If you bought from Monoprice.com (hacked?), check your credit cards!!! - Page 3

I'm pretty sure they did, but I'm not about to go order something else to check. Actually I couldn't anyway since they aren't accepting credit card orders now. A lot of places I order from do store CC info, but I never select that option, for obvious reasons.

I already filled out and faxed back the fraud forms today and they said I should receive the money back within 3 days. I'll consider myself lucky if I see it in 5 - 7 days.

My bank has always called me to verify purchases if the amount was over $800, so they wouldn't have been able to charge more than that anyway. Luckily it was only $89.90, but you can imagine how furious I was when I saw those charges. I'd tell you the names of the websites CCBill told me they were for, but it would do no good since this forum would censor them anyway.

And still no reply from Monoprice.com, those jerks.

The fun thing is that most people (even if he/they used their own IP address) use Dynamic IP and not Static, so you most likely DDOS another guy who has nothing to do with the stealing and was just unlucky.

Let's be honest here. They don't know for sure if they've been compromised yet, they're just being cautious at this point. Most companies would try to cover this incident up and Monoprice instead chose to close their business for several days while an independent auditor looked through their logs- all without knowing if there really was a data breach or not. They even took the time to format and reinstall all of their servers which is expensive and time-consuming.

Yes, they should have deleted your information after the order was complete, and that was a failure on their part. Credit card numbers are often encrypted before even temporary storage but an attacker with root or admin access would have access to the key.

As far as the emails go, do realize that they are committing massive time and resources to sort this out. They're probably being flooded by emails right now asking questions that they don't have answers to as of yet.

Now if they do determine that credit card info was indeed stolen and they do not notify their customers- that would be a problem.

Edit: I have, of course, spent the 5 minutes on the phone to report the card as stolen.

First of all, I'd like to say that my bank returned my stolen money, even though it should have been returned by Monoprice.com or the billing company.

But I thought you'd all like to see the wonderful response Monoprice.com sent me in regards to my concern over how my credit card was stolen. First let's start with the e-mail I sent them:

I was recently informed on an audio site that Monoprice.com was hacked into a credit card information was stolen. Today I looked on my credit card statement and I have two charges, one for $59.95 and one for $29.95 for two **** websites. I have called the billing company but there is nothing they can do since the card was used with all my correct information, except my e-mail address which was fake.

Since this happened on your server, I demand to be reimbursed for these charges. I recently placed two orders for cables from you a few weeks ago. I also demand that all my information is removed from your system and that someone contact me immediately to have my money returned to me.

Regards,
Philip XXXXXXX

Now their response:

Dear Philip XXXXXXX,

My name is Vince Im, Customer Support Dept. Manager at MonoPrice.com. We recently received an email from you regarding Complaint. Our goal is to provide you with the best possible service. Please kindly help us serve you and others better by taking a few minutes to answer the questions. Please click on the link below to take a brief survey in regards to your experience with our company.

Link to view a survey

Your prompt response will be appreciated. Thank you so much for your great support.

Regards,

Customer Support Dept.
Vince Im
Monoprice, Inc.
Tel. 909-989-6887

And here's what I sent back, obviously in anger:

Why the heck would you send me a survey?
I told you that my credit card information was stolen from your website, WHICH YOU WERE NOT EVEN SUPPOSED TO KEEP ON FILE, and you owe me $90 for REIMBURSEMENT.
I EXPECT THIS MATTER TO BE DISCUSSED.

I will never use Monoprice again. F*** them.

Wow, screw them. Don't think I'm affected as I paid with Paypal each time and there's no info really stored for that that I know of.

Dear Monoprice.com,

WAAAAAAAAA

Sincerely,
IpodPJ

Oh yes, Bob, I'm sure you'd love to have your CC info stolen and charges rang up. Don't be a putz.

Lol.

This made me laugh. I'm still chuckling 10 minutes later as I write this.

On a serious note, sorry to see that folks have been getting ripped off because of this. I make it a point to use paypal when an online vendor offers it....not to be safe, but instead because I'm lazy and don't want to enter my information.

IpodPJ...I've had my identity stolen in the past. Be thankful this was for only $90 and relatively contained. I know it sucks, but it could be a lot worse. It's good you got your money back regardless of where it came from.

My card company called me yesterday to ask about $8000 in charges that didn't match my usual. I had used that card on monoprice in late Feb, early March sometime so I am assuming that it was stolen from there. Honestly though it could have really been from any website out there that I have used. Either way Discover is taking care of all of it, which is the nice part about using a credit card.

EDIT: Just saw this on the monoprice site:

Notice

Information Regarding Apparent Theft of Credit Card Information from Monoprice
(Last updated: March 31, 2010 8:20PM PT)

In early March 2010, we received reports from customers that credit card accounts they used to make purchases through our website had later been used to make fraudulent purchases from other vendors. When we received these reports, we took our website offline and promptly examined our computer network to determine if there were any indications that we had been hacked. We hired computer forensic investigators to help us. We identified suspicious files on one of our web-facing servers and asked the investigators to focus on those files. The investigators determined that thieves had penetrated that server. They determined that the thieves had probably intercepted and copied credit card data as we processed transactions.

Working with the investigators, we have preliminarily determined that thieves may have copied approximately 28,500 sets of card information from customers who shopped on the Monoprice website from February 23 through March 5, 2010. The thieves may also have copied about 6,500 additional sets of card data regarding orders customers canceled after they gave us their card information. We provided the card numbers of the potentially affected accounts to our credit card processor, who will provide the card numbers to the credit card associations. We understand the card associations will notify the banks or other financial institutions that issued the cards about the potentially compromised accounts and the financial institutions will determine what actions to take regarding the accounts.

We hired Kroll Fraud Solutions to send letters to each of the potentially affected customers about the apparent theft. Kroll will offer its ID TheftSmart™ fraud prevention services to those customers at our expense. If your credit card information may have been stolen by the thieves, you will receive a letter from Kroll within approximately one week to 10 days.

Before we put our website back online, we rebuilt our website using new hardware and software and strengthened the security measures we use to safeguard the credit card information. We are continuing to work with a security consultant to ensure that we are taking the appropriate steps to safeguard credit card information.

We truly apologize for any inconvenience and concern the apparent theft of credit card information from Monoprice has caused our customers.

Truly yours,

Ahh Well, My last order from them was in December so I guess I was in the clear. A new debit card is already on its way to me.