WARNING - your Deep Discount DVD are not secure! (1 Viewer)

[Christoph_G]

Well, here's the first word from DDD about the situation.
(posted at DVDtalk 10-11-04 8:11 AM)

 

[Keith M.]

coupons, that might bring us back!!

 

[Bolivar G]

I never experienced the problem once. I could only access my info all weekend long.

 

[Carl Walker]

ScottHH: Thanks for taking the time to reply... I actually have a separate account set up with a VISA Check Card. I transfer cash to this account just before making an online purchase. Typically, it has no more than $10-15 at most in there except right when I make a purchase.

You are correct, though. I certainly would not use the Debit/Check Card for our main checking account in an online transaction.

 

[Dennis Nicholls]

It's 2:33 our time which should be 4:33 Central time, and this is still up on the DDD site.

 

[Christoph_G]

Lastest word from DDD:

 

[Sam Favate]

I will continue using DDD. I've liked their service for years now, and after several earlier online sellers went bust or saw their service deteriorate, I still find DDD reliable, although this incident was regretable. Lets keep an eye out that this doesn't happen again.

 

[James D]

Their site is back up and it is still as screwed up as ever. I have gotten a Hello Monique and a Hello Adam and I am neither of these people. I can't believe that they keep putting their site back up without fully resolving whatever the problem might be. This is inexcusable, IMHO.

 

[Carlo_M]

Just logged on to mine and it greeted me properly. My CC info isn't in my account info page. I don't remember if they used to keep that on file (I only use DDD like twice a year), or if I had to input it every time. If they used to keep it on file, apparently they've cleared out mine, since it isn't on that page anymore...

 

[BrianP]

David Barker the VP of Marketing at DDD said all credit card information was cleared and must be re-entered again. If a credit card was used at DDD it was kept in your account and no option was given to enter it manually with every purchase.

 

[Robert Powers]

They should have sent that email, that Christoph_G posted, to all of their customers because I am sure there are some people that placed orders this weekend that didn't know anything about this problem.

They had another problem similar to this just before they had their last 20% coupon code sale. That problem was that they were testing the coupon codes and some people actually used the coupon codes that they were testing to get the 20% off. I think some people that used the codes got emails from DDD stating that it was only a test, but I think some people actually ended up getting the discount anyway.

A few months ago I was a victim of credit card fraud. It happened just a few days after I placed an order with DDD. I don't know if that is where the person got my credit card number but that was the first thing that I thought at the time.

 

[Jeff D]

Yeah, in the scope of time and space this was "short time" but in the computerized scope which he's talking about this is a HELL of a long time.

I hate to say it, because I love DDD, but I really think someone will get the idea to sue DDD for violation of privacy or something else.

I just hope my info never made it out. My question is this... did the problem only affect people who logged in (I know that's what it says) but, if joe1, jane1, bob1 and dave1 were logged in would that mean that any of the 4 could have access to the other three's accounts OR does it mean that these 4 could have access to ANYONE's accounts? Since it sounds like a caching issue I'd suspect the 4 had access to only the other user's data and not data of joe2, jane2, bob2 and dave2. If this is the case, I'd suggest NOT logging into you account to check anything until they really get this resolved.

 

[Malcolm R]

That's what I was thinking. Hence, I won't be logging in until I'm satisfied that everything is OK.

Those that keep logging in to check or change their account are just asking for trouble, IMO.

 

[MikeAlletto]

Some of you are starting to sound like people did when online shopping first started.

 

[MattGentry]

I know that I, personally, have yet to have a bad experience with Deep Discount DVD. Their prices, for me at least, are far lower than any b&m store I could go to, and lower than most online stores as well, with the exception of a few, more obscure titles.

Their site is back up, as is a now well-known fact. And again, I have yet to encounter a problem with it. I can log in and out just as easily as ever. Over the course of the now near four day "problem," I have logged in and out more times than I probably ever have, doing various checks and tests for my own personal satisfaction. Each time, my visit was fine. No seeing other people's information. No changes to my account. No orders made. Nothing.

The people who are in charge of DDD are making an effort to right these problems. Surely we can appreciate that.

I will continue to use DDD for almost my entire purchasing of DVD's. Thank you, and please... Have a pleasant day.

 

[Greg Madsen]

They Just sent me a coupon for 10% off any order.

"Dear xxxxxxxxx

RE: Order ID# xxxxxxx

We are writing to inform you of the problem experienced with our
website this past weekend.

Maintenance was performed on the DeepDiscountDVD website beginning at
4:00 P.M. C.S.T. on Friday October 8th, 2004 and continuing through
10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was
intended to cache certain web pages and images to allow faster access by our
customers. Unfortunately, this maintenance inadvertently resulted in
certain limited customer information becoming accessible by other
customers upon login by those customers. The accessible information generally
included customer name, address, shipping information and order
history. Credit card and debit card data is obscured on the account
information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER
COMPROMISED. Insofar as your credit/debit card information was always
protected, it is not necessary to notify your card provider or to cancel your
card.

Unfortunately, we have discovered that in some cases customers that
logged in during the maintenance period may have been able to actually
place an order on another customer's account. Again, we reiterate that
there was never any ability to access or copy credit or debit card data.
In other cases, customers may have updated and corrected their account
information and placed legitimate orders. Unfortunately, our system
cannot distinguish between these two situations. To that end, we feel that
we must cancel all DeepDiscountDVD orders received during the
maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8,
2004 through Monday, October 11 at 10:00 A.M. C.S.T. This includes your
order referenced above.

If this order was legitimately placed by you it will need to be placed
again. We truly apologize for the inconvenience. Please accept the
coupon below for 10% off your replacement order for any inconvenience this
may have caused you.

On behalf of the entire company we sincerely apologize for this
problem. Your patronage is very important to us. Although problems of this
nature sometimes arise in every company, you can be assured that we will
establish procedures to minimize disruptions of this type and work hard
to develop improved internal controls that will allow us to respond
faster when we need to.

Once more, please accept our sincere apology.

Sincerely,

DeepDiscountDVD.com


Coupon code: xxxxxxxx
This coupon is for 10% off of any order at DeepDiscountDVD.com. It is a
single-use coupon valid until 10/26/04"

 

[Qui-Gon John]

Bummer, I got an email from them too, but it didn't contain a coupon code.

 

[Lane F.]

So if the credit card info was never compromised, why clear out all the credit card info from the system?

 

[nolesrule]

To alleviate the unwarranted fears of the people who are paranoid about their credit card information being stolen.

 

[Qui-Gon John]

Lane, the thing is, it's an extra preventative measure. If somehow someone was able to exploit this, they wouldn't be able to place new orders against the old CC info. That was a good step, IMHO.