CC WARNING!!! TheNerds.net HACKED

[dirtrat]

We quickly learned, from talking to law enforcement authorities and other victims, that the same criminal and his associates had xtorted as much as $4 billion from other companies using similar tactics.

This part I don't believe! What company would be stupid enough to actually pay them anything? I'd just admit to the customers the database was hacked and give them all a $20.00 GC or something. They should track them down and cut off there balls!

 

[OrlandoTiger]

I looked up the other hack mentioned here earlier, I think it was in Oct of last year or so.So it appears they havent had much success tracking him down...

 

[laFiera]

wow...did a search on google for mr zilterio and funny thing is other companies have sent the same letter the nerds sent out...


We quickly learned, from talking to law enforcement authorities
and other victims, that the same criminal and his associates
had extorted as much as $4 billion from other companies using
similar tactics.

¤ We found that they may, in fact, have exploited an obscure and
previously unknown hole in a common commercial software program
we use, one that's supposed to be very secure.

...blah blah...blah...
isnt that plagiarizing?????

 

[RONType1]

bastards... looks like i'll be getting a new CC in 4 days...

 

[ValsalvaYourHeartOut]

Man, this sucks. Of all the places I had to shop at two weeks ago.... talk about bad luck. Maybe this is God's way of smiting me for being an athesist...

...but I guess we all stipulate the inherent risk of compromised CC#'s or fradulent charges when we shop online -- this is something we must accept in order to get better deals. So okay, we have to wait 4 more days before a new card arrives. Saves me money in the meantime.

Valsalva

 

[Emulex]

ya keep this bumped up so nobody buys from these fewlz. Any company that doesn't have the desire/ability to keep up to date security deserves to have a big black mark on their name in this business. Security isn't all that hard, its 99% negligence that causes these companies to get hacked. They don't want to spend the time, or money on it, so they ignore the problem (system security).

The price they pay is their name is forever tarnished. To hell with them I say. There's a 1000 other companies that will take their place once they go under..

 

[Akira13]

I know I created an "e-account" with them a while back, but I didn't order anything (item went OOS before I could). I'm not sure if I gave them my CC info though. I tried calling them this morning, but their line was busy. I suppose lots of other people have the same question. Is there any other good way to find out?

 

[JPSJPS]

Originally posted by: Emulex
ya keep this bumped up so nobody buys from these fewlz. Any company that doesn't have the desire/ability to keep up to date security deserves to have a big black mark on their name in this business. Security isn't all that hard, its 99% negligence that causes these companies to get hacked. They don't want to spend the time, or money on it, so they ignore the problem (system security).

Even a good company might accidently get behind and suffer this kind of problem.
BUT, my main gripe was the "feel good" Email lies that they sent me rather than admitting that they were hacked and our information indeed *WAS* stolen. When I talked to customer service there, I got the same "Ho Hum No Big Deal" attitude.
John

 

[ValsalvaYourHeartOut]

Originally posted by: JPSJPS

Originally posted by: Emulex
ya keep this bumped up so nobody buys from these fewlz. Any company that doesn't have the desire/ability to keep up to date security deserves to have a big black mark on their name in this business. Security isn't all that hard, its 99% negligence that causes these companies to get hacked. They don't want to spend the time, or money on it, so they ignore the problem (system security).

Even a good company might accidently get behind and suffer this kind of problem.
BUT, my main gripe was the "feel good" Email lies that they sent me rather than admitting that they were hacked and our information indeed *WAS* stolen. When I talked to customer service there, I got the same "Ho Hum No Big Deal" attitude.
John

I'm not sure if I agree with some of you who give TheNerds a hard time...it's not like they didn't have any security on their CC database. The problem is that they didn't install a patch that was released by Microsoft one week prior. That's it. How many other companies out there do you think failed to to that??? I bet A LOT!! TheNerds obviously doesn't have the same resources as Amazon.com or Buy.com to have full-time web-admins to vigilantly stay on top of things...you can't expect that from a smaller online company, and you should accept that when you take a higher risk in order to save a little more money.

The actual problem was with the Microsoft software, which had a loophole that was discovered only recently. MICROSOFT did not produce a secure enough software product. That's #1. ...but MICROSOFT should also know that it's not 100% perfect and that it will need to patch security issues from time to time. How come Microsoft didn't have a built-in system like Symantec's Automatic LiveUpdate to automatically dl/install patches? That's #2. Then of course, you have jerks like Mr. What-his-face who hack into a bunch of online companies and demand millions of dollars in exchange for NOT releasing all those CC#'s . Obviously, thenerds can't afford to pay that, so the hacker just e-mails some customers with their CC#'s and freaks them out. Then the customers get pissed and direct their anger toward thenerds. And do you know who wins? the hacker!!! ...because of people like you who place the burden on the company and not on a) Microsoft, b) the hacker, and c) FBI/police who should have busted this guy the first time he did it.

Valsalva

 

[chrisjor]

I have to admit, maybe I am being a little hard on them myself. They were very fast with a response to my nasty email from last night. The reply contained everything I wanted and held a very sincere apology....nobody is perfect. Also, my previous purchase experience with them was very well done, I got a mobo at an excellent price and received it in a timely manner, well packed, with no problems. That is a definite plus with internet companies.

I just cannot believe that they closed for business at 6:00 PM and did not continue answering phones until at least 9:00 PM.

Oh well, I guess if they had an excellent deal I would use a single use credit card number with them.

 

[ChrisADuffy]

Holy CRAP!

 

[Emulex]

well i suppose if they used a *shameless plug* service like in my sig and spent $25/month they would have been alerted to the MS patch the day it came out by scanning their servers on a daily basis.

But then they'd have to raise their prices

Seriously, no excuses for ignorance..

 

[olds]

I bought a Gigabyte GA7DXR from them around October 2001. It died last month and I emailed them for an RMA. They only had a 30 day guarantee so they declined. I RMA'd it to Gigabyte and they sent me a dead one. When I tried to exchange that one Gigabyte ignored me and wouldn't honor the guarantee. I emailed the nerds.net and told them what was going on. They emailed me an RMA number even thought their warranty period had expired. What a great thing to do. I wish all vendors were this easy to deal with.
I thought they would send me another mobo and I would have to sell it here for a loss. Instead they gave me a $155 store credit.

 

[MrCoyote]

I ordered a Gigabyte 7DXR last year too from them. They had fast shipping, and it's still working for me. I would've had no problems ordering from them again, until now.

I just checked, and I still have an account with them and they still have my CC information! I thought the CC info was a one time thing and then erased. They even have my whole shipping address and billing address.

I emailed them yesterday about this, but no response yet. I never received an email from them.

 

[olds]

Originally posted by: MrCoyote
I ordered a Gigabyte 7DXR last year too from them. They had fast shipping, and it's still working for me. I would've had no problems ordering from them again, until now.

I just checked, and I still have an account with them and they still have my CC information! I thought the CC info was a one time thing and then erased. They even have my whole shipping address and billing address.

I emailed them yesterday about this, but no response yet. I never received an email from them.

Where did you find the CC info? I logged into my account to see which card it was and didn't find it.

 

[MrCoyote]

You have to add something to your cart, and then go to the payment screen. It showed the last 4 digits of my number and my shipping information. I sent them an email to delete my whole account from their system. I don't like stuff being stored permanently.

 

[Akira13]

Originally posted by: MrCoyote
You have to add something to your cart, and then go to the payment screen. It showed the last 4 digits of my number and my shipping information. I sent them an email to delete my whole account from their system. I don't like stuff being stored permanently.

So I hope this means that since I don't see my CC info (after I add something to my cart, and try to checkout), I'm safe.

 

[dakata24]

glad im not a customer, and to all you guys/gals that purchased from them, hope nothing bad comes out of this..

but i noticed on their website, they have a little logo picture thing that says:

TheNerds.net Guarantees

Secure Shopping
Secure Checkout
30 Day money back guarantee

does that actually have any substance or are they just saying that?

 

[labgeek]

Originally posted by: JPSJPS

Originally posted by: OrlandoTiger
...
¤ We quickly learned, from talking to law enforcement authorities
and other victims, that the same criminal and his associates
had extorted as much as $4 billion from other companies using
similar tactics.
...

Hmm... $50000 seems to be his going rate according to news stories. $4,000,000,000 so far. He's apparently quite good. That's 80,000 hacks so far. If he's really that good we better just pay him.

And considering I can only find news going back a year or so, that 220 sites a day - each and every day!

 

[olds]

Originally posted by: MrCoyote
You have to add something to your cart, and then go to the payment screen. It showed the last 4 digits of my number and my shipping information. I sent them an email to delete my whole account from their system. I don't like stuff being stored permanently.

Thanks, found it and sent an email too.

 

[JPSJPS]

Said by ValsalvaYourHeartOut:

I'm not sure if I agree with some of you who give TheNerds a hard time...it's not like they didn't have any security on their CC database. The problem is that they didn't install a patch that was released by Microsoft one week prior. That's it. How many other companies out there do you think failed to to that??? I bet A LOT!! TheNerds obviously doesn't have the same resources as Amazon.com or Buy.com to have full-time web-admins to vigilantly stay on top of things...you can't expect that from a smaller online company, and you should accept that when you take a higher risk in order to save a little more money.

The actual problem was with the Microsoft software, which had a loophole that was discovered only recently. MICROSOFT did not produce a secure enough software product. That's #1. ...but MICROSOFT should also know that it's not 100% perfect and that it will need to patch security issues from time to time. How come Microsoft didn't have a built-in system like Symantec's Automatic LiveUpdate to automatically dl/install patches? That's #2. Then of course, you have jerks like Mr. What-his-face who hack into a bunch of online companies and demand millions of dollars in exchange for NOT releasing all those CC#'s . Obviously, thenerds can't afford to pay that, so the hacker just e-mails some customers with their CC#'s and freaks them out. Then the customers get pissed and direct their anger toward thenerds. And do you know who wins? the hacker!!! ...because of people like you who place the burden on the company and not on a) Microsoft, b) the hacker, and c) FBI/police who should have busted this guy the first time he did it.

Valsalva

Here is what happened:
1) TheNerds were informed by many of their customers that a hacker had obtained their full CC Database information; Full name, CC# & exp date, home address & phone number and had, as proof, sent that info to us over non secure Email.
2) Five hours later TheNerds sent an Email to their customers with this opening statement:
"Dear Customer,
TheNerds.net has discovered that a hacker has accessed our computer systems, potentially
including our customer databases. While there is no indication that any customer
information has been compromised..."
And, later in that mail this quote:
"This "Mr. Zilterio" may, if he follows a pattern he's established when attacking other organizations, send you email which claims to present "evidence" that he has access to confidential information, and/or that he was actually trying to "help" TheNerds.Net with its security. Remember how easy it is, online, for people to forge evidence and make it appear to be legitimate."

Now, you state:
"The problem is that they [TheNerds] didn't install a patch that was released by Microsoft one week prior. "
Then you excuse TheNerds and go on to blame *Every One/Thing Else* including me (their customer) for TheNerds' problem!

Valsalva - Your perception of reality and my perception of reality differ a bit!

John

 

[knightc2]

OK. I have never ordered from them, but if they are so concerned about customer saftey, why haven't they posted anything on their web site about this? I realize that they don't want to discourage new customers with a big fat warning, but something would be nice. I think that they could do something to boost their PR a bit. The more I see, the more I think that those one time use numbers are worth it. Good luck to those that got bit by this.

 

[arcas]

Guys, there are two parties at fault here. The first, obviously, is Microsoft for having the software bug. Everybody by now should be well aware that security and system integrity wasn't even on Microsoft's radar screen until recently. It wasn't until the Gartner group recommended that companies stop deploying IIS that Microsoft acknowledged that their software doesn't have a very good security track record and that they were going to try harder. It remains to be seen whether or not this was just a PR gesture...

The second party to blame is the website itself. This blanket statement includes the system architect and the system administrators and their managers. These are the individuals responsible for designing and implementing an e-commerce site that stored customer data in an unsafe fashion. You can't blame Microsoft here....his is just poor system design. They placed trust in their assumption that their software was safe. It wasn't. How many times must sites cough up their data to hackers before the community realizes that it's bad mojo to store sensitive records on machines accessible from the outside?

Had they been more careful...perhaps, heaven forbid, contracted a security architect to analyse their needs and offer solutions...then their customer data would not have been snarfed even if the site had been hacked. Then they could have issued a statement something along the lines of "Due to a flaw in a Microsoft product, a hacker managed to infiltrate our website yesterday. However, due to our security-conscious system design, this hacker was unable to obtain access to the systems containing vital customer data. As a result, your personal information remains safe and secure."

You're never going to have 100% bug-free software. Assuming otherwise is begging for a public relations nightmare later on.

 

[OrlandoTiger]

Valsalva - Your perception of reality and my perception of reality differ a bit!

John

Dont worry John,I think a few others would agree all around.
Valsalva- everyone else just had really bad luck shopping at a site that got owned by this guy...
but you however are more right than you know,you got smote dude!

 

[zxczxc]

My Suntrust bank debit card got hacked once and there were 4 unauthorized charges... the total was $92 and the hacker spent on some porn sites... I contacted my bank as soon as I found out, and I had to fax some claims to their main office. The new debit card was in my mail box in two days and they credited $92 to my account in a week.

I don't know how the hacker got my card. I have dsl router/firewall, zonealarm and norton virus 2002 so I thinik he must have hacked internet sites not my PC. I started to using internet to pay the monthly bills for AT&T long distance and my Voicestream wireless about one month ago my card got hacked. I also had my number saved at newegg.com. Now, I don't use internet billing anymore and I don't save my number at newegg.com