monoprice credit card breach?

[Miramonti]

Last I bought from them was late '08. Must be purged from the system after a while.

 

[Svnla]

Great, my first time ever shopped at monoprice in 1-2010 and now this. Now I am getting nervous and just checked my Visa but nothing so far <crossing fingers>.

 

[mjrpes3]

I was able to get a new card without problem. The BofA lady agreed that based on my situation it did make sense to get a new card.

Now I can have peace of mind and not have to check my bank statement everyday

 

[mshan]

3 more attempts to use my credit card at Aldo Shoes this morning!!!

Luckily I closed the account yesterday. And I haven't ordered anything from Monoprice.com since December 21, 2009.

I was talking to CSR trying to get e-mail address, ip address, shipping address, etc. but they said they can't release that unless a police report is filed.

One recent shipment was scheduled for delivery today and she said she could stop it, so they could take that particular charge off (was hoping they could contact police and follow delivery man out to deliver package, but I guess that is not the way it works).

At least for Citi, I have to get forms to fill out, send them in, and wait a month for them to investigate.

 

[tk149]

Just checked my credit card. Nothing fishy. My last order with Monoprice was last summer.

 

[mshan]

I logged into my Monoprice account and they only have my orders after 9/1/09 on file.

Hopefully, they have were already systematically purging all financial info from transactions before that date even before this recent breach.

 

[BarkingGhostar]

I wonder if their entire CC database was compromised, or just a portion. Also, I wonder how long a record exists before they delete the CC information due to inactivity.

I've been watching my Amex account as it was the only card used with them between 2007-09, but nothing yet.

 

[SpatiallyAware]

I wonder if their entire CC database was compromised, or just a portion. Also, I wonder how long a record exists before they delete the CC information due to inactivity.

I've been watching my Amex account as it was the only card used with them between 2007-09, but nothing yet.

From what someone else posted it could be months before your 'chunk' of CC data is sold..

I have an amex and have been checking daily. Once my monthly billing stuff is run I'm going to get a new card.

 

[mjrpes3]

It seems that with security vulnerabilities like this you have opportunity to create a honey pot. Keep the CC "open" and if anyone purchases something log their IP, and follow the package to its delivery point and arrest the person who picks it up. This enforcement could be funded by money currently used on the "war on drugs".

 

[NFS4]

Yet another reason to use Google Checkout for Monoprice or any other site that supports it (assuming it doesn't get hacked by the Chinese )

 

[Vette73]

Yep had to cancel my CC today. Placed a order at Monoprioce on 2/12/2010

Some apple stuff, cattering, and a train ticket.

 

[manko]

Look into virtual credit card numbers and change your Monoprice.com password. A virtual number allows you to create a unique CC number for each purchase and set an exact limit for the amount of your purchase as well as a specific expiration date. If anyone gets a hold of it and starts charging somewhere else, it will be declined.

 

[robphelan]

does any bank offer virtual numbers anymore? they were pretty big in the lates 90s early 00s

 

[manko]

does any bank offer virtual numbers anymore? they were pretty big in the lates 90s early 00s

Bank of America: ShopSafe
Citi: Virtual Account Numbers
Discover: Secure Online Account Numbers

Amex used to offer them, but stopped a few years ago.

I haven't used a real card number for years. These virtual numbers not only protect against stolen cards, they also protect against getting overcharged or automatically renewed for something you didn't sign up for and other gotcha charges buried in the fine print.

 

[VirtualLarry]

CostCentral probably got hacked too some time ago. I use Visa pre-paid CCs, so even if they got my CC numbers they would be unusable. One CC I used to shop only at CostCentral showed a spurious charge for like $0.18 on it from a company that I didn't recognize. Maybe I should have reported it?

 

[Synomenon]

Does Wells Fargo do virtual numbers? I really need to order something from Monoprice today. Is it safe to yet?

 

[dabuddha]

bleh. Got a call this morning from Delta Airlines. Asked if I purchased a ticket (forget the name but was a foreign name) for $467. I said no and that's not me. Got on the phone with Amex and was in the process of cancelling the card when I got a 2nd call from the same lady at Delta asking if I had just placed another purchase for a ticket for $670ish for a Sandra O Connor (or something O connor). Said no then cancelled the card. Props to Delta for calling me though but I wonder why they contacted me (I've purchased tickets for family members in the past without getting flagged) and how they got my contact # (unless the piece of shit put my cell number for the contact #)

 

[SpatiallyAware]

bleh. Got a call this morning from Delta Airlines. Asked if I purchased a ticket (forget the name but was a foreign name) for $467. I said no and that's not me. Got on the phone with Amex and was in the process of cancelling the card when I got a 2nd call from the same lady at Delta asking if I had just placed another purchase for a ticket for $670ish for a Sandra O Connor (or something O connor). Said no then cancelled the card. Props to Delta for calling me though but I wonder why they contacted me (I've purchased tickets for family members in the past without getting flagged) and how they got my contact # (unless the piece of shit put my cell number for the contact #)

Arg. I'm about to call and cancel my amex, I'm sick of checking it every morning wondering about random charges.


I'm fairly disappointed in monoprice, they should've sent out emails - not just a banner on a webpage.

 

[Vette73]

Arg. I'm about to call and cancel my amex, I'm sick of checking it every morning wondering about random charges.


I'm fairly disappointed in monoprice, they should've sent out emails - not just a banner on a webpage.

Ha they don;t even have the banner now. Of course the top says Now accepting SECURE CC payments.

They still have nto admited that they are the problem, even though its all tied back to them.

I went to reseller ratings and gave a review for my last purchase. :thumbsdown:

 

[skagen5555]

Man, just got hit too. Closed the account and overnighted new cards. Dang you monoprice! i loved that place too.

 

[Kyle]

They don't show even the last 4 digits on the CC I used for my last order in February '09, so I have no idea what card to close....
But my billing address/zip has changed since then, so maybe they wouldn't be able to use it anyways

 

[Evadman]

They don't show even the last 4 digits on the CC I used for my last order in February '09, so I have no idea what card to close....
But my billing address/zip has changed since then, so maybe they wouldn't be able to use it anyways

it costs nothing to get a new card. If in doubt, do it for all your cards. That is what I did.

 

[CrackRabbit]

Ha they don;t even have the banner now. Of course the top says Now accepting SECURE CC payments.

They still have nto admited that they are the problem, even though its all tied back to them.

I went to reseller ratings and gave a review for my last purchase. :thumbsdown:

Considering Monoprice is based in California a public acknowledgment of a breach is required by law. If they haven't owned up to the fact that there was a breach of their customer database they could be in serious trouble if someone contacted the California AG's office about it...

 

[Vette73]

Considering Monoprice is based in California a public acknowledgment of a breach is required by law. If they haven't owned up to the fact that there was a breach of their customer database they could be in serious trouble if someone contacted the California AG's office about it...

Thats the thing. They are still playing the "we see no breach here..." game. So to them they have not admitted they had a breach. I am not sure what the requirement of CA law is but I guess they have to admit the problem first?

 

[HannibalX]

Somehow I missed this thread.