Credit Card Fraud WARNING!

Posted:
in General Discussion edited January 2014
I've recently been subject to credit card fraud and would like to give anyone who used DVD Pacific recently to buy DVDs or other items over the 'net a heads up...check your credit card statements!



DVD Pacific have sent out an email recently explaining that their servers have been subject to a hacking attempt from ISP's in Russia and the Ukraine and a search of on-line forums throws up the same results all the time...false claims on peoples credit cards, although it has not yet been proven that the hacking attempt on DVD Pacific is to blame.



The company involved in this scam is "Diage.com", based in the Netherlands with address in UK. People worldwide have reported that this company has applied for payment to their cards even though some had not used DVD Pacific although they had used other e-tailers.



So if you buy over the 'net check your statement!





Here's a copy of the letter from DVD Pacific -



>> "Our web site has recently been subjected to various hacking attempts.

We upgraded our security measures in lieu of this to ensure the

personal information we hold for you is fully protected. Part of these

security enhancements have provided us information that led us to

believe that some data had been compromised by way of a worm on the

server. No anti virus or spyware was able to detect this but we now

have information that contact had been made with an IP address outside

our network. We attempted to capture this information without it

leaving the server so as to determine exactly what was being

transmitted. Unfortunately this worm had some type of self detection available

and as soon as it realized we had discovered it, it self destructed

leaving no trace evidence.



Yesterday the IP addresses we suspected behind this launched a

malicious code attack on our SQL server and this allowed us to track their IP addresses to their source and we have identified ISP?s in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed

a full report at www.us cert.gov. Further a report has been filed with

FSB.ru. We have blocked any possibility of this type of attack being successful but as a precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated below.



Your Login -********

New Password ? ********



We would also request that you pay particular attention to your credit

card statement to ensure that your not subject to any fraudulent

transactions and if so notify your credit card issuer immediately. We

will be providing a list of all cards we have on file to each of the

credit card issuers so as they can also monitor any suspicious activity.



We will continue to monitor this situation closely as we have been

since it arose and you can be assured our efforts to provide you with the

safest shopping environment online will always be of the highest

priority.



If you have any questions in relation to this issue please direct them

to webmaster @dvdpacific.com"; <<

Comments

  • Reply 1 of 5
    Quote:

    Originally posted by MiMac

    I've recently been subject to credit card fraud and would like to give anyone who used DVD Pacific recently to buy DVDs or other items over the 'net a heads up...check your credit card statements!



    DVD Pacific have sent out an email recently explaining that their servers have been subject to a hacking attempt from ISP's in Russia and the Ukraine and a search of on-line forums throws up the same results all the time...false claims on peoples credit cards, although it has not yet been proven that the hacking attempt on DVD Pacific is to blame.



    The company involved in this scam is "Diage.com", based in the Netherlands with address in UK. People worldwide have reported that this company has applied for payment to their cards even though some had not used DVD Pacific although they had used other e-tailers.



    So if you buy over the 'net check your statement!





    Here's a copy of the letter from DVD Pacific -



    >> "Our web site has recently been subjected to various hacking attempts.

    We upgraded our security measures in lieu of this to ensure the

    personal information we hold for you is fully protected. Part of these

    security enhancements have provided us information that led us to

    believe that some data had been compromised by way of a worm on the

    server. No anti virus or spyware was able to detect this but we now

    have information that contact had been made with an IP address outside

    our network. We attempted to capture this information without it

    leaving the server so as to determine exactly what was being

    transmitted. Unfortunately this worm had some type of self detection available

    and as soon as it realized we had discovered it, it self destructed

    leaving no trace evidence.



    Yesterday the IP addresses we suspected behind this launched a

    malicious code attack on our SQL server and this allowed us to track their IP addresses to their source and we have identified ISP?s in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed

    a full report at www.us cert.gov. Further a report has been filed with

    FSB.ru. We have blocked any possibility of this type of attack being successful but as a precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated below.



    Your Login -********

    New Password ? ********



    We would also request that you pay particular attention to your credit

    card statement to ensure that your not subject to any fraudulent

    transactions and if so notify your credit card issuer immediately. We

    will be providing a list of all cards we have on file to each of the

    credit card issuers so as they can also monitor any suspicious activity.



    We will continue to monitor this situation closely as we have been

    since it arose and you can be assured our efforts to provide you with the

    safest shopping environment online will always be of the highest

    priority.



    If you have any questions in relation to this issue please direct them

    to webmaster @dvdpacific.com"; <<




    This is a growing problem nation wide alot of Etailers are taking the measure of not storing CC #'s on their servers in case of a breach.
  • Reply 2 of 5
    moogsmoogs Posts: 4,296member
    Yep. Makes you think twice, even about going to well-known retailers like Amazon or B&H. Thanks for the warning, and good luck with getting the false charges removed, etc.
  • Reply 3 of 5
    xoolxool Posts: 2,460member
    As an e-commerce programmer I know what can be stored in a site's database and where.



    When building Credit Card processing systems I've always championed not storing a user's card number. It can only lead to trouble. Even if its encrypted, unless you have 100% top notch security it is, highly likely that a good hacker could still grab all the card numbers and the encryption keys.



    A previous dumb ass boss even wanted to store social security numbers!



    Anyhow, even if you're CC number isn't stored permanently it might be cached in the site's session system. Maybe for 30 minutes or so? Not too bad but yeah, it should be encrypted too!



    Securely storing card #s for recurring charges or one-click type purchasing needs to be well planned and executed. I promise you most sites do not devote enough time for either (and this is for all things, not this issue in particular, but that's another story). Usually sites are slap and dash affairs done by the lowest bidder, not someone who would stand up and protect your rights. Even well trained do-gooders are constrained by the business environment.



    What does it mean if a programmer would not store his CC number in his own site? No matter what you can blame management. Either for not making security a priority or for not allowing enough oversight to find sketchy solutions.



    I personally have never been bitten by the fraud bug and I don't plan to be. I am very cautious with my credit cards.
  • Reply 4 of 5
    word up. i recommended to my clients to not even go the route of storing credit card numbers, its such a liability. Store what you want, but when they check out let them pull that piece of plastic out of their wallet...



    unless you have a team of security monkeys wokring around the clock you are always vulnerable to some smart hacker
  • Reply 5 of 5
    mimacmimac Posts: 872member
    Quote:

    Originally posted by Moogs

    Yep. Makes you think twice, even about going to well-known retailers like Amazon or B&H. Thanks for the warning, and good luck with getting the false charges removed, etc.



    Cheers Moogs.

    Funny you should mention Amazon 'cos I had noticed while browsing other boards concerning this type of fraud that some other people had only ever used Amazon to buy with their CC's and they too had been hit by the same duff company.

    I had been using DVD Pacific for a year or so now with no problems what-so-ever and just before getting hit I had ordered from Amazon for the first time ... coincidence?

    E-tailers everywhere need to beef up their security big time!
Sign In or Register to comment.