v.2.163 rev.5
main page
russian english
Blog spot » Glory »

Figure News: Hobby Search got hacked! Check your credit card!

Figure News: Hobby Search got hacked! Check your credit card!
29 Oct 2010 09:07:30

If you are a customer of Hobby Search and had ever paid for anything with your credit card, check your billing statements for any suspicious charges !!!

Всем, кто оплачивает покупки на Hobby Search кредитной картой (не пейпел): проверьте ваши денежки. У Hobby Search'a взломали базу данных и украли платежную информацию: номера кредиток и имена их владельцев.

All Hobby Search customers have probably already received such an optimistic e-mail:

We are writing to let you know of a hacker or hackers that
penetrated our computer system and accessed customer data including
credit card information.

At the time of writing, we do not know of any of this information
being available publicly. It is important to us that you, the
customer, do not experience any monetary damages because of this
incident, and have provided the information of all the cards that
may have been involved in this incident to each of the credit card
companies so that they may monitor the activity on these cards.
If you have any concerns about the security of your card, please
contact the card company (via the number on the back of your credit
card).

Also, although we have switched to a more secure credit card
transaction system that only stores the last four digits of your
card on our databases on July 7, 2010, we have disabled credit card
payments indefinitely.

The credit cards involved in this incident are those used in orders
prior to July 7, 2010 (a maximum of 23,526 cards), and we are
notifying those affected with this email.

<The information that may have been accessed>
- Credit card numbers, expiration dates, cardholder names

We do not store personal verification passwords or security codes on
our databases, so these have not been accessed.
Again, we have switched to a more secure credit transaction system
on July 7 that only stored the last four digits of those cards and
cannot be abused by a third party.
We are deeply sorry for any inconvenience or concern that this
incident may have caused.

<A timeline of events>
October 6 - A system administrator found traces of attacks from
Korea and began investigating immediately. That night, we contacted
an external security firm to investigate.

October 7 - The external examiners began investigations in the
morning. We shut off our systems for emergency maintenance,
reinstalled all server operating systems and software, re-examined
security settings, and isolated the server.
Logs indicated that customer data had been sent out from our server
to the address of an institution in Korea.
We contacted that institution by phone and email about this incident
and confirmed that the data had been deleted. We believe that they
were used as a proxy.

October 8 - We revised program, network, firewall, and client
machine security and implemented an intrusion detection system.

October 12 - We contacted the credit card transaction handler and
began discussions about the course of action.

October 20 - The external investigators concluded their
investigations and determined which and how much data had been
ccessed.

October 28 - With the results of the investigation and cooperation
of credit card companies, we are ready to handle customer
correspondence and have sent out email notifications to the
customers that may have been affected.

The attackers took advantage of a security hole in our computer
systems.
We have not determined who they are, but have found the attacks to
be originating from an educational institution in Korea. We have
contacted this institution and requested they determine who the
attackers are and that they secure the data stolen.

We deeply regret that this incident has occured, and are
continuously examining the security of our systems. We believe that
the root of this problem was the lack of security awareness among
each and every employee and are making sure this should not happen
again.
We will work hard to maintain your confidence in Hobby Search and
hope to see your continued patronage.

Sincerely,
Toshiyuki Suzuki
President
Hobby Search


There is also some kind of FAQ here: http://www.1999.co.jp/info_card_qa_e.html

My family, we have one card registered on Hobby Search. We checked it this morning and found nothing suspicious. I really hope no one will be offended in this accident. Still, very unpleasant.
Spy 11 1 125 | add a comment
User's rating: 7 (7) No votes.
Like it?
Yes: 7
No: 0
Share it with
mu597
mu597 (USA)
29 Oct 2010, 17:36:54
0 (0)
Like this comment?
I've only used paypal through them does that mean I'm safe?
Viridia
Viridia (USA)
29 Oct 2010, 22:06:28
1 (1)
Like this comment?
Paying with paypal alone should be fine. My recent transactions with them was with paypal too, but I have used a debit card with them in the past.

I changed my debit card number the next day, so I think or (at least hope) I'm alright.
Eld
Eld (Canada)
30 Oct 2010, 16:36:52
1 (1)
Like this comment?
Checked, no suspicious activity so far...but then it's been more than a year since I used their system.
Nessuno può emendarsi dal peccato che scorre nelle vene
No one can escape the sin that flows in their veins
Eiji
Eiji (Singapore)
31 Oct 2010, 20:02:57
0 (0)
Like this comment?
i only start using hobby search on aug i guess im safe

Only registered users can post comments.
Please log in with your username and password or with the help of other services:

You can also create new account by filling out the form.

Author
Shelf Profile Figures Anime Blog Photos Activity Feedback
Send PM