If you had purchased anything from Hobby Search with your credit card before, check your billing statements for any suspicious charges now! The datebase of Hobby Search was hacked in the beginning of the month and the customers’ Credit card numbers, cardholder names, and expiration dates had been stolen.
If you had made any purchase from Hobby Search before, check your billing statements for any suspicious charges now!!!! But I guess most of you are using PayPal, you are fine. Please head over to Hobby Search for more information.
The following information is copied & pasted from Hobby Search.
——Regarding a security breach and stolen customer data—— To Hobby Search customers: We are writing to let you know of a hacker or hackers that penetrated our computer system and accessed customer data including credit card information. At the time of writing, we do not know of any of this information being available publicly. It is important to us that you, the customer, do not experience any monetary damages because of this incident, and have provided the information of all the cards that may have been involved in this incident to each of the credit card companies so that they may monitor the activity on these cards. If you have any concerns about the security of your card, please contact the card company (via the number on the back of your credit card). Also, although we have switched to a more secure credit card transaction system that only stores the last four digits of your card on our databases on July 7, 2010, we have disabled credit card payments indefinitely. The credit cards involved in this incident are those used in orders prior to July 7, 2010 (a maximum of 23,526 cards) – Credit card numbers, expiration dates, cardholder names We do not store personal verification passwords or security codes on our databases, so these have not been accessed. Again, we have switched to a more secure credit transaction system on July 7 that only stored the last four digits of those cards (3,794 cards) and cannot be abused by a third party. We are deeply sorry for any inconvenience or concern that this incident may have caused. <A timeline of events>October 6 – A system administrator found traces of attacks from Korea and began investigating immediately. That night, we contacted an external security firm to investigate. October 7 – The external examiners began investigations in the morning. We shut off our systems for emergency maintenance, reinstalled all server operating systems and software, re-examined security settings, and isolated the server. Logs indicated that customer data had been sent out from our server to the address of an institution in Korea. We contacted that institution by phone and email about this incident and confirmed that the data had been deleted. We believe that they were used as a proxy. October 8 – We revised program, network, firewall, and client machine security and implemented an intrusion detection system. October 12 – We contacted the credit card transaction handler and began discussions about the course of action. October 20 – The external investigators concluded their investigations and determined which and how much data had been accessed. October 28 – With the results of the investigation and cooperation of credit card companies, we are ready to handle customer correspondence and have sent out email notifications to the customers that may have been affected. We deeply regret that this incident has occured, and are continuously examining the security of our systems. We believe that the root of this problem was the lack of security awareness among each and every employee and are making sure this should not happen again. We will work hard to maintain your confidence in Hobby Search and hope to see your continued patronage. 28 October 2010 <Contacts regarding this inciden> |
——Customer Q&A—— * Why did this happen? * What information was stolen? * Is the site secure? * What did you do to improve the security of your site? * Why did it take so long to announce this? <Regarding Credit Cards>* How do I replace my credit card? * How do I know if my credit card number has been stolen? * What do I do if my number has been stolen? * Should I replace my credit card? * Can you replace my card for me? * I pay my bills using this card. What should I do? * When will you be accepting credit card payments again? * What should I do about existing preorders I chose to pay for by credit card? However, should the transaction fail, these orders will be switched to be paid for by PayPal and we will notify you of this by email. <Miscellaneous>* Have you caught the attackers? * Have you contacted the police? <Contacts regarding this inciden>Hobby Search Co, Ltd. |
Thank god I never use credit card on HS. I only use Paypal for my figure shopping! But I got a friend who used credit card on HS before… I should tell him what happened…. D:
That really sucks, but the sigh of relief I got when I realized I only ordered something after July 7th. o_O
Aha! This explains why they suddenly stopped taking credit cards. I had a Diablous Inclinatus figure on pre-order with them by credit card(which you can’t pay for via Paypal), and I contacted them this week to see if I needed to cancel since I wouldn’t be allowed to pay for it with their only available option. They said to wait until December when it ships to see if anything changes.
I use debit card to make payment to them before…i wonder will i have the same risk too or not
Yes, you are at the same risk. Instead of charging x amount on a credit card to be paid off later, in your case a thief would tap your checking and/or savings account until it hit zero. If you have overdraft protection, then your bank will not only pay the balance, putting you in negative territory (you owe the bank money) but you will also be charged an overdraft fee.
Many times your bank or card holder monitors transactions and they will block your card from all use if they see unusual spending going on.
i feel soo happy that i use pay pal right now..
Even if you are on paypal, do double check things. We don’t know what really happened.
ROFL. great pic for the headline! 😀
I’m loving that pic for some reason LOL
Luckily I never used CC for HS. :p
Sucks big time. I thought they were better than that…
To Visa and MAsterCard holders, please enable youre securecode password
its the 3rd level security after the 3digit no. behind your cards
wow, that sucks. i used a CC so i guess i’ll check my statements for any changes. i actually canceled the card i used on that site recently so i’ll see if i’m affected or not.
This is a really big problem. HS should’ve sent out emails to inform their customers. If I hadn’t read it here, I wouldn’t have even known they were hacked.
Thanks for the imformation,GGT.
I use credit card to preorder things on HS but haven pay for it,am i affected?
You will only be affected if you paid before July 7, 2010.
This explains why my CC called and left messages on EVERY phone number I have listed with them.
The thieves used a series of letters or numbers instead of fake company names which always throws up a huge red flag.
The only downside was that my card was canceled and I had to wait for a week and a half to get a new one.
That sux. But it’s good to know that your CC found it out! How much did the thieves steal from you?
is it safe to buy with them with paypal??