If you had purchased anything from Hobby Search with your credit card before, check your billing statements for any suspicious charges now! The datebase of Hobby Search was hacked in the beginning of the month and the customers’ Credit card numbers, cardholder names, and expiration dates had been stolen.
If you had made any purchase from Hobby Search before, check your billing statements for any suspicious charges now!!!! But I guess most of you are using PayPal, you are fine. Please head over to Hobby Search for more information.
The following information is copied & pasted from Hobby Search.
——Regarding a security breach and stolen customer data——
To Hobby Search customers:
We are writing to let you know of a hacker or hackers that penetrated our computer system and accessed customer data including credit card information.
At the time of writing, we do not know of any of this information being available publicly.
It is important to us that you, the customer, do not experience any monetary damages because of this incident, and have provided the information of all the cards that may have been involved in this incident to each of the credit card companies so that they may monitor the activity on these cards.
If you have any concerns about the security of your card, please contact the card company
(via the number on the back of your credit card).
Also, although we have switched to a more secure credit card transaction system that only stores the last four digits of your card on our databases on July 7, 2010, we have disabled credit card payments indefinitely.
The credit cards involved in this incident are those used in orders prior to July 7, 2010 (a maximum of 23,526 cards)
– Credit card numbers, expiration dates, cardholder names
We do not store personal verification passwords or security codes on our databases, so these have not been accessed.
Again, we have switched to a more secure credit transaction system on July 7 that only stored the last four digits of those cards (3,794 cards) and cannot be abused by a third party.
We are deeply sorry for any inconvenience or concern that this incident may have caused.
<A timeline of events>
October 6 – A system administrator found traces of attacks from Korea and began investigating immediately. That night, we contacted an external security firm to investigate.
October 7 – The external examiners began investigations in the morning. We shut off our systems for emergency maintenance, reinstalled all server operating systems and software, re-examined security settings, and isolated the server.
Logs indicated that customer data had been sent out from our server to the address of an institution in Korea.
We contacted that institution by phone and email about this incident and confirmed that the data had been deleted. We believe that they were used as a proxy.
October 8 – We revised program, network, firewall, and client machine security and implemented an intrusion detection system.
October 12 – We contacted the credit card transaction handler and began discussions about the course of action.
October 20 – The external investigators concluded their investigations and determined which and how much data had been accessed.
October 28 – With the results of the investigation and cooperation of credit card companies, we are ready to handle customer correspondence and have sent out email notifications to the customers that may have been affected.
We deeply regret that this incident has occured, and are continuously examining the security of our systems. We believe that the root of this problem was the lack of security awareness among each and every employee and are making sure this should not happen again.
We will work hard to maintain your confidence in Hobby Search and hope to see your continued patronage.
28 October 2010
<Contacts regarding this inciden>
* Why did this happen?
* What information was stolen?
* Is the site secure?
* What did you do to improve the security of your site?
* Why did it take so long to announce this?
<Regarding Credit Cards>
* How do I replace my credit card?
* How do I know if my credit card number has been stolen?
* What do I do if my number has been stolen?
* Should I replace my credit card?
* Can you replace my card for me?
* I pay my bills using this card. What should I do?
* When will you be accepting credit card payments again?
* What should I do about existing preorders I chose to pay for by credit card?
However, should the transaction fail, these orders will be switched to be paid for by PayPal and we will notify you of this by email.
* Have you caught the attackers?
* Have you contacted the police?
<Contacts regarding this inciden>
Hobby Search Co, Ltd.