Check your CC statement. Egghead.com hacked!!!

[wjones]

Mod, please don't lock.

http://www.zdnet.com/zdnn/stories/news/0,4586,2668562,00.html

An intruder may have poached the online electronics and computer retailer's database of 3.7 million customers, including credit card information. The FBI and security experts are on the case.

You can find more links about the news here:
http://dailynews.yahoo.com/h/nm/20001222/wr/retail_egghead_dc_1.html

 

[KameLeon]

I even called those bastards few months ago telling them not to store my credit card info in their database, and I would enter it everytime i order. But they said they can't do that..because that's how their system works. F*#k!!!!!! Now look what happened..I just hope mine wasn't in there..since I used my main bank account card with all my money in it.

 

[stso]

damn, I'm glad that I have never shop there :Q

 

[WoundedWallet]

Well this may be too late for this case but I'm sure there will be more hacks in the future, so here is my advice when doing business with stores that insist on keeping all your info.

After you make a purchase, and receive the product, go back to the store and change all your info.

I usually change everything. Name, phone, email, cc#... For the credit card number, some stores will give you a hard time if you just say 00000000... , so for these ones make sure you change the expiration date(to expire in the current month) and then try to fiddle with your own numbers. As long as you don't try to purchase something with that card number I don't think there is anything criminal about that.

That will help also for stores like Amazon.com that reserves the right to give your info to third parties. I'm thinking about finding out the email addresses of some senators or company's CEOs and placing it there. If nothing else, at least someone else besides me will get upset with this crap.

BTW, luke me I never shoped at egghead

 

[abovewood]

I got hit by a $10.24 charge from "GLOBAL TELECOM MOSCOW RUS".
I am not sure it has anything to do with Egghead. My borther never shopped at Egghead, and he got the same BS charge.

Citi Bank requires some kinds of proof a 3rd party for the paperwork. Does anyone have experience with handling dispute/fraud on a Citi Bank CC?

 

[narzy]

My advice to all of you, if you have ever shopped at egghead.com call your credit card company and get your credit card number changed (aka. close the account and open a new one) also use 1 card and dedicate it to ONLY online purches its alot easier to track fraud that way. aswell DEMAND that Credit Card Info NOT be stored on an E-tailers database if they do store your CC info I suggest you dont shop their and make it clear to them that you will not shop there until the practice is stoped. they may give you alot of the security BS DONT LISTEN, no security system is 100% secure.

narzy

 

[quik2^^]

The FBI is looking into the global telecom from russia, I read it in the San Francisco Chronicle tow days ago. hope that helps.

 

[FatDragonn]

damn egghead sucks. i shopped there a lot too. good thing i got a new batch of numbers periodically. so probably no harm done for me.

all you online shoppers should get new credit card numbers every few months. it's a pain having to make so many calls, but it's worth every minute of it when sites like egghead gets hacked into.

just call up the various credit card companies that you have accounts with and tell them you feel that your account number may be comprimised, they should take care of getting you a new one without too many questions

 

[FatDragonn]

oops, should've read the whole thread, anyway my post is a lil diff from narzy's

 

[jumblies]

Privacy and Security Policy
Your credit card and personal information is safe with Egghead.com - we guarantee it!
Egghead.com respects and protects your privacy. As an AOL Certified Merchant, we also support AOL's privacy policy. We have designed Egghead.com so that no personal identifying information is displayed online or is accessible to the general public via our web site or e-mail.
From Egghead

Guarantee
Your browser and Egghead.com's secure server encrypt confidential information during transmission, ensuring that transactions stay private and protected. Egghead.com guarantees the safety of your credit card information in the following manner: if any unauthorized use of your credit card occurs as a result of your credit card purchase from Egghead.com, simply notify your credit card provider in accordance with its reporting rules and procedures. If, through no fault of your own, your credit card company finds credit card fraud but does not waive your entire liability for unauthorized charges, Egghead.com will reimburse you for the remaining liability, up to a maximum of fifty dollars U.S. ($50.00) per card. This guarantee applies to purchases made using Egghead.com's secure server (https: protocol).

 

[burnedout]

Yeah, I bought some things from Egghead also. Checked CC last night and am OK for now. CC number is getting changed very soon.

It's irregardless the type of encryption or security measures programmers and admins implement on e-commerce systems. If it can be made, it can be broken.

 

[Jamey]

Sounds like Egghead REALLY cares with that "awesome" consumer protection policy they have. They are going to give someone a whole $50 dollars if your credit card company refuses to cover any or all of your illegal charges, but finds there was fraud. That sure make me feel better, how about the rest of you guys?

After many long and painful attempts to find out where these records were stored, I found out they could guarantee safety of our records because they had used Al Gore's Lock Box for security.

 

[jAcKeL]

I'm just happy i haven't shopped there yet...

 

[YoCheeseHead]

Jamey -- that's federal law. Consumers aren't responsible for fraudulent charges over $50. That's why egghead is offering to cover the other 50.

 

[Fant]

No but they're saying they will cover it only if the credit card company doesn't. Honestly I've never had a problem disputing a charge with a cc company and I doubt they will give you much trouble if fraud is suspected.

 

[MustISO]

I know that there are people who have been struck by credit card fraud but whenever I see stuff like this I think "dear lord, don't panic, it's not the end of the world!" Credit card fraud takes a lot more than just a number. How many people use a credit card at a restaurant? or at a store? Anyone can have your number it's being able to use it that's difficult.


MustISO

 

[Hector13]

Well its official, I just got this stupid email from them:


Dear Customer,

Egghead.com has discovered that a hacker has accessed our computer
systems, potentially including our customer databases. While there
is no indication that any customer information has been compromised,
as a precautionary measure, we have taken immediate steps to protect
you by contacting the credit card companies with whom we work. They
are in the process of alerting card issuers and banks so that they
can take the necessary steps to ensure the security of cardholders
who may be affected.

We wish to underscore that we have taken these steps as precautions.
We have no information at this time to suggest that any credit card
information has been compromised. We are investigating this possibility,
and we are doing everything we can to proactively protect you. If you
would like further information, you may wish to contact the issuer of
your credit card to determine what steps they are taking. We regret any
inconvenience this may cause you.

We issued a press release on this matter earlier today. It is appended
below this message. If you have additional questions, please call our
customer service team at 1-800-EGGHEAD (344-4323).

Respectfully,

Jeff Sheahan
President & CEO
Egghead.com, Inc.



Press Release:

Contact:
Joanne Hartzell
Egghead.com, Inc (650) 470-2713
John Stodder, Shoreen Maghame
Edelman Worldwide, (323) 857-9100


Egghead.com Investigates Breach of Company Computer Systems
Company Undertakes Immediate Precautionary Measures
MENLO PARK, Calif., December 22, 2000 - Egghead.com ®, Inc. (Nasdaq:
EGGS), released the following statement today:
?Egghead.com has discovered that a hacker has accessed our computer
systems, potentially including customer databases. As a precautionary
measure, we have taken immediate steps to protect our customers by
contacting the credit card companies we work with. They are in the
process of alerting card issuers and banks so that they can take the
necessary steps to ensure the security of cardholders who may be affected.

?Simultaneously, we have retained the world?s leading computer security
experts to conduct a thorough investigation of our security procedures
and an analysis of this breach. We are also working with law enforcement
authorities, who are in the process of conducting a criminal investigation.

?For many months, we have been in the process of strengthening our security
systems in an effort to combat the increasing, industry-wide problem of
malicious hacking. We are committed to providing the highest security
standards in the industry, a process that has been ongoing and has
involved a considerable investment on the part of our company. Those
principles will continue to guide us going forward.?

About Egghead.com: Egghead.com is a leading Internet direct marketer of
technology and related products. With an emphasis on Small- to Medium-sized
Business (SMB) customers, Egghead.com offers a wide range of products from
computer hardware and software, consumer electronics and office products,
to sporting goods and vacation packages. Its Clearance, After Work and
Auction formats offer bargains on excess and closeout goods and services.
Egghead.com combines broad selection, low prices, and excellent service
to provide an outstanding online shopping experience for businesses and
consumers. Egghead.com is located on the Internet at http://www.egghead.com

This press release contains forward-looking statements that involve
risks and uncertainties, including but not limited to statements relating
to steps taken to protect our customers. These forward-looking statements
are based on information available to the company at the time of this
release and we assume no obligation to update any such forward-looking
statements. The statements in this release are not guarantees of future
performance. Actual results could differ materially from current expectations
as a result of numerous factors. For example, our ability to protect our
customers from potential misuse of private information is limited, and the
impact of compromised computed security on our business is unpredictable.
Other risks and uncertainties associated with the business are detailed in
our most recent Forms 10-K and 10-Q which are on file with the SEC and
available through www.sec.gov

Shoreen Maghame
Edelman Worldwide
(323) 857-9100 ext. 231
e-mail: shoreen.maghame@edelman.com


Due to our desire to ensure every person who may be affected has been notified,
you may be receiving this message even if previously expressing a desire not to
receive email from Egghead.com. If this is the case, please be assured you will
not be receiving promotional emails from Egghead.com in the future.

To be removed from our mailing list please go to:

 

[RoadRuner]

They are ignoring the guilt, at this point to avoid a class action lawsuit for negligence, and of course, to keep their pathetic stock prices up, as they sell sell sell

 

[SLEEPER5555]

and right now it looks like their site is down, i was gona go and see if my current cc was the one that they have on file or if it was the one i just cancelled a couple months ago! well i guess they are getting the anand effect! will try again later!

 

[tw1164]

Now I'm not so mad when I missed out on a deal a couples weeks ago. They were having a problem processing my credit card.

 

[Jamey]

YoCheeseHead, my post was sarcastic in nature. Most every CC company will pay all charges. Certainly they will pay all minus the first $50. All Egghead is promising is to do what 95% of the CC companies will do anyway. That is what is so insulting about their offer. I had my card hacked from CdUniverse. I had to cancell it and let tons of people know about my new information to set up automatic billing or other payment options. That is not something I want to go through again. I have since gotten a card I use for online purchases, but that company is screwy so I am back to my old faithful with a new number. I would like to see these companies put their money where their guaranteed secturity is and offer to pay any charge that was illegally made (and proven) or a minimum payment which ever is greater as a reimbursement of time for having to change your number. Anything short of that is just trying to patch a sinking ship with bubblegum. I never bought anything from CdUniverse again. I have so long since forgotten them, I do not even know if they are still in business.

 

[CouponCollect]

no need to be paranoid i dont think -- consumers don't usually lose from credit card fraud -- unless you carry a balance and pay exhorbant <sp?> interest rates

 

[RoadRuner]

Visa/Mastercard debit card?

imagine the poor souls that used theirs.

fyi it takes 3-4 weeks to get your cash back from a bank investigating visa/check debit card fraud. bye bye rent.

egghead is suck.

 

[gmbrker]

i got a bogus 10.95 charge from globaltelecom. Haven't disputed it yet

 

[John P]

I checked my account info and it does not have a credit card listed. Does that mean my CC info was never on their site or did they wipe it all out after they were hacked?