Jump to content



Sign up for a free account!

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests to win things like this Logitech Harmony Ultimate Remote and you won't get the popup ads that guests get. Click here to create your free account.

Photo

WARNING - your Deep Discount DVD are not secure!


This topic has been archived. This means that you cannot reply to this topic.
62 replies to this topic

#1 of 63 Tony J Case

Tony J Case

    Screenwriter

  • 1,560 posts
  • Join Date: Mar 25 2002

Posted October 08 2004 - 09:32 PM

Since this was pretty well summed up, I'll just copy and paste it here:

Quote:
I went to DeepDiscountDVD today to add some stuff to my wishlist and noticed that up in the top left corner, it said "Hello Veronica".

Seeing as though my name is not Veronica -- nor do I know any Veronicas -- I was more than slightly puzzled. I clicked on the account details to see what was up (thought maybe my account had been hacked), and there were all of Veronica's details -- Name, number, address, credit card info etc.

I clicked on 'order status' and was able to view her orders for the last 6 months.

Odd? It gets worse....

I refreshed the page. Now, I'm logged into the account of some guy in Oklahoma named Frederick.

Same deal -- I can access his entire account.

This happened five more times as I jumped from page to page on the site. Just as I'd be looking around to see what was going on, there would be a new "Hello..." message up where mine should have been.

That's seven accounts that I was logged into within half an hour!

If I were dishonest, or a complete asshole, I could quite easily have ordered a few DVDs from each of them for myself.

I copied the email addresses of everybody's account that I had access to and I emailed them about the situation.

Did anyone else encounter this today?!

Lord knows how many people had access to other people's accounts while it was happening. I'm just thankful my credit card on file with DDD expired a month ago.

Check your accounts, people. Make sure there are no unauthorized orders or any strange items in your shopping cart or wishlist.


#2 of 63 Qui-Gon John

Qui-Gon John

    Producer

  • 3,527 posts
  • Join Date: Oct 02 2000

Posted October 09 2004 - 12:22 AM

My god, this is true. I just went to the website and wasn't even logged in. I clicked LOGIN and without prompting me for password or anything, it said "Hello Kevin" and I could also see this other persons details.

I'll bet their site was hacked.

#3 of 63 Christopher D

Christopher D

    Second Unit

  • 283 posts
  • Join Date: Oct 16 2000

Posted October 09 2004 - 12:42 AM

Yeah, I'm apparently Kevin too. I'm not logging in until this gets fixed, because I'm really not interested in having everyone be "Christopher".

#4 of 63 Harold Wazzu

Harold Wazzu

    Supporting Actor

  • 885 posts
  • Join Date: Oct 01 2003

Posted October 09 2004 - 12:42 AM

Holy crap, I was able to do it as well. If I had an account there I'd be cancelling my credit card that I had filed with them for sure.

#5 of 63 Michael Cucka

Michael Cucka

    Stunt Coordinator

  • 150 posts
  • Join Date: Dec 08 1998

Posted October 09 2004 - 12:54 AM

This seems to be fixed now - the log-in screen asks me for information to proceed.

I'm using Safari on a Mac, if that makes a difference.
Michael Cucka brucknerdoc@comcast.net

#6 of 63 george kaplan

george kaplan

    Executive Producer

  • 13,064 posts
  • Join Date: Mar 14 2001

Posted October 09 2004 - 01:09 AM

It's not fixed.

I just went there (I've never been there before, I've never used this place), and hit the login button. "Welcome back David", along with all his info and his password already typed in, etc.

Bad, bad news for people who do use that site. Posted Image
"Movies should be like amusement parks. People should go to them to have fun." - Billy Wilder

"Subtitles good. Hollywood bad." - Tarzan, Sight & Sound 2012 voter.

"My films are not slices of life, they are pieces of cake." - Alfred Hitchcock"My great humility is just one of the many reasons that I...

#7 of 63 Lynda-Marie

Lynda-Marie

    Supporting Actor

  • 762 posts
  • Join Date: Jun 03 2004

Posted October 09 2004 - 01:32 AM

Thanks for the warning, Tony. A site I will NEVER allow to tempt me!
The shape I'm in you could donate my body to science fiction! - Rodney Dangerfield, "Back to School"

#8 of 63 BradyB

BradyB

    Stunt Coordinator

  • 82 posts
  • Join Date: Dec 17 2000

Posted October 09 2004 - 02:01 AM

Damn, I just tried aswell and was able to get into some poor fellow named James' account from Virginia. I tried again and got the account of "DDD Sux".

As a customer of DDD, I have sent them a furious email. Hopefully they take the site down now until the problem is fixed!

#9 of 63 Kyle McKnight

Kyle McKnight

    Screenwriter

  • 2,515 posts
  • Join Date: Mar 08 2001

Posted October 09 2004 - 02:04 AM

Yah, I'm Neil & David so far. OH and get this, now I'm "Hello Compromised by DDD" AND "DDD Sux". I'm sure someone has thought of calling them, but just in case, I'm on hold right now.
Kyle McKnight

#10 of 63 Kyle McKnight

Kyle McKnight

    Screenwriter

  • 2,515 posts
  • Join Date: Mar 08 2001

Posted October 09 2004 - 02:12 AM

OK. They said they are aware of it, couldn't offer an explanation, and are in the process of shutting the site down right now. It seems a lot of people have called, the first thing the lady said when coming on the line was "Thank you for calling DDD, are you calling about the website?"
Kyle McKnight

#11 of 63 ChrisBEA

ChrisBEA

    Screenwriter

  • 1,657 posts
  • Join Date: Jul 19 2003

Posted October 09 2004 - 02:25 AM

I just went there and it is prompting me for login information.
I haven't logged in, but at least it isn't giving me someone else's name!

#12 of 63 george kaplan

george kaplan

    Executive Producer

  • 13,064 posts
  • Join Date: Mar 14 2001

Posted October 09 2004 - 03:49 AM

What's great about that site though, is the integrity of the people running it. They now have the following message there:
Dear DeepDiscountDVD.com and DeepDiscountCD.com customers,

The sites are currently unavailable for a system upgrade to service you better. The sites will be back up in a few minutes.


We do apologize for the inconvenience.


Sincerely,

DeepDiscountDVD.com and DeepDiscountCD.com
No, warning that we've been hacked, no "make sure your credit card info hasn't been compromised", simply a misleading statement to those who don't know about it. Seems like a really bone-headed move to me. Which would you trust more? A site that's been hacked and is up-front about it, or a site that tries to hide from their customers the fact that their credit card info might have been stolen. Posted Image Posted Image Posted Image It's not like the other customers aren't going to find out about this, and they're going to be a lot more pissed about being lied to than anything else.
"Movies should be like amusement parks. People should go to them to have fun." - Billy Wilder

"Subtitles good. Hollywood bad." - Tarzan, Sight & Sound 2012 voter.

"My films are not slices of life, they are pieces of cake." - Alfred Hitchcock"My great humility is just one of the many reasons that I...

#13 of 63 StephenL

StephenL

    Second Unit

  • 341 posts
  • Join Date: Nov 21 2000

Posted October 09 2004 - 04:30 AM

I use a credit card with software that generates a unique credit card number for each online transaction. The number on my credit card is never revealed. You can use a web-based service or install PC software.

Discover Card has a service called Deskshop:
http://www.discovercard.com/deskshop/

MBNA has a service called Shopsafe for Visa and Mastercard:
http://www.mbna.com/...ards/index.html
"It's most disappointing. I shall have to go all-out on some modifications."

#14 of 63 alan halvorson

alan halvorson

    Screenwriter

  • 2,021 posts
  • Join Date: Oct 02 1998

Posted October 09 2004 - 04:58 AM

Site was down for me at this moment - all I got was an Error Occurred While Processing Request message.
They're coming to take me away, ha-haaa!!
They're coming to take me away, ho-ho, hee-hee, ha-haaa To the funny farm. Where life is beautiful all the time and I'll be happy to see those nice young men in their clean white coats and they're coming to take me away, ha-haaa!!!!!
- Napoleon XIV

#15 of 63 Mark_TS

Mark_TS

    Screenwriter

  • 1,700 posts
  • Join Date: Mar 23 2000

Posted October 09 2004 - 06:05 AM

I believe this may be the second time for them. Once about a year ago my bank called me telling me they had cancelled and reissued my card with a new number on an advisory. They would not say WHO it was , but I immediately suspected DDD as they were about the only web site I dealt with on that card.
The Official HTF 'elitist' lol....
"War is God's way of teaching Americans Geography"-Ambrose Bierce

#16 of 63 GarySchrock

GarySchrock

    Second Unit

  • 294 posts
  • Join Date: Feb 28 2003

Posted October 09 2004 - 06:07 AM

Quote:
No, warning that we've been hacked,No, warning that we've been hacked,

Of course, that wouldn't be a true statement either from what I can see. From what was described, it sounds far more like a bug than being hacked. That said, I'd hope they'd eventually email people whose accounts were accessed, but I don't know that it's necessary for everyone to be notified.

#17 of 63 MattGentry

MattGentry

    Second Unit

  • 257 posts
  • Join Date: Apr 22 2003

Posted October 09 2004 - 06:37 AM

I'm willing to bet things like this happen to various websites over the course of their being online. Sometimes, such as in this case, we find out about it. Others, I'm sure, we don't find out about and as such, don't worry about.

Without someone posting this info, most people wouldn't be aware of it.

The site itself is a great site. For me, the process of buying it there is quite a good deal cheaper than me driving nearly 40 minutes to the closest store, buying it (usually a dollar or two more than the site, as well as paying tax on top of that extra dollar), etc.

So, price, tax, gas, time all factored in, I usually pay about five dollars more than buying it online. Their customer service has always been top-notch when I've dealt with them, and as such, I've been led to believe they are a good site.

One problem such as this will not lead me to stop buying from them...

#18 of 63 george kaplan

george kaplan

    Executive Producer

  • 13,064 posts
  • Join Date: Mar 14 2001

Posted October 09 2004 - 06:47 AM

One problem such as this will not lead me to stop buying from them...
Is it OK if I order a bunch of stuff with your info if I go there and it says "Welcome Back Matt"? Posted Image
"Movies should be like amusement parks. People should go to them to have fun." - Billy Wilder

"Subtitles good. Hollywood bad." - Tarzan, Sight & Sound 2012 voter.

"My films are not slices of life, they are pieces of cake." - Alfred Hitchcock"My great humility is just one of the many reasons that I...

#19 of 63 BrianP

BrianP

    Supporting Actor

  • 601 posts
  • Join Date: Dec 08 1999

Posted October 09 2004 - 07:23 AM

Quote:
Of course, that wouldn't be a true statement either from what I can see. From what was described, it sounds far more like a bug than being hacked. That said, I'd hope they'd eventually email people whose accounts were accessed, but I don't know that it's necessary for everyone to be notified.

Regardless if your account was compromised or not I think DDD should notify all customers about what happened. Every customer has the right to know what happend and to make a decision if they will continue doing business with them.

#20 of 63 Kyle McKnight

Kyle McKnight

    Screenwriter

  • 2,515 posts
  • Join Date: Mar 08 2001

Posted October 09 2004 - 08:26 AM

And btw, all but the last four digits of the credit card numbers are blocked out on your DDD account....at least mine are.
Kyle McKnight





Forum Nav Content I Follow