DVD Pacific: customer credit-card information hacked

Discussion in 'DVD Video' started by Douglas Bailey, Aug 18, 2004.

  1. I just got this e-mail from DVD Pacific:

    ----------------------------------------------------------------------------
    Dear Douglas Bailey,

    Our web site has recently been subjected to various hacking attempts. We
    upgraded our security measures in lieu of this to ensure the personal
    information we hold for you is fully protected. Part of these security
    enhancements have provided us information that led us to believe that some
    data had been compromised by way of a worm on the server. No anti virus or
    spyware was able to detect this but we now have information that contact
    had been made with an IP address outside our network. We attempted to
    capture this information without it leaving the server so as to determine
    exactly what was being transmitted. Unfortunately this worm had some type
    of self detection available and as soon as it realized we had discovered
    it, it self destructed leaving no trace evidence.

    Yesterday the IP addresses we suspected behind this launched a malicious
    code attack on our SQL server and this allowed us to track their IP
    addresses to their source and we have identified ISP¢s in Russia and the
    Ukraine. We have contacted the FBI, Secret Service and filed a full report
    at www.us-cert.gov. Further a report has been filed with FSB.ru. We have
    blocked any possibility of this type of attack being successful but as a
    precaution we have auto updated all member account access passwords and now
    sending you your new temporary password as indicated below.

    Your Login - [snipped]
    New Password - [snipped]

    We would also request that you pay particular attention to your credit card
    statement to ensure that your not subject to any fraudulent transactions
    and if so notify your credit card issuer immediately. We will be providing
    a list of all cards we have on file to each of the credit card issuers so
    as they can also monitor any suspicious activity.

    We will continue to monitor this situation closely as we have been since it
    arose and you can be assured our efforts to provide you with the safest
    shopping environment online will always be of the highest priority.

    If you have any questions in relation to this issue please direct them to


    Regards,
    DVD Pacific Inc.
    Customer Information Support
    www.dvdpacific.com
    www.cdpacific.com
    ----------------------------------------------------------------------------

    I assume this has been sent to all their customers, but figured I'd post it
    here for the benefit of both potential customers and current ones who don't
    get it (those who've changed e-mail addresses without updating DVD
    Pacific's records, etc.).

    doug

    --
    "You know some people need nothing else..."
    --Shriekback
     
    Douglas Bailey, Aug 18, 2004
    #1
    1. Advertising

  2. Douglas Bailey

    robert gray Guest

    I'd love to know what they meant in the second sentence: "We upgraded
    our security measures in lieu of this..."

    Douglas Bailey wrote:
    > I just got this e-mail from DVD Pacific:
    >
    > ----------------------------------------------------------------------------
    > Dear Douglas Bailey,
    >
    > Our web site has recently been subjected to various hacking attempts. We
    > upgraded our security measures in lieu of this to ensure the personal
    > information we hold for you is fully protected. Part of these security
    > enhancements have provided us information that led us to believe that some
    > data had been compromised by way of a worm on the server. No anti virus or
    > spyware was able to detect this but we now have information that contact
    > had been made with an IP address outside our network. We attempted to
    > capture this information without it leaving the server so as to determine
    > exactly what was being transmitted. Unfortunately this worm had some type
    > of self detection available and as soon as it realized we had discovered
    > it, it self destructed leaving no trace evidence.
    >
    > Yesterday the IP addresses we suspected behind this launched a malicious
    > code attack on our SQL server and this allowed us to track their IP
    > addresses to their source and we have identified ISP¢s in Russia and the
    > Ukraine. We have contacted the FBI, Secret Service and filed a full report
    > at www.us-cert.gov. Further a report has been filed with FSB.ru. We have
    > blocked any possibility of this type of attack being successful but as a
    > precaution we have auto updated all member account access passwords and now
    > sending you your new temporary password as indicated below.
    >
    > Your Login - [snipped]
    > New Password - [snipped]
    >
    > We would also request that you pay particular attention to your credit card
    > statement to ensure that your not subject to any fraudulent transactions
    > and if so notify your credit card issuer immediately. We will be providing
    > a list of all cards we have on file to each of the credit card issuers so
    > as they can also monitor any suspicious activity.
    >
    > We will continue to monitor this situation closely as we have been since it
    > arose and you can be assured our efforts to provide you with the safest
    > shopping environment online will always be of the highest priority.
    >
    > If you have any questions in relation to this issue please direct them to
    >
    >
    > Regards,
    > DVD Pacific Inc.
    > Customer Information Support
    > www.dvdpacific.com
    > www.cdpacific.com
    > ----------------------------------------------------------------------------
    >
    > I assume this has been sent to all their customers, but figured I'd post it
    > here for the benefit of both potential customers and current ones who don't
    > get it (those who've changed e-mail addresses without updating DVD
    > Pacific's records, etc.).
    >
    > doug
    >
     
    robert gray, Aug 18, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kapil [MSFT]
    Replies:
    0
    Views:
    445
    kapil [MSFT]
    Sep 28, 2005
  2. Don Leighty

    DVD Pacific customer database breached

    Don Leighty, Aug 18, 2004, in forum: DVD Video
    Replies:
    2
    Views:
    498
    Don Leighty
    Aug 19, 2004
  3. author&producer@prevent_identy_theft.com

    I collect credit card information

    author&producer@prevent_identy_theft.com, Aug 9, 2005, in forum: DVD Video
    Replies:
    3
    Views:
    945
    Dick Sidbury
    Aug 9, 2005
  4. R Green - WoWsat.com

    Re: Credit Card Information

    R Green - WoWsat.com, Aug 30, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    725
    R Green - WoWsat.com
    Aug 30, 2003
  5. JC
    Replies:
    9
    Views:
    388
    Peter Huebner
    Aug 18, 2003
Loading...

Share This Page