Estimated time to resolve the problem?

Could someone estimate a term to resolve the security problems?

I just talked to OEC, and they say that until they have the OK from C2, do not enable the accounts traded.

Someone knows how this process can take? I believe that as users are not being fully informed of the progress of C2 about it, but I assure you that arrival dates are the charges made in their bank accounts.

Hi, Damian -

I apologize for the lack of clarity.

Rather than post inaccurate information, though, I’d like to confirm a few things before I make an estimate about the date that AutoTrading restarts. I don’t think it will be long, but before I make an estimate on this forum, give me until the end of the day to get some more information from our broker partners and consultants.


Although I still don’t have definite information, I hope to deliver sufficient information to our broker partners by Thursday. At that point, it will be up to them to restart trading, but I am hopeful there will be no delay. I will keep everyone posted here.

Thanks Matthew

Hi Matthew,

I was wondering if it still looks like Thursday to resolve the current situation. Also, I just received my new credit card - is it safe to put the credit card information in Collective2 at this point? Please advise.


Jeff Green

Alguna noticia sobre OEC?

Any news on OEC?

I hope to be able to present OEC with the material they need within 24 hours. This would then allow them to make a decision about restarting AutoTrading. (Same goes for OX.) Again, as things change and as I learn more, I will post here.

Any updates?

Latest update: This morning we sent the information that was requested by our broker partners. Now we await their assessment, and answer any further questions or information requests that they have. I am hopeful things will move quickly at this point, but I can’t yet say for certain. I promise to share more information on this forum as I learn it.

It’s good to hear that the process is moving forward with your broker partners. Can you please share those updates with us (i.e. C2’s revenue source), and additionally, what specific measures you’ve taken since the security breach to ensure this won’t happen again? e.g. to whom you will be outsourcing payment processes, what security firm(s) you’ve hired to audit the site going forward, what policies you’ve implemented in terms of encrypting private information, etc.

was it ever clearly disclosed, HOW the hacker got in - what weakness was exploited, etc.?

I get the sense that some people are worried about recurrence of this. There is a couple of ET threads discussing this event, dunno if T2W or other places maybe.

It would be interesting to know what the vulnerability was, but what’s more important is that 1) it was fixed and 2) C2 doesn’t simply concentrate on fighting the last war, and is going through its code with a fine-tooth comb to prevent future vulnerabilities. Actually, as I implied in my last post, I don’t trust C2 to audit itself, so it’s important to know whom C2 has hired to do this for them.

The Albawaba hacker who sent out the email after the breach claimed that Matthew was informed of the vulnerability before Thanksgiving and did nothing. I obviously have no way of knowing if this is true or not, but I’m inclined to believe it based on C2’s exceptionally slow response and lack of communication for the past week.

Look, it comes down to this. My subscription is going to expire this weekend, and I’ve seen nothing so far that would convince me to enter my replacement card info again, let alone trust C2 with my broker login details. Obviously the decision to continue with C2 or not will either be made by me or be made for me in the next few days (based on the information Matthew communicates or fails to communicate), and I suspect I’m not the only one losing patience.

I have similar feelings. There are so many options that would make me feel safer about C2, I’m confused as to why they would not be implemented immediately (i.e. Paypal, verisign, etc.).

it would be appreciated if the site owners could join in the discussion and give clear responses. Jefffrey’s concerns have been brought up by a number of people, and it seems like a taboo subject for the site owners to get involved with.

Without clear guidance on future plans, people are going to speculate and think the worst.

I am just happy that the CC # I had in had already expired, and I never gave my SSN.

Edited and reposted.

I am not seeking personal correspondence or PMs, and I am not requesting communication in this way. Nor was my post(s) requesting a personal explanation. Nor do I wish/desire private assurances or special considerations.

Some people are raising a number of particular issues that should be addressed publicly, but they are telling C2 there is silence or little clarity on the issue.

In light of MKs latest reply, I would definitely give C2 a second chance (use a new CC #). As the passwords are stored encrypted, I don’t forsee anybody hacking it and so your CC # and other details should be safe.

Thanks Matthew! This reponse actually makes me feel a lot better and more importantly safer. Your service is invaluable to many of us which may account for some of the panic. Good luck with the reviews from the brokers.

But, since MK is still unsure about autotrading, I would just manually trade for now. This may force you to trade only systems that trade only EOD, but that is the price one has to pay for peace of mind. It is hard enough trying to make money in trading as such, why would one want the unnecessary hassle of having to deal with errors in your real-money account for whatever reason (internet outages, hacking, large intra-day moves or breakdown in exchange trading functions or server outages etc.)?