prominent ransomware recently.
• Targets VMware ESXi: Black Basta’s Linux variant targets VMware ESXi virtual machines (VMs) running on enterprise Linux servers.
• High Severity: The Cybereason Nocturnus Team assesses the threat level as HIGH given the destructive potential of the attacks.
• Targeting English-Speaking countries: Black Basta specifically targets the following countries: United States, Canada, United Kingdom, Australia, and New Zealand.
• Targeting Wide Range of Industries: Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers and more.
• Human Operated Attack: Prior to the deployment of the ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack.

Banks can afford it as State Street for example has $43.7 Trillion in client assets, $40 Million is just going to be a tax write-off for them and really just pocket change as they get fined way more than that by the government.

As for all the ones who got ransomware or hacked, they all run Linux or Windows which is just popular but not the best when it comes to security as the most secure OSes are variants of BSD which includes OSX as that's FreeBSD based.

 

[Almighty1]

Question??? By CSR working from home make the hacking easier? Or no difference? I can see both being possible.

Well, to get between point A being home and DISH itself requires going through many public networks so anyone between point A and point B can use whatever data is there.

 

[Almighty1]

I understand your concern. I did use it and did not get any email from Dish. My bank did confirm the payment was made to Dish. I suggest use your banks Bill pay for the safest way to pay.

The safest is really to use a credit card because if the money reaches the wrong hands, it's on the banks liability and not you as this is protected by federal law but every major credit card network has zero liability protection and you also get to keep the money in your hands longer while earning around 4.5% in annual interest. If you write a check or even use Bill Pay, if the check is cashed, it is no longer the banks problem as the loss will be on yourself.

 

[Josephinelcajon]

The safest is really to use a credit card because if the money reaches the wrong hands, it's on the banks liability and not you as this is protected by federal law but every major credit card network has zero liability protection and you also get to keep the money in your hands longer while earning around 4.5% in annual interest. If you write a check or even use Bill Pay, if the check is cashed, it is no longer the banks problem as the loss will be on yourself.

Bill pay is a debit from your checking and in the case of Dish and Bank of America the bank electronically sends it to Dish. The bank then is 100% liable for ensuring your payment is made to Dish

 

[Josephinelcajon]

I would think Dish has made sure this temporary payment method is ultra safe.

 

[Almighty1]

Bill pay is a debit from your checking and in the case of Dish and Bank of America the bank electronically sends it to Dish. The bank then is 100% liable for ensuring your payment is made to Dish

Bill Pay is all paid by CheckFree now known as FiServ which is used by a majority of the administration and management of Bill Pay for most banks, the bank itself does not even deal with the Bill Pay itself as that is all handled by FiServ. For some payments, if a mailed check is involved, FiServ sometimes will use Northern Trust as the payer of the check instead of the financial institution you are using. As far as liability is concerned, this is the standard clause with all Bill Pay as I have close to 100 accounts with different banks and brokerage firms:
"Liability for Bill Payment Services. If we do not complete a transfer to or from your account on time or in the correct amount according to our agreement with you, we will be liable for your actual losses or damages. OUR SOLE RESPONSIBILITY FOR AN ERROR IN A TRANSFER WILL BE TO CORRECT THE ERROR AND IN NO CASE WILL WE BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES. In states that do not allow the exclusion or limitation of such damages, our liability is limited to the extent permitted by applicable law. The bank will not be liable for the following:
1) If, through no fault of ours, you do not have adequate funds in your account to
complete the transaction, your account is closed, or the transaction amount
would exceed your credit limit on your line of credit, if applicable.
2) If you used the wrong access code, or you have not properly followed any
applicable computer, or bank user instructions for making transfer and
Bill Pay transactions.
3) If your computer fails or malfunctions or the phone lines or bank
computer system was not properly working and such problem should have been
apparent when you attempted such transaction.
4) If circumstances beyond our control (such as fire, flood, telecommunication
outages or strikes, or equipment or power failure) prevent making the
transaction.
5) If the funds in your account are subject to an administrative hold, legal process,
or other claim.
6) If you have not given the bank complete, correct, and current
instructions so the Credit Union can process a transfer on Bill Pay.
6 | Page
7) If through no fault of ours, a bill payment transaction does not reach a particular
payee due to changes in the payee address, account number, or otherwise; the
time you allow for payment delivery was inaccurate; or the payee failed to
process a payment correctly, or in a timely manner, and a fee, penalty, or
interest is assessed against you.
8) If the error was caused by a system beyond the bank’s control such as a
telecommunications system, an Internet service provider, any computer virus or
software related problems for software not provided by the bank.
9) If there are other exceptions as established by the bank from time to
time. "

So #7 above would apply to DISH in this case since they aren't providing any form of receipt of the payment itself and would have released the bank from all liabilities. And since they knew DISH was hacked, they can easily used the statement provided by DISH that they were unavailable and wouldn't be liable.

 

[Josephinelcajon]

Bill Pay is all paid by CheckFree now known as FiServ which is used by a majority of the administration and management of Bill Pay for most banks, the bank itself does not even deal with the Bill Pay itself as that is all handled by FiServ. For some payments, if a mailed check is involved, FiServ sometimes will use Northern Trust as the payer of the check instead of the financial institution you are using. As far as liability is concerned, this is the standard clause with all Bill Pay as I have close to 100 accounts with different banks and brokerage firms:
"Liability for Bill Payment Services. If we do not complete a transfer to or from your account on time or in the correct amount according to our agreement with you, we will be liable for your actual losses or damages. OUR SOLE RESPONSIBILITY FOR AN ERROR IN A TRANSFER WILL BE TO CORRECT THE ERROR AND IN NO CASE WILL WE BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES. In states that do not allow the exclusion or limitation of such damages, our liability is limited to the extent permitted by applicable law. The bank will not be liable for the following:
1) If, through no fault of ours, you do not have adequate funds in your account to
complete the transaction, your account is closed, or the transaction amount
would exceed your credit limit on your line of credit, if applicable.
2) If you used the wrong access code, or you have not properly followed any
applicable computer, or bank user instructions for making transfer and
Bill Pay transactions.
3) If your computer fails or malfunctions or the phone lines or bank
computer system was not properly working and such problem should have been
apparent when you attempted such transaction.
4) If circumstances beyond our control (such as fire, flood, telecommunication
outages or strikes, or equipment or power failure) prevent making the
transaction.
5) If the funds in your account are subject to an administrative hold, legal process,
or other claim.
6) If you have not given the bank complete, correct, and current
instructions so the Credit Union can process a transfer on Bill Pay.
6 | Page
7) If through no fault of ours, a bill payment transaction does not reach a particular
payee due to changes in the payee address, account number, or otherwise; the
time you allow for payment delivery was inaccurate; or the payee failed to
process a payment correctly, or in a timely manner, and a fee, penalty, or
interest is assessed against you.
8) If the error was caused by a system beyond the bank’s control such as a
telecommunications system, an Internet service provider, any computer virus or
software related problems for software not provided by the bank.
9) If there are other exceptions as established by the bank from time to
time. "

So #7 above would apply to DISH in this case since they aren't providing any form of receipt of the payment itself and would have released the bank from all liabilities. And since they knew DISH was hacked, they can easily used the statement provided by DISH that they were unavailable and wouldn't be liable.

I am still reading but BoofA so far feels different

Bank of America | Online Banking | Service Agreement

www.bankofamerica.com

 

[Almighty1]

I would think Dish has made sure this temporary payment method is ultra safe.

It's not a temporary payment method. DISH Billing for statements had always been provided by CSG and the temporary payment method apparently is just the standard DISH One Time Payment system which is also provided by CSG as well. The only issue is does the temporary payment method actually compare the account number and name entered with a database or does it just accept any account number and any name which if someone mistypes something, they will receive the money but it will never be credited to the correct account. CSG is the same company used by Comcast/XFinity and Spectrum who provides the billing. The statements from DISH and Comcast looks almost identical in the format and even the account numbers all start with the number 8.

 

[Josephinelcajon]

I am not too worried as the American Girl said a while back if you can use my credit to get anything then you have better luck than me! My entire income is SSD fully protected and guaranteed I typically have no more then $5.00. Within a hour of getting my SSD I have paid it out.

 

[Almighty1]

I am still reading but BoofA so far feels different

Bank of America | Online Banking | Service Agreement

www.bankofamerica.com

Read under section 3 and it will state:
"Under our Online Banking Guarantee, if we fail to process a payment in accordance with your properly completed instructions, we will reimburse you for any late payment fees. As indicated above, some payments may be made by a personal check. Since we can't predict the exact date that a personal check will be presented to us for payment, please make sure you have sufficient funds in your account beginning a few days before your scheduled delivery date and keep such funds available until the payment is deducted from your account."

So they are only liable for processing the payment which does not ensure receipt of the receiving party as it's still up to the other side if they choose to deposit the payment or not. All they need to show is they sent the payment but until the other side acknowledges it as received and charge late fees for it being late, they aren't liable if the other side claims they never received it.

 

[Josephinelcajon]

Read under section 3 and it will state:
"Under our Online Banking Guarantee, if we fail to process a payment in accordance with your properly completed instructions, we will reimburse you for any late payment fees. As indicated above, some payments may be made by a personal check. Since we can't predict the exact date that a personal check will be presented to us for payment, please make sure you have sufficient funds in your account beginning a few days before your scheduled delivery date and keep such funds available until the payment is deducted from your account."

So they are only liable for processing the payment which does not ensure receipt of the receiving party as it's still up to the other side if they choose to deposit the payment or not.

Which in the case of Dish is a electronic payment. I have used it before and they were paid the next day by transfer

 

[Almighty1]

Which in the case of Dish is a electronic payment. I have used it before and they were paid the next day by transfer

Electronic payment only means the bank sent it, it does not indicate DISH actually received it until DISH states it was received. Merrill Lynch which is part of Bank of America Corporation bill payment to Bank of America is also electronic but they can pay on the same day and on the BofA side, even though the posting date is always one business day after the scheduled payment date, the transaction date will always be 2 business days before the actual scheduled payment date.
This is actually what Merrill Lynch's Bill Pay agreement actually says and Merrill Lynch has more weight than one would believe when it comes to Bank of America as before Bank of America buying Merrill Lynch, Bank of America, NTSA which is better known as Bank of America in California basically had California and other states unable to see each others systems as if you are non-California and walk into a California BofA branch, they cannot see your accounts. Same issue with Bank of America California customer visiting a BofA in another state. Merill Lynch fixed this problem on May 16, 2012 when they had all the systems upgraded as NationsBanc did nothing after buying Bank of America over 10 years prior. Merrill Lynch has this in their Bill Payment Agreement:
"THE SERVICE GUARANTEE
Due to circumstances beyond the control of the Service, particularly delays in handling and posting
payments by Payees or financial institutions, some transactions may take longer to be credited to your
account. The Service will bear responsibility for any late payment related charges up to $50.00 should a
payment post after its Due Date as long as the payment was scheduled in accordance with the guidelines
described under "Payment Scheduling" in this Agreement.

EXCLUSIONS OF WARRANTIES
THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE."

 

[Josephinelcajon]

Electronic payment only means the bank sent it, it does not indicate DISH actually received it until DISH states it was received. Merrill Lynch which is part of Bank of America Corporation bill payment to Bank of America is also electronic but they can pay on the same day and on the BofA side, even though the posting date is always one business day after the scheduled payment date, the transaction date will always be 2 business days before the actual scheduled payment date.

Yes it would debit the next day and Dish notified me the following day so about 48 hours