Credit Card Fraud WARNING!
I've recently been subject to credit card fraud and would like to give anyone who used DVD Pacific recently to buy DVDs or other items over the 'net a heads up...check your credit card statements!
DVD Pacific have sent out an email recently explaining that their servers have been subject to a hacking attempt from ISP's in Russia and the Ukraine and a search of on-line forums throws up the same results all the time...false claims on peoples credit cards, although it has not yet been proven that the hacking attempt on DVD Pacific is to blame.
The company involved in this scam is "Diage.com", based in the Netherlands with address in UK. People worldwide have reported that this company has applied for payment to their cards even though some had not used DVD Pacific although they had used other e-tailers.
So if you buy over the 'net check your statement!
Here's a copy of the letter from DVD Pacific -
>> "Our web site has recently been subjected to various hacking attempts.
We upgraded our security measures in lieu of this to ensure the
personal information we hold for you is fully protected. Part of these
security enhancements have provided us information that led us to
believe that some data had been compromised by way of a worm on the
server. No anti virus or spyware was able to detect this but we now
have information that contact had been made with an IP address outside
our network. We attempted to capture this information without it
leaving the server so as to determine exactly what was being
transmitted. Unfortunately this worm had some type of self detection available
and as soon as it realized we had discovered it, it self destructed
leaving no trace evidence.
Yesterday the IP addresses we suspected behind this launched a
malicious code attack on our SQL server and this allowed us to track their IP addresses to their source and we have identified ISP?s in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed
a full report at www.us cert.gov. Further a report has been filed with
FSB.ru. We have blocked any possibility of this type of attack being successful but as a precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated below.
Your Login -********
New Password ? ********
We would also request that you pay particular attention to your credit
card statement to ensure that your not subject to any fraudulent
transactions and if so notify your credit card issuer immediately. We
will be providing a list of all cards we have on file to each of the
credit card issuers so as they can also monitor any suspicious activity.
We will continue to monitor this situation closely as we have been
since it arose and you can be assured our efforts to provide you with the
safest shopping environment online will always be of the highest
priority.
If you have any questions in relation to this issue please direct them
to webmaster @dvdpacific.com" <<
DVD Pacific have sent out an email recently explaining that their servers have been subject to a hacking attempt from ISP's in Russia and the Ukraine and a search of on-line forums throws up the same results all the time...false claims on peoples credit cards, although it has not yet been proven that the hacking attempt on DVD Pacific is to blame.
The company involved in this scam is "Diage.com", based in the Netherlands with address in UK. People worldwide have reported that this company has applied for payment to their cards even though some had not used DVD Pacific although they had used other e-tailers.
So if you buy over the 'net check your statement!
Here's a copy of the letter from DVD Pacific -
>> "Our web site has recently been subjected to various hacking attempts.
We upgraded our security measures in lieu of this to ensure the
personal information we hold for you is fully protected. Part of these
security enhancements have provided us information that led us to
believe that some data had been compromised by way of a worm on the
server. No anti virus or spyware was able to detect this but we now
have information that contact had been made with an IP address outside
our network. We attempted to capture this information without it
leaving the server so as to determine exactly what was being
transmitted. Unfortunately this worm had some type of self detection available
and as soon as it realized we had discovered it, it self destructed
leaving no trace evidence.
Yesterday the IP addresses we suspected behind this launched a
malicious code attack on our SQL server and this allowed us to track their IP addresses to their source and we have identified ISP?s in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed
a full report at www.us cert.gov. Further a report has been filed with
FSB.ru. We have blocked any possibility of this type of attack being successful but as a precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated below.
Your Login -********
New Password ? ********
We would also request that you pay particular attention to your credit
card statement to ensure that your not subject to any fraudulent
transactions and if so notify your credit card issuer immediately. We
will be providing a list of all cards we have on file to each of the
credit card issuers so as they can also monitor any suspicious activity.
We will continue to monitor this situation closely as we have been
since it arose and you can be assured our efforts to provide you with the
safest shopping environment online will always be of the highest
priority.
If you have any questions in relation to this issue please direct them
to webmaster @dvdpacific.com" <<
Comments
Originally posted by MiMac
I've recently been subject to credit card fraud and would like to give anyone who used DVD Pacific recently to buy DVDs or other items over the 'net a heads up...check your credit card statements!
DVD Pacific have sent out an email recently explaining that their servers have been subject to a hacking attempt from ISP's in Russia and the Ukraine and a search of on-line forums throws up the same results all the time...false claims on peoples credit cards, although it has not yet been proven that the hacking attempt on DVD Pacific is to blame.
The company involved in this scam is "Diage.com", based in the Netherlands with address in UK. People worldwide have reported that this company has applied for payment to their cards even though some had not used DVD Pacific although they had used other e-tailers.
So if you buy over the 'net check your statement!
Here's a copy of the letter from DVD Pacific -
>> "Our web site has recently been subjected to various hacking attempts.
We upgraded our security measures in lieu of this to ensure the
personal information we hold for you is fully protected. Part of these
security enhancements have provided us information that led us to
believe that some data had been compromised by way of a worm on the
server. No anti virus or spyware was able to detect this but we now
have information that contact had been made with an IP address outside
our network. We attempted to capture this information without it
leaving the server so as to determine exactly what was being
transmitted. Unfortunately this worm had some type of self detection available
and as soon as it realized we had discovered it, it self destructed
leaving no trace evidence.
Yesterday the IP addresses we suspected behind this launched a
malicious code attack on our SQL server and this allowed us to track their IP addresses to their source and we have identified ISP?s in Russia and the Ukraine. We have contacted the FBI, Secret Service and filed
a full report at www.us cert.gov. Further a report has been filed with
FSB.ru. We have blocked any possibility of this type of attack being successful but as a precaution we have auto updated all member account access passwords and now sending you your new temporary password as indicated below.
Your Login -********
New Password ? ********
We would also request that you pay particular attention to your credit
card statement to ensure that your not subject to any fraudulent
transactions and if so notify your credit card issuer immediately. We
will be providing a list of all cards we have on file to each of the
credit card issuers so as they can also monitor any suspicious activity.
We will continue to monitor this situation closely as we have been
since it arose and you can be assured our efforts to provide you with the
safest shopping environment online will always be of the highest
priority.
If you have any questions in relation to this issue please direct them
to webmaster @dvdpacific.com" <<
This is a growing problem nation wide alot of Etailers are taking the measure of not storing CC #'s on their servers in case of a breach.
When building Credit Card processing systems I've always championed not storing a user's card number. It can only lead to trouble. Even if its encrypted, unless you have 100% top notch security it is, highly likely that a good hacker could still grab all the card numbers and the encryption keys.
A previous dumb ass boss even wanted to store social security numbers!
Anyhow, even if you're CC number isn't stored permanently it might be cached in the site's session system. Maybe for 30 minutes or so? Not too bad but yeah, it should be encrypted too!
Securely storing card #s for recurring charges or one-click type purchasing needs to be well planned and executed. I promise you most sites do not devote enough time for either (and this is for all things, not this issue in particular, but that's another story). Usually sites are slap and dash affairs done by the lowest bidder, not someone who would stand up and protect your rights. Even well trained do-gooders are constrained by the business environment.
What does it mean if a programmer would not store his CC number in his own site? No matter what you can blame management. Either for not making security a priority or for not allowing enough oversight to find sketchy solutions.
I personally have never been bitten by the fraud bug and I don't plan to be. I am very cautious with my credit cards.
unless you have a team of security monkeys wokring around the clock you are always vulnerable to some smart hacker
Originally posted by Moogs
Yep. Makes you think twice, even about going to well-known retailers like Amazon or B&H. Thanks for the warning, and good luck with getting the false charges removed, etc.
Cheers Moogs.
Funny you should mention Amazon 'cos I had noticed while browsing other boards concerning this type of fraud that some other people had only ever used Amazon to buy with their CC's and they too had been hit by the same duff company.
I had been using DVD Pacific for a year or so now with no problems what-so-ever and just before getting hit I had ordered from Amazon for the first time ... coincidence?
E-tailers everywhere need to beef up their security big time!