Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.


Photo

A&B Sound hacked?


  • You cannot start a new topic
  • Please log in to reply
12 replies to this topic

#1 of 13 OFFLINE   Douglas C

Douglas C

    Auditioning



  • 2 posts
  • Join Date: Feb 25 2001

Posted May 18 2001 - 07:57 PM

I don't suppose anyone checked out www.absound.ca (very) early this morning? I did, and to my surprise I didn't find the usual start page - but a complete byte-by-byte dump of their ENTIRE database (several 10's of Mb worth)
including customer credit card details!!

I'm not sure what action (if any) I should take, but I'll certainly be checking my next statement closely for any fraudulent claims.

#2 of 13 OFFLINE   Hakan Powers

Hakan Powers

    Stunt Coordinator



  • 247 posts
  • Join Date: Mar 13 1999

Posted May 19 2001 - 04:32 AM

Yes they have been hacked. I (and many other customers) received this email from them (also up on the site):

[quote]


PRESS RELEASE

During the early morning hours of May 18, 2001, the security on the
web site maintained by A&B Sound Ltd. was breached by unknown
persons. A&B Sound Ltd. has reason to believe that credit card
information belonging to customers who had open, unprocessed orders
on the web site may have been obtained and that unauthorized use of
that information may have occurred.

The web site, www.absound.ca, was immediately shut down by A&B
Sound Ltd. pending an internal and police investigation. A&B Sound
Ltd. has also retained external computer security experts to
assist in the investigation.

A&B Sound Ltd. has emphasized that the security breach is limited
to open, unprocessed on-line orders and that the security of credit
card information belonging to its retail store customers has not
been affected in any way. A&B Sound Ltd.’s on-line orders are dealt
with independently of its retail operations. On-line orders
represent less than 1% of A&B Sound Ltd.’s business.

A&B Sound Ltd. is in the process of notifying all customers whose
credit card security may have been compromised. It is advising
them to immediately report this incident to their credit card
issuer as a precautionary measure.

If you are receiving this email it is because you had an open,
unprocessed order. Anyone who has placed an order from A&B Sound
Ltd.’s web site and has not received the product ordered is
advised to immediately notify their credit card issuer.

Customer inquiries should be forwarded to support@absound.ca.

A&B Sound Ltd. regrets any inconvenience that this matter has
caused its valued customers.


[quote]

I hope this doesn't get ugly, but I do appload A&B for being upfront and honest about what has happened.

------------------
My movies
HTF AFI Top 100 Challenge: 71 70 69 68 films remaining.
Next Up: The Sound of Music
The Price of freedom is eternal vigilance - Thomas Jefferson
My movies
The Price of freedom is eternal vigilance - Thomas Jefferson

#3 of 13 OFFLINE   alan halvorson

alan halvorson

    Screenwriter



  • 2,021 posts
  • Join Date: Oct 02 1998

Posted May 19 2001 - 04:33 AM

A&B Sound has indeed been hacked: If anyone has an open order with them (that's me), you've got problems. I received this e-mail last night:

During the early morning hours of May 18, 2001, the security on the web site maintained by A&B Sound Ltd. was breached by unknown persons. A&B Sound Ltd. has reason to believe that credit card information belonging to customers who had open, unprocessed orders on the web site may have been obtained and that unauthorized use of that information may have occurred.

The web site, www.absound.ca, was immediately shut down by A&B Sound Ltd. pending an internal and police investigation. A&B Sound Ltd. has also retained external computer security experts to assist in the investigation.

A&B Sound Ltd. has emphasized that the security breach is limited to open, unprocessed on-line orders and that the security of credit card information belonging to its retail store customers has not been affected in any way. A&B Sound Ltd.'s on-line orders are dealt with independently of its retail operations. On-line orders represent less than 1% of A&B Sound Ltd.'s business.

A&B Sound Ltd. is in the process of notifying all customers whose credit card security may have been compromised. It is advising them to immediately report this incident to their credit card issuer as a precautionary measure.

If you are receiving this email it is because you had an open, unprocessed order. Anyone who has placed an order from A&B Sound Ltd.'s web site and has not received the product ordered is advised to immediately notify their credit card issuer.

Customer inquiries should be forwarded to support@absound.ca.

A&B Sound Ltd. regrets any inconvenience that this matter has caused its valued customers.


------------------
You Can't Roller Skate In a Buffalo Herd - Roger Miller
They're coming to take me away, ha-haaa!!
They're coming to take me away, ho-ho, hee-hee, ha-haaa To the funny farm. Where life is beautiful all the time and I'll be happy to see those nice young men in their clean white coats and they're coming to take me away, ha-haaa!!!!!
- Napoleon XIV

#4 of 13 OFFLINE   Douglas C

Douglas C

    Auditioning



  • 2 posts
  • Join Date: Feb 25 2001

Posted May 19 2001 - 04:44 AM

A&B are clearly being less than forthcoming in their "press release". I haven't had an "open unprocessed order" with them in over a year, and yet I received their e-mail warning and saw with my own eyes my credit card info displayed on their site. If ANYONE has EVER placed an order with A&B Sound, their credit card information was probably posted. This is pretty scary stuff--I'm cancelling my credit card NOW.

#5 of 13 OFFLINE   alan halvorson

alan halvorson

    Screenwriter



  • 2,021 posts
  • Join Date: Oct 02 1998

Posted May 19 2001 - 06:32 AM

I have just cancelled both my credit cards - I had no idea which one I used - and what a pain, not the cancelling part, but remembering where I've preordered stuff. Not a good experience - a real confidence shaker. I will be more cautious in the future. ------------------ You Can't Roller Skate In a Buffalo Herd - Roger Miller
They're coming to take me away, ha-haaa!!
They're coming to take me away, ho-ho, hee-hee, ha-haaa To the funny farm. Where life is beautiful all the time and I'll be happy to see those nice young men in their clean white coats and they're coming to take me away, ha-haaa!!!!!
- Napoleon XIV

#6 of 13 OFFLINE   Alex Johnson

Alex Johnson

    Stunt Coordinator



  • 84 posts
  • Join Date: Dec 31 1969

Posted May 19 2001 - 10:59 AM

yeah, anyone who has ordered with them in the past should cancel their account. i had to do this last night.

Posted Image

a

------------------
visit neverville

#7 of 13 OFFLINE   Yumbo

Yumbo

    Screenwriter



  • 2,243 posts
  • Join Date: Sep 13 1999

Posted May 19 2001 - 02:02 PM

They cancelled my account a coupel of months ago.
I did not get an email.
The bank doesn't open till tomorrow.

Would my info have been posted too?
Please mail reply.

Thanks.

------------------
Yumbo - IMDVD

#8 of 13 OFFLINE   Ugo Scarlata

Ugo Scarlata

    Stunt Coordinator



  • 113 posts
  • Join Date: Sep 01 2000

Posted May 19 2001 - 03:28 PM

Chris,

Your credit card company should have a toll-free 24 hour hotline to report such incidents. I suggest you contact them immediately. And yes, your information was probably still on file, even though your account had been closed. Posted Image

This breach of security is indeed very disturbing. The cracker apparently gained access to their complete customer database, not just unprocessed orders as their press release would have you believe. And to add insult to injury, the cracker went as far as posting the complete database on the site's main page, for the whole world to see! This means that for several hours on Friday morning, anyone visiting the web site could see a list of tens of thousands of credit card numbers, expiration dates and cardholder names.

A&B Sound has been my preferred etailer ever since Express.com went bankrupt, but I doubt I will ever deal with them again, if they ever manage to get back on their feet. Such a thing could happen to any business, of course, but the nature of this particular crack suggests that there might be more to it than meets the eye...

[ Caution: the following is pure speculation! ]
Based on my previous experiences dealing with network security, I get the feeling that the cracker might have had access to this information for quite some time. This individual could have been blackmailing A&B, threatening to publicly post their complete database unless they complied with his demands. A&B might have ignored these demands, prompting the cracker to make good on his threats.

If that is indeed the case (again, this is pure speculation) A&B would have been aware of this breach in security long before the press release was issued. However, they might have unwisely opted to avoid notifying the authorities, and their customers, until the cracker went ahead and posted the complete database on the site's homepage. At that point, there was obviously nothing left to hide, since thousands of web surfers were greeted by a complete, >750 mb list of credit card numbers when visiting the site.
[ End of speculation. ]

#9 of 13 OFFLINE   Dave N.

Dave N.

    Stunt Coordinator



  • 72 posts
  • Join Date: Mar 12 1999

Posted May 20 2001 - 06:41 AM

Did this info include expiration dates and all our shipping and billing info? Yikes, Dave

#10 of 13 OFFLINE   Ali B

Ali B

    Second Unit



  • 276 posts
  • Join Date: Oct 22 2000

Posted May 21 2001 - 01:50 PM

I think the above post os true. This thread over at the DVD Forums has the file mounting upto 750mb!

ali

#11 of 13 OFFLINE   Don Larson

Don Larson

    Auditioning



  • 3 posts
  • Join Date: Jan 29 1999

Posted May 24 2001 - 06:05 PM

I also got the notice from A&B. I checked my MasterCard posts online for 5/17 thru 5/23. It didn't appear that there were any unauthorized charges. I then called the bank and had them cancel the card immediately and issue me a new one. This is too bad about A&B--they were a price leader. Due to this security breach, I doubt I will do business with them again, even if they survive (which I also doubt will happen). ------------------ Don

#12 of 13 OFFLINE   Jeff

Jeff

    Supporting Actor



  • 950 posts
  • Join Date: Dec 31 1969

Posted May 25 2001 - 03:29 AM

What's the deal with The DVD Forums? You have to register just to read the threads. So I registered and it said my email address is banned!!! HUH!? Jeff

#13 of 13 OFFLINE   Gord Lacey

Gord Lacey

    Screenwriter



  • 2,447 posts
  • Join Date: Jan 03 2001

Posted June 04 2001 - 09:34 AM

A&B Sound is a popular B&M store in Western Canada. They will survive this. I'm actually "happy" this happened because now they may redesign their website. It was the ugliest thing I've ever seen.
Want to see your favorite show on DVD?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users