Separate names with a comma.
Discussion in 'Bargains and Deals' started by Tony J Case, Oct 9, 2004.
Since this was pretty well summed up, I'll just copy and paste it here:
My god, this is true. I just went to the website and wasn't even logged in. I clicked LOGIN and without prompting me for password or anything, it said "Hello Kevin" and I could also see this other persons details. I'll bet their site was hacked.
Yeah, I'm apparently Kevin too. I'm not logging in until this gets fixed, because I'm really not interested in having everyone be "Christopher".
Holy crap, I was able to do it as well. If I had an account there I'd be cancelling my credit card that I had filed with them for sure.
This seems to be fixed now - the log-in screen asks me for information to proceed. I'm using Safari on a Mac, if that makes a difference.
It's not fixed. I just went there (I've never been there before, I've never used this place), and hit the login button. "Welcome back David", along with all his info and his password already typed in, etc. Bad, bad news for people who do use that site.
Thanks for the warning, Tony. A site I will NEVER allow to tempt me!
Damn, I just tried aswell and was able to get into some poor fellow named James' account from Virginia. I tried again and got the account of "DDD Sux". As a customer of DDD, I have sent them a furious email. Hopefully they take the site down now until the problem is fixed!
Yah, I'm Neil & David so far. OH and get this, now I'm "Hello Compromised by DDD" AND "DDD Sux". I'm sure someone has thought of calling them, but just in case, I'm on hold right now.
OK. They said they are aware of it, couldn't offer an explanation, and are in the process of shutting the site down right now. It seems a lot of people have called, the first thing the lady said when coming on the line was "Thank you for calling DDD, are you calling about the website?"
I just went there and it is prompting me for login information. I haven't logged in, but at least it isn't giving me someone else's name!
What's great about that site though, is the integrity of the people running it. They now have the following message there: No, warning that we've been hacked, no "make sure your credit card info hasn't been compromised", simply a misleading statement to those who don't know about it. Seems like a really bone-headed move to me. Which would you trust more? A site that's been hacked and is up-front about it, or a site that tries to hide from their customers the fact that their credit card info might have been stolen. It's not like the other customers aren't going to find out about this, and they're going to be a lot more pissed about being lied to than anything else.
I use a credit card with software that generates a unique credit card number for each online transaction. The number on my credit card is never revealed. You can use a web-based service or install PC software. Discover Card has a service called Deskshop: http://www.discovercard.com/deskshop/ MBNA has a service called Shopsafe for Visa and Mastercard: http://www.mbna.com/creditcards/index.html
Site was down for me at this moment - all I got was an Error Occurred While Processing Request message.
I believe this may be the second time for them.
Once about a year ago my bank called me telling me they had cancelled and reissued my card with a new number on an advisory.
They would not say WHO it was , but I immediately suspected DDD as they were about the only web site I dealt with on that card.
Of course, that wouldn't be a true statement either from what I can see. From what was described, it sounds far more like a bug than being hacked. That said, I'd hope they'd eventually email people whose accounts were accessed, but I don't know that it's necessary for everyone to be notified.
I'm willing to bet things like this happen to various websites over the course of their being online. Sometimes, such as in this case, we find out about it. Others, I'm sure, we don't find out about and as such, don't worry about. Without someone posting this info, most people wouldn't be aware of it. The site itself is a great site. For me, the process of buying it there is quite a good deal cheaper than me driving nearly 40 minutes to the closest store, buying it (usually a dollar or two more than the site, as well as paying tax on top of that extra dollar), etc. So, price, tax, gas, time all factored in, I usually pay about five dollars more than buying it online. Their customer service has always been top-notch when I've dealt with them, and as such, I've been led to believe they are a good site. One problem such as this will not lead me to stop buying from them...
Is it OK if I order a bunch of stuff with your info if I go there and it says "Welcome Back Matt"?
Regardless if your account was compromised or not I think DDD should notify all customers about what happened. Every customer has the right to know what happend and to make a decision if they will continue doing business with them.
And btw, all but the last four digits of the credit card numbers are blocked out on your DDD account....at least mine are.