| Author | Message | ||
     Acav80 |
Man, my wife just found a charge on our online banking statement for iTunes.com, where we don't even have an account. Luckily we caught it quick...it's still a pending transaction so don't know how much it was for. I just got through with the panicked phone calls to my bank and to apple. I think we're ok, but man there are some real m-f'ers out there in cyber-land. When I called the bank the system told me my account was locked due to too many invalid entries. The bas***d must have tried calling the bank to get an account balance but couldn't get past my passcode. You know what really sucks, too, is I'm pretty sure I know what website exposed me to the hack. I ordered some decals for my Uly recently from a site that looked a little shintzy. The decals arrived without a problem but my guess is the security of the transaction was sub-standard. The apple rep said this was likely a test-transaction to see if the card would work, and that if it did then many more charges would likely follow. SHEESH! Be careful where you shop online. It's amazing how low some people will go. | ||
| Brinnutz |
Care to mention the site so everyone else is aware????!?!??!! | ||
| Cruisin |
Don't immediately blame that website. Our credit union issued us new debit cards because Heartland, a payment processing vendor, finally identified a leak they had where card numbers were compromised... http://www.2008breach.com/ | ||
| Cruisin |
This was the original press release on 1/20/09: http://www.2008breach.com/Information20090120.asp | ||
| Acav80 |
ok. so I'm not CERTAIN that the hack came from here, but I'm pretty darn suspicious. I don't mean to cost them business, and I certainly got my decals quickly and they look top-notch. But... http://www.fastdecals.com/ The site, particularly the checkout system they use, is the most likely info leak I can locate from the vendors I've dealt with recently. I could very well be wrong, though. Coming soon...my new look for the Uly! At the bargain price of: Everything in my account! | ||
| Acav80 |
good point, Cruisin'. There are many hands involved in online transactions, so it's not really fair to say the website is to blame. It may have just as easily come from a restaurant or something like that. I'm just flippin' out a bit and hunting for a spot to place the blame, and that's my suspicion. | ||
| Cruisin |
Yeah, I wasn't real happy. I have two accounts that had to get new cards, and I got a letter from my other MasterCard that said there was a breach of information by a processing vendor, and that I should watch my account. WTF? If there was a data breach, give me a new card! Don't make me responsible! Unfortunately with better technology comes greater risks... :P | ||
| Froggy |
Acav, the site has a separate secure checkout process from another company. It looks legit to me. Also were you doing this from a wireless computer? It is possible they got the info from packet sniffing. Then again, it could be from something totally unrelated, like last time you paid with the card at a restaurant, the kid jotted down your info. Could be anything. | ||
| Badlionsfan |
My bank just sent me a letter Friday saying they were sending me a new card due to a possible security breech. | ||
| Iamike |
It was interesting on COPS this weekend. They busted a guy driving around neighborhoods picking up their wireless and gathering information. He had a whole book of notes on names, SS#'s, accts., etc. I am amazed at how often I see unsecured wireless routers when I'm out and about. It was funny, the cop called the first name on the list and he just sounded like a big bad dude. Maybe they should have turned the hacker over to him for some street justice. | ||
| Froggy |
Mike, I love the free wireless networks. I too am amazed at people doing banking and buying from them. At my house I got two wireless networks, one that has WPA2 encryption, and the other is free and open for visitors, but it is completely isolated from everything else on my network. | ||
| Reepicheep |
If you are using an HTTPS connection, which all credit card transactions are required to be as per the PCI standards, they won't be able to sniff your credit card in flight. If you have an unsecured wireless network, they might be able to get malware on your machine that would allow them to steal card numbers though. You are probably a victim of the heartland breach, or some food service industry person that lifted your card. | ||
| J2blue |
+2 on Heartland breach +1 on random counter swipe I paid one of the credit bureaus for a monitoring package they sell and found it very useful. So far no actual fraud, but it flags suspicious transactions very well. I also added alerts to my credit cards that let me know when online and/or dollar limits are reached. Be proactive on securing all your financial information against regular and online fraud. | ||
| Davegess |
Citibamk offers account alias were they generate a new one time account number for each transaction. Seems like it woul dbe good security. | ||
| Court |
Yikes . . . suppose it's Buell's way of enforcing copyrights?  Scary | ||
| Doerman |
The most unsecure moment is when you had your card to a waiter to pay your restaurant bill. You are completely trusting the waiter and the security of the POS system they are using. Three years ago my debit card was compromised at a restaurant. Wells Fargo took care of it and I was not out any money.I have paid cash at restaurants ever since. If an online vendor is using https for the card transaction, you can feel pretty secure that the information has not been compromised (granted that your are not using it over an open WiFI). | ||
| Dummkauf |
Small tip of advice for you all(and securing servers is what I do for a living), unless you are buying something from a well established business's website(eg: Target.com, Walmart.com, Amazon, etc...) I would be extremely cautious about putting your card info out there. My personal solution for when i need to order anything online, especially from less reputable sites that usually are the only ones with hard to find parts for my bikes, is to use my credit card. I have 1 credit card that only has a $500 limit and I call up and bitch any time they try to raise the limit. This way even if you get my number the most you're gonna screw me out of is $600-$700(they could probly charge a bit over your limit before getting cutoff), which still sucks but it's nowhere near as bad as what I'd lose in my checking/savings accounts. Plus if I have to dispute the charges it's the credit card companies money that is in limbo, and not my life savings. Your bank won't just give you your money back because you say the charges are fraudulent, you're gonna be waiting til the dispute is resolved. Also, that same credit card is the only card waiters get when I go out to restaurants. Because If you really want to steal credit card numbers, get a job as a waiter. You will see hundreds of cards a week, and card readers are cheap enough for anyone motivated enough to find and buy. | ||
| Corporatemonkey |
For shady online purchases, just pick up a prepaid Mastercard. They are available at most grocery stores near all the other gift cards. After the balance is spent just toss the card. | ||
| Firebolt32 |
This happened to my brother with Direct TV. The guys showed up to set up the dish and asked for my brother to sign for it. He said he didn't order it. When he called Direct TV, they told him someone set up an account and the whole 9. Between the bank and Direct TV they were very understanding when he told them it wasn't him. It just eats me up that people have nothing better to do than to screw with people's money. | ||
| Babired |
This is from my work and it just came out last week regarding I tunes and Apple. It is an internal e-mail. FYI for you all: Action: None required. Computers not left powered on this evening will run the update the next time they power up and connect to the network. You can install the update yourself to Windows systems from the Software Portal or to Macintosh systems by running the Apple Software updates utility. Any computers already running the latest update will not be impacted. Summary: Apple QuickTime 7.6 will be deployed to Windows computers starting tonight, January 26th, at 8:00 p.m. Macintosh systems will reboot and then run the Apple Software Update application tonight beginning at 8 PM. Any updates that are required, including the Quicktime update, will be installed. Details: This is a critical security update to the existing QuickTime software installed on all systems. This installation will close any active sessions of Internet Explorer, Apple Quicktime and iTunes. Looks like the security patch is with the latest Quicktime. K | ||
| Acav80 |
Just catching up on peoples' posts here. I spent last night wracking my brain about possible exposures, but like some have said, there's just no way to know for sure and it's not really fair to blame one particular site based only on a hunch. I used to use my credit card for online buys all the time, but my wife sortof has a phobia of credit debt so once we paid all our cards off last year we started only using the debit. I think this is a good case for going beck to credit. Or prepaid cards. Still can't believe some dirtbag was actually calling my bank and typing in my account number trying to get to my info. Some people could use a good hard pistol whip. | ||
| Babired |
Back in 2004 I was a victim of CC id theft, I used my debit all of the time and used it a BJ's Wholesale club. The thief took my debit cc # and made another card with whoevers name on it and spent my money in spurts and in different locations in South America. Wiped out my checking account in one weekend, then, thank GOD for overdraft protection linked to my regular credit card, instead of my savings. If I had the overdraft linked to my savings the crook would have taken my savings too. So long story short, I always use my regular cc the debit I use only at the banks ATM and no where else. Last Saturday night I was watching COPS on TV and the showed 2 officers busting some guy in Texas sitting in his truck with a wireless notebook computer on somebody's neighborhood curb, scanning for unsecured wireless networks. He had names, SS#'s, account numbers in a book. The cops actually called one of the victims, because he said the people gave him their information. Make sure your wireless network is password protected. K | ||
| B00stzx3 |
Paypal. Or buy a prepaid just for online junk, thats what I've done. But paypal anytime you can! | ||
| Bill0351 |
"It may have just as easily come from a restaurant or something like that." My sister's debit card information was stolen at a Milwaukee restaurant that way. It was a rare situation of probably knowing exactly where it happened since she hadn't used it at all for some time before that. Someone in Louisiana used it to clean her account out by buying Walmart gift certificates. Even though her bank was fairly good about it, they took about 2 weeks to get the money back into her account. | ||
| Jumpinjewels |
My hubby and I went out to dinner about 1 1/2 weeks ago and both our cards were denied. I knew immediately that there must have been a "compromise". Called the bank on Saturday and they confirmed it. Just got my new card in the mail yesterday. Fortunately, no unauthorized charges were encountered | ||
| Reindog |
What davegess said. NEVER use your real credit card number for an online transaction. Citibank MasterCard (and presumably other banks) provide Virtual Credit Card numbers for online use. They are FREE and EASY to use online. You can download an applet onto your trusted computer or access a generator at your citibank online account if you are on a MAC or in hostile territory. Basically, you press a button and a credit card number and CVS number is generated which is linked to your real credit card number. The number can be drag and dropped into the payment section to pay for your widgit online. The Virtual Credit Card number expires at the end of the following month where it can be recycled. This it the ONLY way that I make an online transaction. The number can only be used ONE time and is linked to your real account number. Any attempt to reuse the number immediately warns Citibank that a fraudulent (or mistaken) transaction is in play and will be blocked. The vendor or the ether NEVER sees your actual credit card number. It IS a valid credit card number and is completely transparent. Check it out. Even you Slumdog MAC users. | ||
| Babired |
I agree with Reindog but I have used my cc card online but only places like the US Mint. The BJ'S Wholesale club rip off was not an online transaction my information was stolen by a breach with the store, I used the debit card at the store buying stuff. Once you get ripped off the fastest way to get your money back is by signing an affidavit at the bank. I can't even imagine having your SS# with everything else stolen. Keep a low CC limit and put your overdraft protection on the regular cc with the low limit. Then recovery can be easy. | ||
| Reepicheep |
Online transactions are far safer (in the US) then brick and motor transactions. In Europe, it is the other way around (probably because they use chip and pin). In a credit card transaction, you are only liable for the first $50 provided you notify them when you find a problem. And generally, I don't think you are even out the $50. If you are using HTTPS, you can use an unsecured wireless network without fear of network sniffing... thats what HTTPS does, and it does it scary well. An unsecured wireless network exposes a larger attack surface on your local box though, so I would still recommend against them. If you are travelling and have corporate VPN software, connect that up ASAP. It adds some nice extra layers of protection. I wonder if this is related, I haven't seen it linked to the heartland breach... but would not be suprised if it was... http://www.foxnews.com/story/0,2933,487184,00.html | ||
| Acav80 |
Wow, getting an education here. My cc numbers won't be on the web again after this! I just went to the bank and canceled my card; had a new one issued. I think we have secured the situation by catching it and acting quickly. Lessons learned: 1) guard my card info much better, 2) keep checking my accounts regularly. #2 paid off big time for us here, it seems. | ||
| Iamike |
Now that I think about it I remember a couple of years ago when a friend in a small town gave me a call. She had tried to print some financial imformation on their daughter and when she brought up the printer on their pc it showed a bunch of printers. She didn't understand what she was looking at and just printed it out (it didn't print at their printer). Later on a neighbor called and asked why her documents showed up on their printer. I told her she needed to call their ISP and talk about their network setup. Talk about unsecure. |
