WARNING - your Deep Discount DVD are not secure! (1 Viewer)

[BrianP]

It doesn't mean your card is safe. I would delete it immediately. There are reports at DVDTalk of accounts that look like they have had large orders placed with overnight delivery to different addresses other then the address used for the credit card. These are shipments to other states. This doesn't sound good and DDD should close the site down. I don't understand why it is still open when they are aware of this issue.

 

[Michael Douglas]

On DDD, I wish credit card number would be an option to enter every time, like on some other sites, not a requirement in order to just save your account info. :frowning:

 

[CraigF]

Funny, I was commenting in another thread this morning about how certain online sites require further verification when the cardholder address and the ship-to address are different...not everybody does this, but now we can see one of the reasons why some do.

This won't discourage me from DDD though. I use VISA online, and they have that optional security thing that I hate, but I will have to reconsider...

 

[Christoph_G]

Just a warning update:

The problem is NOT fixed over 24 hours later.
I just recieved an email from a kind DDD customer who said he was logged into my account. He even sent me a screen shot, and sure enough, all my account information was right there in the hands of a complete stranger.

I've always really liked DDD, but this is too much.

 

[MikeDE]

I just went there, no problem, logged in and didn't see any added orders. Sent them an email to cancel my account just to be on the safe side.

Mike

 

[Bill Balcziak]

As a customer, I have to wonder about the motives of a company which keeps its eCommerce site up even while it's being compromised.

 

[Harold Wazzu]

Maybe the hackers changed the admin login and password so now DDD has no control of their servers?

What a mess...

 

[MattGentry]

I've been able to log in/out with no problem at all while this entire ordeal has been going on.

I'm not seeing how this is such an amazingly huge problem. After reading posts on DVD Talk, I'm under the assumption that the most information people can garner from the site are the last four digits of your credit card, your name, address, phone number, and email. All that information is already available in one form or another. I'm sure just by a quick search or two you'd be able to find most of that out about me.

From what I understand, they can't change any of that information either. So, the worst they can do is send me a lot of DVD's.

It's a problem, yes. But one that won't stop me from ordering from them...

 

[Marshall W. Carter]

Hmmm, just went to the site, and I'm not seeing anyone's personal info, though I am now a bit apprehensive about logging in. I'm using Mozilla Firefox which seems to generally be a bit more secure than IE.

 

[MattGentry]

Why apprehensive to logging in? There's no proof to indicate that logging in does anything more than, well, log you into your account.

I've logged in and out of my account near thirty times since the "problem" began, and each time have only gotten my own information.

 

[BrianP]

I don't think anyone should be scared about logging into their account. Either it appears you have the problem or you don't. And I have found using different browsers doesn't seem to make a difference. I've tried IE, Avant, Firefox, and Mozilla. I've only been able to access my own account. But I did remove my credit card to prevent any possible unauthorized use.

 

[Marshall W. Carter]

I'm sure to many of these users it would appear that there's no problem, and yet their info is apparently being freely given to random browsers, and even if credit card info isn't freely available, my personal address isn't something I like floating around either. If not for some well-meaning souls, many would be unaware that there was even a problem. What you don't know can hurt you...

Aside from just the paranoia created, I also know that if there's a glitch like this that imposes itself on you, a real hacker could apparently have a field day.

 

[Carl Walker]

I, too, don't like the idea of my address floating around to random browsers. That's why I not only deleted my debit card information (I DON'T USE CREDIT!), I also changed my name and address to fake ones.

If I ever order from them again, I'll change that info back.

 

[ScottHH]

Carl,

I would never use a debt card on line. If someone steals your credit card, you dispute the charges when the bill comes, and you are not out of pocket cash while the dispute is resolved. With a debit card, the money is out of your account first before you even know you've been ripped off. In the end, you'll get your money back, but you might have a lot of bounced checks in the interim.

If you won't use a credit card, I would seriously consider something along the lines of the one-time use card numbers talked about by StephenL earlier in this thread.

I had trouble logging out of ddd, so I deleted the cookie. Just to be safe, I too deleted my personal information from their site.

And I sent them this email:
I read a thread at Home Theater Forum about your site's security being comprimised.
When I went to your site (10:30pm eastern time Sunday night), I couldn't logout. As a precaution, I have deleted my personal information stored on your site.

I would like to continue doing business with you. It would greatly alleviate my fears if you required customers to re-enter their password before filling an order or accessing their personal information (see amazon.com for an example).

Thank you,

 

[Bryan Ri]

Yea so, I can't logout from DDD.com now, even though they sent an e-mail to me saying that my account was cancelled.

I'm scared to death, waht do I do???

 

[Christoph_G]

Delete any DDD cookies and try logging out again

 

[Bryan Ri]

Looks like the problem has stopped for now, but I'm truely disappointed with the company. This happened AFTER they said my account was gone. Absolutely ridiculous.

 

[BrianP]

While I strongly agree with your statement, changing your name and address really doesn't protect you from prying eyes. That information can still be found in your order history, and unfortunately you can't change it or delete it.

 

[Jeff Jacobson]

 

[Paul D G]

- I think people's concerns of their home address showing up is a tad unrealistic. I mean, what's someone going to use it for? Send you junk mail? Target your DVD collection? Your email address is more valuable.

- I removed my CC information as well, but to do so I had to set it to Bill Me Later. I'm not sure if either was a better option. At least with the encrypted CC info there I would be clued in if the charge showed up on my CC statement online. Unless with Bill Me Later I get a bill and they send the items after I've paid.

- I agree that using a Debit card over a Credit card is a bad idea. My Amex card got stolen and Amex called me within a day or two to alert me that someone rang up $2000 of charges at an online casino. The immediately canceled my card and removed the charges (they even read off some recent charges to see if they were mine or not). Now, had that been a debit card I would have found my bank account drained of $2000, probably until the matter was resolved. If I was cutting it close that month I might have gone overdrawn on that account causing all sorts of havoc. As it was, my only inconvenience was sitting on the phone for ten minutes, and activating my new card when it arrived.

Since I only used that particular card once before (we use both green and blue) it was clear where the card number was stolen from - a major car rental place. Not some shady online place.

See http://clarkhoward.com/library/tips/debit_cards.html for more information.

-paul