Monoprice Possibly Hacked - Credit Cards Info Possibly Compromised?

polkatese

drselect wrote: »

Bought some cables from monoprice two weeks ago using my CC... Just got off the phone with my CC company asked me if I stayed in the UK last night told them I was at home. Had several other charges as well that I didn't make. Account has been closed. Might be a coincident but timing seems right and never had this happen to me before.

Wow. It appears that major hacking going on inside Monoprice server. Could it be an insider job?

http://www.dslreports.com/forum/r23922303-Monoprice-Hacked

From their ordering page:
The Monoprice website is unable to accept any orders (which includes order via phone, or livechat) while we correct some problems and perform maintenance.
It may take another week or two for us to have the servers completely back up and running in order for us to take orders from customers.
Truly sorry for any inconvenience it may cause you. Thanks again for your understanding and doing business with us.

hearingimpared

Man I hate hackers. They deserve life in prison.

adam2434

I just got off the phone with my CC card company and I had 4 fraudulent purchases originating from Guiana (totaling around $400, all on the same day).

My last online CC purchase was from Monoprice about 2 weeks ago, so seems like these scumbags got me.

The account # has been cancelled.

That was not a pleasant experience. Never had a call like that - wife said I got pretty pale. Actually, I did not talk to the the caller from the CC company for more than a minute or so - decided to call the CC company directly to discuss details to make sure the the CC call was legit.

polkatese

This can't be good.

It appears to be pretty serious to have the site completely taken off.

Btw, it also appears that PayPal and Google checkout to be the only two methods of payment in the near future.

Hoping for the best outcome on this, after all, they are a good company.

Incident Background: Some of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused.

Our outside investigators have continued to review log files from our Internet-facing servers. They have not found evidence of any successful attempts to penetrate our computer system. Our internal IT staff found some suspicious files on one of our quarantined Web servers while they were reviewing files to build replacement servers.

We have identified the suspicious files to our outside investigators so that they can extract the files from the image of our servers that they made earlier. We asked them to let us know if the suspicious files are significant. We will post more information here about the investigation when we have it.

We are taking steps to re-launch our site early next week. We will not take credit card payments on the site initially but will take payments through PayPal Express and Google Checkout. We will let you know when the site is available. Thank you for your continued support.

For more update, please check our Facebook out.

obieone

I cancelled my debit card last week. Thanks to derrick for posting this.

hearingimpared

It's sickening to think about the amount of lost profits and the financial burden Monoprice has to endure because of these hacker criminals. Not to mention the CC holders who have to go through the hoops of getting their accounts straightend out.

I hope they track them down and throw them in a dungeon for the rest of their live.

mshan242700

If you aren't already aware, Monoprice.com might have been hacked recently: http://www.monoprice.com/home/view_notice.asp

I haven't ordered anything from them since December 21, 2009, and I just found 3 fraudulent charges.

I called my credit card company and had the account closed and am having them send me a new one. I have to fill out paperwork they are going to send about the fraudulent charges, and they will investigate, and (hopefully) give my money back. I called one of the vendors where a fraudulent charge had taken place, and guess what, they told me 3 more (this time unsuccessful) attempts to use the now closed account occurred this morning.

My Monoprice account only has orders after 9/1/09 still accessible, so if you ordered since then, I'd recommend looking through your credit card accounts carefully and decide for yourself whether to close the account and have them issue a new one, or just roll the dice and see what happens...





:mad:

Huck344

Out of curiosity, what vendors was the card used at?

I've been checking my accounts everyday. I've bought from monoprice 3 times since last September. Two times on my debit card and once on my amex. So far, I'm still ok.

ryanjoachim

If you aren't already aware, Monoprice.com might have been hacked recently: http://www.monoprice.com/home/view_notice.asp

If they're reading this thread, then that means they read the thread title. I'm pretty sure everyone in here is aware.

It sucks to see so many people having issues with fraud now, and it sucks even more to see such a great company (Monoprice) have to suffer just as much to plug the leak and repair their corporate image.

This kind of thing can ruin a company if not handled right.

BIZILL

wtf mshan? anyway, good lookin' out, bro.

Polkersince85

What sucks is that closing the card account will ding your credit score. You can't win with this crap.

PhantomOG

Polkersince85 wrote: »

What sucks is that closing the card account will ding your credit score. You can't win with this crap.

Detecting fraud does not mean your account is closed. Your credit card company simply issues you a new account number, your history and credit report will remain unchanged.

If you call up your credit card company and simply say "Please close my account" that's another story. But there's absolutely no need to do that in cases like this.

polkatese

PhantomOG wrote: »

Detecting fraud does not mean your account is closed. Your credit card company simply issues you a new account number, your history and credit report will remain unchanged.

If you call up your credit card company and simply say "Please close my account" that's another story. But there's absolutely no need to do that in cases like this.

Excellent point! Be informed and aware of your rights take away the second guessing.

mshan242700

In early March 2010, we received reports from customers that credit card accounts they used to make purchases through our website had later been used to make fraudulent purchases from other vendors. When we received these reports, we took our website offline and promptly examined our computer network to determine if there were any indications that we had been hacked. We hired computer forensic investigators to help us. We identified suspicious files on one of our web-facing servers and asked the investigators to focus on those files. The investigators determined that thieves had penetrated that server. They determined that the thieves had probably intercepted and copied credit card data as we processed transactions.

Working with the investigators, we have preliminarily determined that thieves may have copied approximately 28,500 sets of card information from customers who shopped on the Monoprice website from February 23 through March 5, 2010. The thieves may also have copied about 6,500 additional sets of card data regarding orders customers canceled after they gave us their card information. We provided the card numbers of the potentially affected accounts to our credit card processor, who will provide the card numbers to the credit card associations. We understand the card associations will notify the banks or other financial institutions that issued the cards about the potentially compromised accounts and the financial institutions will determine what actions to take regarding the accounts.

We hired Kroll Fraud Solutions to send letters to each of the potentially affected customers about the apparent theft. Kroll will offer its ID TheftSmart™ fraud prevention services to those customers at our expense. If your credit card information may have been stolen by the thieves, you will receive a letter from Kroll within approximately one week to 10 days.

Before we put our website back online, we rebuilt our website using new hardware and software and strengthened the security measures we use to safeguard the credit card information. We are continuing to work with a security consultant to ensure that we are taking the appropriate steps to safeguard credit card information.

We truly apologize for any inconvenience and concern the apparent theft of credit card information from Monoprice has caused our customers.

Truly yours,

Jong S. Lee / CEO

http://www.monoprice.com/home/view_notice.asp

rtart

Interesting. I bought something from them yesterday, and was surprised to see that they required me to set up a new password. Kind of a PITA, but now I know why.

BTW, my experiences with Monoprice in the past have been great. They always bent over backwards to make any problem right.

tylerb56

Unfortunately, I was affected by the problem at monoprice. Bought a $2 USB cable a few months ago using my Visa Debit card. Fraudulent charges starting showing up while I was out of the country and not even using the card. Until yesterday, I had no idea what triggered the fraud until I got a letter from monoprice (copied above). Luckily, I discovered the charges early and canceled my card before more damage could be done. My local credit union was also very cooperative. I still plan on using monoprice for purchases, but this time I'm going to use my credit card ($0 fraud liability) and maybe Google Checkout. Some article somewhere detailed the best way to pay online, and in the end, credit card seems to be best. Fraud liability means you can dispute and not worry. Debit card transactions (from your bank account) can be more difficult to resolve when a dispute arises. PayPal... well, I've heard of enough problems with them. I only use that for eBay... In the end, what happened to monoprice can happen anywhere. Surely, their security must be better now...

tx_polkhead

I waited for all the fall out after hearing about the hacking. Placed my order two weeks ago and got delivery last week. I ordered using google check out. should keep me free from those creeps

Hillbilly61

I bought some things from there just right when the purported CC hack occurred. 'been closely monitoring the specific card used since. So far, so good.

reeltrouble1

well they had to cut something to give those great prices on stuff, too bad the crooks found the loopholes, backdoors, what have you in there system.

oh well, they will be fine, hope nobody gets screwed with this here or anywhere for that matter.

RT1

jojomgee

i only use paypal online....was that hacked too

scubalab

Just to let everyone know... I had been following this post back in March, and thought I was out of the woods. I made a purchase from Monoprice on 1/5/2010 - right around the time the 'hack job' happened. Checked our March and April statements and were good. Well, we get a call on May 1st saying there was suspicious activity on one of our cards. We had over $1100.00 in fraudulent charges from Xoom Corporation, Bed Bath & Beyond online, and Flowers for You. Luckily our card company was very proactive and recognized the suspicious charges and had them removed. They are still investigating, but the lesson here is, we're all still not safe with the monoprice issue!!!

If you used a credit card or debit card for purchases at Monoprice in December 2009 or January 2010, I would HIGHLY recommend calling that card and getting a new account number! It will be much easier than doing it AFTER there are fraudulent charges, and much less stressful.

Even though our situation was handled positively, it took many hours, phone calls, and reports to resolve. Do yourselves a favor and cancel the card you used before this happens happens to you. These sleezeballs are STILL using the credit card info they stole from Monoprice...

A last note, Monoprice is a great company offering great cables at unbeatable prices (No, I'm not affiliated...). I will continue to shop there, however will only use the prepaid type cards if I have to make purchases with them!

PhantomOG

scubalab wrote: »

Even though our situation was handled positively, it took many hours, phone calls, and reports to resolve. Do yourselves a favor and cancel the card you used before this happens happens to you. These sleezeballs are STILL using the credit card info they stole from Monoprice...

and what credit card company was that? Just want to make sure I don't have it because that sounds absolutely ridiculous. I've had my credit card company call me when they found fraudulant charges before, phone call lasted a couple minutes and a few days later I had my new card with new account number. No fuss, no muss.

I'd recommend getting a better credit card.

scubalab

PhantomOG wrote: »

and what credit card company was that? Just want to make sure I don't have it because that sounds absolutely ridiculous. I've had my credit card company call me when they found fraudulant charges before, phone call lasted a couple minutes and a few days later I had my new card with new account number. No fuss, no muss.

I'd recommend getting a better credit card.

Bank of America - good card, good service, GREAT rewards... had the card for over 10 years.

Yes, the call itself only lasted a couple minutes, but we do all our bills and travel with that card. There is NO card on the market that will take care of all of the 'secondary' implications that go along with the fraud. We had to update every account that used that card, had to switch temporarily to another card while we waited for the new account to be set up. The online banking was 'locked down' for a couple days too. Had to fill out fraud paperwork to assist in the investigation... Follow up attempts at more fraudulent charges. This is never an easy (fuss-less, muss-less) situation!

I find it VERY hard to believe that one call can make anyone's situation with fraud ALL better. Maybe I'm just cranky today because of the situation, but my post was to help people avoid this and let them know that the accounts are still being stolen from the monoprice issue. There was nothing absolutely ridiculous about what we went through, let alone our fear of it happening again on a larger scale. My previous post was honest, not exaggerated in any way. Just trying to help and forewarn the great members of this community...

polkatese

Thanks for sharing your experience Scubalab. Btw, welcome to CP too. Did you notify monoprice? Since you weren't impacted by the first round of fraud, did you let them know? Were you contacted by BofA prior to the latest incident about your credit card number being potentially compromised? (if you read the cut-and-paste announcement from Monoprice on post #46 above).

I did bought some items back in January using my paypal account. Knock on wood, but it seems to be ok so far.

PhantomOG

scubalab wrote: »

Yes, the call itself only lasted a couple minutes, but we do all our bills and travel with that card. There is NO card on the market that will take care of all of the 'secondary' implications that go along with the fraud. We had to update every account that used that card, had to switch temporarily to another card while we waited for the new account to be set up. The online banking was 'locked down' for a couple days too. Had to fill out fraud paperwork to assist in the investigation... Follow up attempts at more fraudulent charges. This is never an easy (fuss-less, muss-less) situation!

That makes a little more sense. I didn't even think about auto bill pay setups. I didn't plan it out this way, but it just so happens that I do all my banking (checking/savings/bill pay) with Wells Fargo and for some reason that's the one place I *don't* have a credit card with. I may write 1 paper check a year and never use my debit card so my banking accounts are pretty safe. I have credit cards with most other banks, although my primary daily use card is Chase. They were the ones that called me about fraudulant charges (before I noticed them). They called and said they noticed charges in Hollywood that day and thought it seemed odd for my account. I confirmed I hadn't made any purchases in CA at all so they immediately closed the old account number and express mailed me new ones. I think I was without the card for 2 to 3 days tops. Since I didn't have that card setup to pay any bills, it really was no-fuss no-muss for me. I did not have to sign any paper work at all.

scubalab

polkatese wrote: »

Did you notify monoprice? Since you weren't impacted by the first round of fraud, did you let them know? Were you contacted by BofA prior to the latest incident about your credit card number being potentially compromised?

I did not notify Monoprice, but may contact them now. I contacted them about a month or two ago after reading this forum, but they are somewhat difficult to talk with (did it on a 'chat' and I don't believe online chat gets the whole message through the way it's always intended). I was contacted several times by BofA. I have to say that they were very helpful and proactive. They even called my parents (who live in another town, but have the same name...) because an old address they had on file was in their town.

After reading post #46, maybe this didn't originate with Monoprice since my purchase was in January and their press release mentions March transactions being the ones that were at risk. I just can't figure where else it could have happened, we only use this card for hotels (business travel) and monthly bills. But, I guess it could happen anywhere!

Also, thanks for the warm welcomes!

scubalab

PhantomOG wrote: »

That makes a little more sense. I didn't even think about auto bill pay setups. I didn't plan it out this way, but it just so happens that I do all my banking (checking/savings/bill pay) with Wells Fargo and for some reason that's the one place I *don't* have a credit card with. I may write 1 paper check a year and never use my debit card so my banking accounts are pretty safe. I have credit cards with most other banks, although my primary daily use card is Chase. They were the ones that called me about fraudulant charges (before I noticed them). They called and said they noticed charges in Hollywood that day and thought it seemed odd for my account. I confirmed I hadn't made any purchases in CA at all so they immediately closed the old account number and express mailed me new ones. I think I was without the card for 2 to 3 days tops. Since I didn't have that card setup to pay any bills, it really was no-fuss no-muss for me. I did not have to sign any paper work at all.

Glad your issue was fairly easy to resolve! BTW, I didn't mean to get defensive yesterday at your first reply... I was just having a rough day, finally wrapping up this incident, and MORE than likely read your reply wrong!

In our case, I guess it could have been much easier if we didn't use the same card for some of our bill pays, and hadn't been with them so long (and through several address changes)!

Anyway, looks like we're somewhat in the clear now (fingers crossed). Thanks for the replies, tips and advice PhantomOG!

BIZILL

i was affected by this early on. changed my debit card number. but had i not yet, i would per scuba's suggestion.

PerfectCreature

Well, I used my pay-pal instant transfer. I will monitor very carefully for some time now...may even call pay-pal up as well.