Heads Up for DDD.com Users

[SilentBob]

Hi everyone.

I have come across a recent thread on the IGN Insiders DVD Board that a possible hack might of happened over at DDD.com site. Many users have reported that their log in has brought them under a different user name several times and can read their (possibly your own) personal info including Credit Card numbers. Some people have been able to get into their account after several tries and suggest changing your info just incase orders/personal id theft may occur.

So far i have been lucky with nothing changing in my account but it might be worth a look just in case.

[mtcarmel00]

I'd like to get into my account info to delete all my information. If I can't, would you suggest calling the bank to get new card numbers?

[Wirehed]

Quote:

Originally Posted by mtcarmel00

would you suggest calling the bank to get new card numbers?

Yes. That would be in your best interest.

[NotaNumber]

As far as I recall, the account info doesn't show your full CC number. Right now it only shows the last four digits.

I used to use the Private Payments option that American Express was offering (they discountinued this feature recently) which would generate a temporary CC#, good only until the end of the month. This was a very nice feature, but probably was a headache for AMEX.

I did notice the bottom of the Account Info page states:

Quote:

For security reasons, any changes to your account information require that your credit card number to be updated.

This would prevent somebody from changing the email address (account name) and password and placing orders using your CC#.

Thanks for the heads up.

[Icon769]

I heard about this and tried to log in to change my info, it wouldn't let me. After a few tries I finally was able to log in and it looked like nothing had been messed with. I called my credit card company to ask my card be put on hold, after explaining the situation they thought it would be best to cancel, and send me out a new card. DDD fucked up big time, they still leave the site up knowing that this problem is occuring. I don't know if I'll ever order from them again.

[Dilmo]

I went in last night and changed my billing to "Bill Me". Whole doing so I saw account information on two different people. I agree that they need to shut the damn site down.

[Buffalo Bill]

I thought it was just me and that it was just webtv users. Thursday night I went to DDD 3 times and got 3 different names and secure info for them. Friday night I went to it twice and got called 2 more different names. This time I emailed both of the people from the email addys on their secure page to let them know that DDD is totally fucked up. I called DDD Saturday morning & asked who to talk to about the site not being secure and getting other people's information & was told they were going to shut the site down as they were aware of the problem. Just went there and now my name is Ralph. They obviously haven't fixed it nor is the site shut down for repairs. What a royal fucking mess. Everytime I log out of someone else and log myself in I go to the cart and find something in it not of my doing. They need to do something really fast. This is serious business.

[mtcarmel00]

Quote:

Originally Posted by Buffalo Bill

was told they were going to shut the site down as they were aware of the problem. Just went there and now my name is Ralph. They obviously haven't fixed it nor is the site shut down for repairs.

Good to know they were more concerned with enjoying the weekend than protecting the security of their customers.

[limacharliewhiskey]

Just tried to connect to the website, and got a maintenance page. Looks like they're now at work fixing up their shit.

[Lasvegasscott]

Well if they are fixing it, they aren't doing a very good job about it. I just logged in and all my information has been altered, credit card number, credit card type and expiration date. I removed everything from the site and well had to go ahead and cancel the card.

[limacharliewhiskey]

Well, I just logged into DDD finally, and got in with my correct mailing address and email info. Credit card info seemed to be reset to a generic state, with 0000 as the last 4 digits and an expiration date of 1/04. I switched it to the "Bill Me Later" option.

Don't know if my info was used by anyone else, but I'll keep an eye on my credit card for any unusual activity.

It'll be a long while before I use them again (unless they come up with a 20% off coupon soon ).

[NotaNumber]

Well, I logged in over a dozen times since I first saw this thread and never got anybody else's information.

I'd wager this was a database glitch, with the database returning the wrong records on query. Yeah, it happens, even on Apache running ColdFusion with a SQL backend, especially if the indexing tables get scrambled.

I checked my DeepDiscountCD account too and the CC was cleared out. They probably wiped all the CC numbers as a security precaution.

[SilentBob]

Well my cable modem box crapped oout on me a few days agao and i have been just recently able to get back up and running. It seems the site was hacked into and the person on the IGN Boards that started the thread eventually had someone use his account and try to rack up over $800 in dvd's. Trying to see if anything happened to my account but the log in doesn't seem to really want to log me in. But my banking seems to be ok for my credit card so here's hoping that nothing happened over the past 3 days

[IKEA_boy]

If I recall, DDD allows you to order without entering your credit card number again. That's what made me nervous. I'd suggest checking your statements online and if you see anything suspicious, call your bank or credit card company.

[CCollins]

When I spoke to the DDD.com rep on the phone she said that they just cancelled all the orders from last weekend. I had placed an order, so they gave me a 10% off coupon for my next purchase (for the inconvenience) and reordered what I wanted.