DVD Pacific: customer credit-card information hacked

I just got this e-mail from DVD Pacific:

----------------------------------------------------------------------------
Dear Douglas Bailey,

Our web site has recently been subjected to various hacking attempts. We
upgraded our security measures in lieu of this to ensure the personal
information we hold for you is fully protected. Part of these security
enhancements have provided us information that led us to believe that some
data had been compromised by way of a worm on the server. No anti virus or
spyware was able to detect this but we now have information that contact
had been made with an IP address outside our network. We attempted to
capture this information without it leaving the server so as to determine
exactly what was being transmitted. Unfortunately this worm had some type
of self detection available and as soon as it realized we had discovered
it, it self destructed leaving no trace evidence.

Yesterday the IP addresses we suspected behind this launched a malicious
code attack on our SQL server and this allowed us to track their IP
addresses to their source and we have identified ISP¢s in Russia and the
Ukraine. We have contacted the FBI, Secret Service and filed a full report
at www.us-cert.gov. Further a report has been filed with FSB.ru. We have
blocked any possibility of this type of attack being successful but as a
precaution we have auto updated all member account access passwords and now
sending you your new temporary password as indicated below.

Your Login - [snipped]
New Password - [snipped]

We would also request that you pay particular attention to your credit card
statement to ensure that your not subject to any fraudulent transactions
and if so notify your credit card issuer immediately. We will be providing
a list of all cards we have on file to each of the credit card issuers so
as they can also monitor any suspicious activity.

We will continue to monitor this situation closely as we have been since it
arose and you can be assured our efforts to provide you with the safest
shopping environment online will always be of the highest priority.

If you have any questions in relation to this issue please direct them to


Regards,
DVD Pacific Inc.
Customer Information Support
www.dvdpacific.com
www.cdpacific.com
----------------------------------------------------------------------------

I assume this has been sent to all their customers, but figured I'd post it
here for the benefit of both potential customers and current ones who don't
get it (those who've changed e-mail addresses without updating DVD
Pacific's records, etc.).

doug

--
"You know some people need nothing else..."
--Shriekback

Douglas Bailey

I'd love to know what they meant in the second sentence: "We upgraded
our security measures in lieu of this..."

Douglas Bailey wrote:
> I just got this e-mail from DVD Pacific:
>
> ----------------------------------------------------------------------------
> Dear Douglas Bailey,
>
> Our web site has recently been subjected to various hacking attempts. We
> upgraded our security measures in lieu of this to ensure the personal
> information we hold for you is fully protected. Part of these security
> enhancements have provided us information that led us to believe that some
> data had been compromised by way of a worm on the server. No anti virus or
> spyware was able to detect this but we now have information that contact
> had been made with an IP address outside our network. We attempted to
> capture this information without it leaving the server so as to determine
> exactly what was being transmitted. Unfortunately this worm had some type
> of self detection available and as soon as it realized we had discovered
> it, it self destructed leaving no trace evidence.
>
> Yesterday the IP addresses we suspected behind this launched a malicious
> code attack on our SQL server and this allowed us to track their IP
> addresses to their source and we have identified ISP¢s in Russia and the
> Ukraine. We have contacted the FBI, Secret Service and filed a full report
> at www.us-cert.gov. Further a report has been filed with FSB.ru. We have
> blocked any possibility of this type of attack being successful but as a
> precaution we have auto updated all member account access passwords and now
> sending you your new temporary password as indicated below.
>
> Your Login - [snipped]
> New Password - [snipped]
>
> We would also request that you pay particular attention to your credit card
> statement to ensure that your not subject to any fraudulent transactions
> and if so notify your credit card issuer immediately. We will be providing
> a list of all cards we have on file to each of the credit card issuers so
> as they can also monitor any suspicious activity.
>
> We will continue to monitor this situation closely as we have been since it
> arose and you can be assured our efforts to provide you with the safest
> shopping environment online will always be of the highest priority.
>
> If you have any questions in relation to this issue please direct them to
>
>
> Regards,
> DVD Pacific Inc.
> Customer Information Support
> www.dvdpacific.com
> www.cdpacific.com
> ----------------------------------------------------------------------------
>
> I assume this has been sent to all their customers, but figured I'd post it
> here for the benefit of both potential customers and current ones who don't
> get it (those who've changed e-mail addresses without updating DVD
> Pacific's records, etc.).
>
> doug
>

robert gray