Well fuck!!!  Looks like my SA account has been hacked again.  My forst clue was receiving a msg from them saying my account was incomplete.  Turns out 3 out of my 4 profile pics were gone. WTF?  Then today I satarted receiving messages for females saying I just texted you.  Which I diod not.  Went to my sent file and found a long list of identical messages to many SBs, which I did not send!  Plus a msg from Admin saying: You've sent too many messages, too quickly, and must wait up to 24 hours before you can send them again. If you believe you've received this message in error, please reach out to customer support.

I have reached out to customer support, but damn this is distressing!

This is right out of the Twilight Zone!  

 
I'll be interested in seeing what Cust Spt has to say.  

 
Life is good

 
The Cat

I don't know how this is happening.  Just curious to know if your password is strong.  Maybe there is a key logger in your device or computer?

Weird that someone is hacking into your account trying to meet SBs as you.  

Hope this gets resolved.

Thanks Carl.  I don't know what a key logger is.  But my password is pretty obscure.  Maybe I'll change it anyway.

I'm not sure an obscure password is the same as a strong password.  A strong password would be like $w33tMan$!24%.

A keylogger is a spy program that records all of your keystrokes.  So, if someone installed something like that...well they would know everything you've typed including passwords.   There are programs that can detect and remove keyloggers.  Who knows if that's what's happening.  

Good luck.  

I'm not going to search the old posts just now, but weren't there suggestions to ask SA about two-factor (sometimes called multi-factor) authentication? After you enter your password (first factor), SA sends a message or code to another registered device, e.g., your cell phone, asking you to enter the code in the phone text message (second factor) or hit "Yes, it's me" on the phone (second factor) to confirm it's you. A hacker would have to not only know your password but be able to spoof your phone number which sounds like a federal offense.  
.
There are also hardware security devices, such as a physical USB dongle or hasp that must be connected to the USB port on the computer accessing the host (SA) site.  
.
Maybe I'll search and repost later.
.
In the meantime, weren't you also concerned that the hacking or disruption was happening within SA itself ... that is, without a hacker logging into your account but some higher level hacker inside SA messing with accounts?
.
DOES ANYONE KNOW IF SA OFFERS 2FA (two factor authentication) or other security options?

EDIT: Here's the old thread from April 2023:  
http://www.theeroticreview.com/discussion-boards/the-erotic-highway-20/i-could-use-some-help-seriously-37420

-- Modified on 8/20/2024 5:32:12 PM

Found this:

"New Security Protection Enabled: For your security and protection, we have updated our security some customers have noticed when they use an incognito browser or a VPN that deletes browser history you will be required to verify ownership with each login attempt. We recommend using 2FA by using Google Authenticator. This will trigger a verification code that you can easily retrieve from Google Authenticator on each login and will secure the account."

 
Sorry to push this extra tech burden on you, Papa Sweet. But I think you will need to implement some must-have tech to protect your account going forward.  

 
Ok, so what this means:  
1. Figure out how to use "incognito" mode on your browser. Or install a VPN (Virtual Private Network) on your PC. I recommend Proton VPN (as in proton mail). See link.  
2. Download and create an account on the Google Authenticator app (iPhone and Android).  It's free.  
3. Set up 2FA (Two Factor Authentication) on Seeking using your (new) password and your fresh Google Authenticator code.  
4. ALWAYS log in to Seeking in incognito mode, or always use VPN when logging in.

Thanks so much for all the suggestions.  The odd thing is that I did enable 2FA last time, and according to my profile settings, it's still enabled.  But I have never been asked for my login credentials or required to provide a code sent to my phone.  When I use SA, on any of my 3 devices, I just click the seekings icon and it takes me directly to my account on the splash page, no login required.  So what is the point of enabling 2FA if they don't use it when I access the site?

My wife thinks I should change my password, right now.  But won't that make me look like the bad guy trying to hide my tracks?

I have messaged seekingsupport 3 times already, no reply except an auto reply saying they usually respond within 12-24 hrs.  That was 2 days ago.

My profile now has 141contacts on the Interests tab, none of which I initiated.

I guess protecting my account going forward is a very good idea.  But I am the victim here.  And I can't believe I'm the only one.  Can't Seeking fix the problem, identify and punish the perpetrator?  Ok now I'm whining like a baby.

Depending on what I hear from Seeking, assuming they eventually respond, I'm already resigned to having to create a new profile.  Again!!  I will def use a VPN, it's something I know how to do.  And I will enable 2FA.  I have no clue what Google Authenticator is, but if I use a VPN then I don't need it, right?  Did I read your advice correctly?

Does anyone else have physical access to your three devices? e.g. housecleaners came by and found the phone unlocked on the kitchen counter.

It could be a hardware level keystroke logger OR someone has compromised your email and is able to login to your SA account using the login code SA sends via email.  

It's difficult to ensure a compromised email account and device are cleaned up completely.

My recommendation here is to get a new device, sign up for a new proton email and new SA account, use those only on the new device, use biometric authentication to restrict access to your new device, have auto-lock enabled on your new device, and don't click on any links sent to you in messaging apps like WhatsApp, email, Line etc.

And since this is an ongoing problem for you, I recommend you change every month.  

 
You can generate a list of random-ish passwords and keep that list on another device or on paper in a locked container.  Use the free password generator app on your PC linked below.  Generate a password, then copy and paste it to a list.  

 
Once your password is hacked, it doesn't matter what device is used to access it. So changing your password will at least present a monthly barrier.  Seeking Admin will not think you are the "bad guy" for implementing a recommended security protocol.  Every site on the planet with a Security FAQ page will suggest changing your password in unpredictable ways often.  

 
By unpredictable, I mean don't go from:  
Password1sweet to Password2sweet to Password3sweet, etc.  

 
Something like this is better: @uTF3d8e&#*9x2

 
Life is good

 
The Cat

URGENT EDIT: Do not "log out" until others post advice. If someone has your password and has been in your account they might have changed your password to one that you do not know. ("oldpwd" changed to "newpwd"). If the problem is "keep me logged in" and SA has been keeping you logged in, once you log out you will have to log in again. If the password was changed and you don't know it ("newpwd") you are locked out! While you are still logged in, can you check your Account Info for additional emails or phone #s that have been added? Does SA have "Primary email: ..." "Secondary email ..."?? Is there anything fishy there?  OK ... back to the original version of this post:
.
Does SA have a "Keep me logged in" checkbox somewhere on the login page or account settings? Be sure to uncheck it.  I'm attaching an image which reminds me to ask: Are you logging in via Facebook or Google or other non-SA account name? Don't! Use credentials that are unique to SA. If your "real" gmail is "sweetman at gmail ..." don't click on "log in with google." Go to the SA login and type in sweetman (If that's your login name) and then type in your password (and, I hope, then get a 2FA signal and continue from there). [To clarify: entering "sweetman" as a login name is NOT the same as logging in via google which puts "[email protected]" as the login name.]
.
When you "quit" a session on SA do you actually "log out" or "quit" or whatever the SA version is or do you just close your browser? On TER, you hover over your login name (upper right on my PC / browser; sometimes a yellow-orange background on my PC). There is a drop down with three lines (at least for me):
TER Member since ####
Account
Log out   ------------------------------------ the important one!!!
.
Most other sites have something like that under "Account" "Username" or similar. BE SURE TO CLICK "LOG OUT" when you leave SA. Just closing your browser doesn't log you out and when go back to SA ("I just click the seekings icon" on your computer) it connects you, recognizes the cookies and other info on your computer, and you are IN without having to LOG in.
.
TURN OFF "Keep me logged in" or "Stay logged in."  Always "Log out" when leaving an SA session.

-- Modified on 8/21/2024 1:33:19 PM

Thanks for all this advice Imposter.  Partly too late I'm afraid.  My wife thought I should log out, which I did.  Bad idea.  Now I can't get back on SA from my PC.  I still can get on from my laptop or my phone though.  Weird.

Back and forth on TER is too slow. I think you need an on-site, sitting next to you or on the phone with you, security helper. The Q&As should be quick and easy but each step and decision is based on the A to the previous Q. You are "public" with your wife about SA. Are you comfortable with a security pro helping you with your SA account?
.
E.g., you logged out of SA from your PC. Now you can't log back in. Does that mean you entered your username and (old) password? What was the error message? "Wrong password"? (More Q&As ...) I think that means that SOMEBODY changed your password and now you don't know what it is. Many websites have the "I forgot my password" feature that lets them, first, authenticate you ["last 4 digits of the CC you have on file?", your pre-registered challenge Qs, assuming the hacker didn't change them: "name of your first pet?" ...]. Then, they wipe out the (current, forgotten) password, and send you a temp password to log in and REQUIRE you to change the temp password to a new, personal, secret password. ... But it's hard to help you or talk you through each step via the TER boards.  
.
Depending on what the hackers did (did they add a phone number and an email to your account?, did they change your "challenge Qs"? etc.), this can be fixed, I hope, in 10 minutes or, maybe one hour.  
.
Worst case for you might be to ask SA to completely obliterate your old account -- COPY or DOWNLOAD your important stuff - names, contact info, etc. of your preferred SBs using your STILL WORKING laptop account -- and create a new account. Use a different name: sweetman becomes sweetmen123 or something simple but different.  
.
How do you pay for SA? I figured you might have a CC on file with the account. Once you are sure want to shut off the hacked account, be sure to remove that CC first or tell them (SA) not to charge that CC or tell your bank (CC) to block SA charges. No pay, no play! Once the hacked account is in arrears, nobody can use it until paid up. **IF** the hackers are having fun and feeling desperate, MAYBE they will try to pay for the membership and then they might be exposed (unless they an anonymous payment method -- does SA accept gift cards or money orders?  
.
Seriously, if you can afford being "outed" to a security pro (make them sign a CDA?), they can probably fix this for you in an hour or less. How do you get a legit, safe security pro? Do you have a lawyer? Ask their office who they use for IT security and who isn't an undercover cop or blabbermouth.  
.
GOOD LUCK!!

IF someone got too much info about your account to let them hack it ... HOW did they get your old password (if that's the issue)? Did you ever let anyone use your computer? Either at your home: THEM:"Can I check my email from your computer?" Sweetman:"Sure, it's on the desk way over there!" [then they click on the automatic "SA icon" and, somehow, fiddle with access while you aren't looking. Your nephew? The kid from down the street who mows the lawn for you? ...] Do you keep your passwords on a post-it note on your computer monitor that anyone can read and copy down? BAD IDEA!!  
.
Did you ever bring any of your devices to a repair shop or lend your laptop to anyone who might have clicked on the "SA icon" and hacked away?  
.
Do you use a STRONG password or did a hacker (any hacker, even in North Korea or Moscow) just guess it using an computer program. Kind of like the old AOL passwords: paper-orange, wheel-potato, LUCKY-HACKER, ... .  
.
I repeat myself (a lot), but I think a security pro can get you through this interactively and set you up to keep it from happening again.  That means not just securing the ACCOUNT but also securing the three devices (PC, laptop, phone) to make sure they are properly set up to stop YOU from accidentally sabotaging your own account! No more "automatic" log ins, 2FA properly installed, etc..

I thought of another "thing" to try to check. All of this is in your email, NOT on SA itself.
.
1. I will pick an account, any account.  Not SA or TER but my library account or my on-line shopping account or even another email account (impposter@yahoo). When I change a password on ANY of my various accounts, I GET AN EMAIL AT THAT ACCOUNT'S REGISTERED EMAIL (impposter@gmail) warning me that "Your password on your library.org account has been changed. If you did not change your password, contact us immediately ..." or similar message.
.
2. What email do you use on your SA account? Let's call it "sweetman@gmail." Do you remember getting a "password changed!" warning email? Do you KEEP your SA emails or read-and-flush? Go back and search (use your email search function; they vary; search for "from: [email protected]" or whatever it is and "Message body: password or passwd (or however they abbreviate it)"
.
3. Do you find ANY "password changed" alerts? How recent? Keep those emails and give the dates / times to SA when the time comes to reach out to them again.
.
OK. Back to surfing ...