New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
We're still investigating the situation, and these are isolated cases that are being promptly refunded.
You can't help but notice charges of several thousand euros; we need to be realistic about things.
"Isolated cases" of unauthorized multiple thousand euro charges being investigated for a week is crazy
Is this victim blaming, or are you referring to your company?
If you think we wanted to steal money from users, would we be here to respond or issue refunds?
This approach gives the impression that you are relying on individual reports instead of being transparent to your customers and prompting them to check their billing activity. Great
Like I said from the beginning, either you knew about it or you did not.
1. If you did know about it, you are a criminal.
2. If a criminal was using your company name, you probably are not a criminal.
3. If your company, you, is doing it AND you do not know about it, that is a HUGE RED FLAG for a tech company. This is arguably the most problematic possibility.
Anyone who ever had a card on file with DASABO, you better freeze/terminate that card immediately.
My daughter has leukemia, and our family is going through a difficult time at the moment. These extra headaches hit harder when time is precious.
How comes you did not notice transactions with way more money involved then your little scam house is making per year? Im dead honest mate, your arrogance has just fucked your business. Instead of doing the right thing, you opted the shit under the carpet method. Do you really think you are this much smarter then everybody else? Can you comprehend how fucking serious this is? Potential data leak, unauthorized transactions involving several Ks of € and you still act like a 18 years old putting on some deodorant in hopes his parents do not notice that he smoked? Pathetic.
This isn't about you wanting to steal. It's about being professional, transparent, and accountable.
Holy shit. You could have made hundreds of fraudulent charges to your customers. Just because the large ones were noticed doesn't mean many small ones have not gone un-noticed. You really need to find out how this happened and be transparent about what you're doing to fix it. There is at least some possibility that several people have colluded to process top-ups legitimately, then came on here and claimed fraud, but you better have iron clad proof if you're going to wash your hands of this mess. Occam's razor says this is coming from inside the house.
At this point, I honestly do not know what else we can say to reassure you. As already explained, it is technically impossible for us to access or store your card details in plain text, as all payment methods are handled through tokenization systems compliant with industry security standards.
This means that even in the hypothetical event of a data breach — which, at this time, is not the case, and for which we have found absolutely no evidence of intrusion into our systems — it would still not be possible for anyone to obtain the actual card details from our infrastructure. You can therefore rest assured that your card information remains secure and has not been exposed through our systems or accessed by third parties.
We are still carefully investigating what may have happened in relation to the reports from a limited number of users. At this stage, we have already identified all transactions involved: the total number of reported cases is extremely small, literally countable on two hands, and only a portion of those transactions were successfully processed. All confirmed unauthorized transactions have already been refunded.
What we will not do is invent explanations or speculate publicly simply to satisfy assumptions or online discussions. Our priority is, and always will be:
Ensuring that all customer data remains secure
Verifying that no data breach has occurred
Determining with precision what actually happened
Working directly with affected users and providing them with full support
If some people prefer to believe otherwise or create unnecessary drama online, that is ultimately their choice. I am personally handling this matter directly and am fully committed to providing maximum transparency, assistance, and support to every user who needs it.
@Dasabo At this point, I honestly do not know what else we can say to reassure you. As already explained, either your Stripe login is either compromised, or your stripe API keys are compromised, or your WHMCS is compromised and some bad actor is charging people's credit cards.
Shut your Stripe down, and then start "investigating"
It literally is worse than @Calin 22k drama. He at least was aware of whole situation, while @Dasabo is investigating it for a week since company was changed to new.
For me it doesn't look like it was a mistake/data breach or whatever else he will tell but rather planned action to exit scam/gather as much money as possible from people who won't complain on LET/LES/other forums.
Already done.
An exit scam with us present, refunds made, new company active etc... ok...
what NOW ? we cancel our services or wait and open PayPal dispute ? no PayPal ! sweet ! PULL OUT !
interesting.
so you could not have lost the CC data, because it is not stored with you, but still you (as in your system) charged clients for high amounts and some of those even went through.
while you claim 3ds and similar be in place, I would think this relies on the clients card being set up for it. so it is nothing you have full control over and that might be the reason some transactions actually were successful.
the more important here is that it seems that YOU actually received that money (and refunded).
so indeed this cannot be a case of lost data and someone externally trying to charge under your name.
the failure is in your system, which actually issues these charges.
so @FatGrizzly is right:
So have you sent out an email to all your customers about the unauthorized charge reports you've received from some of your customers, to ask them to check their bank accounts for any unauthorized charges from your company so you can investigate?
Never heard of them.
source: https://www.inforegister.ee/en/16941443-DASABO-OU/
Someone should ask the EE authorities to update the status to: In Creative Liquidation.
That's fine. Given how this has been handled and the lack of transparency, no one should trust them
We are writing to provide an official and transparent update regarding an incident involving unauthorized payment attempts that were detected on our platform in recent days.
Following an in-depth internal investigation, including technical auditing, log analysis, and comprehensive security reviews conducted as a top priority by our security and operations teams, we have been able to precisely identify the origin of the incident.
The investigation has confirmed that an internal collaborator, who until a few hours ago was part of our customer support department, misused their assigned access privileges by performing unauthorized payment-related actions against a very limited number of users, with the clear intent of causing significant financial and reputational harm to our company.
These activities were carried out within the timeframe between May 5, 2026, and May 8, 2026.
Immediately upon detection of the anomalies, Dasabo activated its emergency security protocols, taking the following actions:
The incident affected a total of 13 users. In 5 cases, payments were successfully processed; however, all affected amounts have already been fully refunded to the respective customers via their original payment methods.
We would like to emphasize that these transactions were only possible because the affected users had previously and voluntarily authorized and stored a recurring payment method within their Dasabo account. The unauthorized charges were executed through the creation of credit top-up invoices from the client area and the subsequent misuse of pre-approved payment methods.
It is critically important to clarify the following:
Thanks to the advanced fraud prevention mechanisms implemented through Stripe Radar, combined with our existing multi-layered security rules, we were able to rapidly detect abnormal activity and prevent further unauthorized attempts, significantly limiting the potential impact of this incident.
In parallel, we have already implemented additional enhanced security measures, including:
We fully recognize the seriousness of this incident and the concern it may have caused. At Dasabo, the trust and security of our customers are of paramount importance, and we do not take this matter lightly.
We extend our deepest and most sincere apologies to the affected customers and reaffirm our absolute commitment to maintaining the highest standards of security, transparency, and reliability.
We will continue to closely monitor the situation and fully cooperate with the relevant authorities to ensure that all responsibilities are appropriately addressed.
@angstrom
DAML when?
@Dasabo you should keep your writings shorter. The AI blown up stuff does not make you look better.
Here we go... how many people are you 'colaborating' with?
Why would someone from support create such invoices or charges? Doesn't make much sense, must have pissed them off hard core.
Probably should have removed access long time ago according to your precious 'protocols' , right?
If it's true there's certainly some juicy story behind this, which we sadly probably never get to hear...
@Dasabo Could you maybe direct your former support guy to this forum and tell him that people will be delighted to hear him vent his frustrations and wash a bunch of dirty laundry in public? If it's a good story i'm sure lots of people would lobby to get your suspension removed.
I don't want any pressure to lift the suspension; I'll defer everything to the administrators.
There's a specific reason why I've written several times in recent days that we were following the case closely, and the reason for not disclosing this information before now is because LET, like the internet, is public and therefore easily accessible and viewable by anyone. Unfortunately (and I understand), there are things that end users/customers can't understand because they don't own a company, especially when there are legal implications.
One thing is certain: we have a long legal journey ahead of us.
This story, in addition to causing significant damage to our reputation, has also caused us financial losses, fortunately limited and not critical for us due to the payment of fees for reimbursements, but it's obviously the right thing to do.
Please don't ask me about the legal aspects that will arise in the future, because it will remain an internal matter that must be discussed exclusively through the appropriate judicial authorities.
I can only tell you that our former employee has already apologized and briefly explained to us that what he did was due to internal disagreements resulting from misunderstandings (in my opinion, what he did is inexcusable, but we'll leave it to a judge to decide).
I can't place all the blame on him at the same time; it's also my fault, as I trusted a person who has worked with us for years and whom I've known for a long time. He turned a personal problem into a great loss for us. Everyone will pay the consequences for their own mistakes.
You are boring.
Why would i do that? I don't care even the slightest slice of a tiny bit. I want dirty laundry to go with my popcorn...
I think we will be the judge of that. We need to know the details and also an exact description of what they were wearing while being naughty.
I think you are being a little too soft here. Personally i would advise to hit them with a rusty pipe while cursing their ancestors.
LOL
Damn sounds like a shitty situation. At least your customers got there money back but you lost hundreds in Stripe fees and worse, reputational damage.
Ahem. Your loss is in hundreds and everyone who got charged are on atleast thousands.
Accept and own the mistake, you(essentially the company) fucked up, refund any pending transactions, write out an email to clients to check their bank accounts for any fraudulent ones from DASABO.
Also quite funny that the CS rep has billing level access. good ACL.