Not hot for security. ComputerGeeks.com defaced

[Buyingsouls]

Yeah, I saved a copy of it. I'll post it for a day or three.

Linky

 

[sleefer]

I believe that compgeeks only store your cc info if you check the "save cc info for future orders" box. When I log into my account it shows no cc#'s. I would suggest that you not store cc info on anyone's site, no matter how secure they say it is.

 

[slomo1k]

Here's an email I received from them (after asking what happened).

Thank you for your support of ComputerGeeks.com and for your message.

We very much appreciate your business and certainly understand your concern
over the personal information you have entrusted to us-- it is one that we
share.

In fact, only one of our multiple web servers was affected, and it was
immediately removed from our load-balancing cluster.
The isolated event lasted only a short time and was corrected immediately
upon detection.

This was a case of simple HTML vandalism, not an actual "hack" or
"penetration"-- your credit card number and other personal information is
NOT stored on our web servers, and there is no indication that any of our
back-end database servers or any of their data has been compromised.

I assure you that we take security and the integrity of our customer's
personal information extremely seriously-- our data center security team and
CIO continue to monitor our web servers, network, and internal systems, but
our evaluation leaves us satisfied that none of your confidential
information has been revealed.

We apologize for any anxiety this may have caused, though we believe there
is little real cause for alarm.

I hope that I have adequately addressed your concerns, but if you feel that
there is more I can do, please let me know.

Thank you again for your continued patronage of ComputerGeeks.com.


Sincerely,


Chris Herzog
VP eCommerce Development,
ComputerGeeks.com
http://www.computergeeks.com

 

[vegetation]

Who wants to bet that their outrageous shipping charges, combined with slow shipping fulfillment, is what spiked the hacker to do this.

 

[ReiAyanami]

they dont have outrageous shipping charges, but they are slow and the stuff they sell is often shoddy.

 

[XiZiT]

I figure if they can so easily have there site hacked it means that they could have probably been hacked before and it went unnoticed hence the credit card theft.

 

[JWade]

Shoot, their shipping is NOT outrageous. $4 to ship out an MP3 player for me, $6 to ship out a 5 piece surround sound speaker set. I have also bought stuff from them and have had them ship it to an APO/AE address (military overseas) and even though almost every other place adds like an extra $20 to the shipping they dont add anything because shipping to an APO/AE is done via USPS and is actually slightly cheaper than the usual UPS shipping ro FEDEX shipping they do. I have bought dozens fo stuff from them and not once have had a problem from them. As a matter of fact if you count my friends who have bought from them the items and times bought from them numbers over 50+. Out of all them only a sheetfed scanner had to be returned, and it wound up being the computer i was trying to install it on having a bad parrallel port and not the scanner tiself, but they sent a replacement anyways.

I am very happy with the geeks and will continue shopping there. Great items and great prices if you ask me.

 

[wetcat007]

Good advice, stick with major companies companies for internet transactions, or smaller ones that use paypal or yahoo pay/yahoo store.

 

[ShowdOWN]

im glad its been a few years since ive purchased anything from them. im sure i dont have the same credit card anymore.
i only use one card now for everything.

 

[Rorschach]

I agree with JWade, I've had nothing but good experiences with ComputerGeeks. And I'm not really worried about my CC info being stolen either, for the same reasons that Jaxidian posted. The people hurt by credit card fraud are the banks that issue the card - you're not responsible if you didn't authorize the purchases. They just want you to think that so you're careful with your card. Besides the only thing hacked was the front page to their site, I'd say chances are high these script kiddies didn't get any farther.

 

[EXman]

I think they plain suck I had to have my CC do a charge back cause they refused to RMA a DOA a $275 vid card and ignored all my e-mails and blew me off on the phone. Worst customer service ever and even worse product quality. Glad I don't shop there anymore maybe these guys got screwed over by them as well

 

[Beldar]

Quote from Rorschach

"The people hurt by credit card fraud are the banks that issue the card"



Not True! They loose nothng! The victim is the merchant who processed the charge. If a chargeback occurs due to fraud, the bank simply reverses the charge and the merchant looses. This is the reason more and more vendors are not allowing you to ship to alternate addresses.

There is minimal protection for vendors other than the address verification method and it is minimal at best! If the banks were the actual victims resulting in them losing money, they would fix the problem! But since they are not out any actual money, just paperwork, they are not motivated to make us truly protected from slimeballs who use stolen credit cards.


just my .02

 

[WoundedWallet]

Another one here left with a bad taste after dealing with Compugeeks. It's really no wonder they got sacked. They probably sold something "shoddy" to someone that decided to teach them a lesson.

As for the rule of never leaving you cc on file, sure do that. And for the companies that don't give you that option, go back there after you received your item and change your name, address and your cc number on their records. It may be more of hassle next time your order, need to change your info again, but it is less of a hassle than having to worry and dispute any unknown charges.

You know the companies will always try to hide and minimize any intrusion that does not become public. So you never know if your cc number has been exposed unless thousands of other people start complaining or someone starts to brag about it.

WW

 

[firestorm225]

I bought an old P2 system near the beggining of the year. I got it in 4 days, shipping was $11 for a 30+ poubd object (not bad), and it has worked perfectly so far. I have no complaints with them.

 

[grrl]

>>if your bank tries screwing you, $50 out of your pocket (which is highly controversial since all banks are required, by Federal low, to protect any and all reserves you have, be it money or your charge card).

The law is the credit card company can charge you $50 if you are no longer in possession of the credit card i.e. it was stolen. They can't charge you anything if you still have the card and the information was simply stolen.


>>There is minimal protection for vendors other than the address verification method and it is minimal at best! If the banks were the actual victims resulting in them losing money, they would fix the problem! But since they are not out any actual money, just paperwork, they are not motivated to make us truly protected from slimeballs who use stolen credit cards.

If Apple Computer and several other places had used that method they wouldn't be out the $1300 racked up on my credit card last year. You can confirm credit card information in real time, and it's absolutely inexcusable that a company the size of Apple doesn't do it. They deserve to lose the $150 then IMO.

 

[vladgur]

Geez, i hate when people use "HAX0RS" left and right. In case of defacement, the "perpetrators" more often than not find a way to replace a single html file(index.html) with their own. THEY DO NOT GET ACCESS TO THE CUSTOMER INFORMATION, CREDIT CARDS, ETC.
In fact such generic defacement is the weakest thing anyone can do. So called script kiddies monitor a number of security related sites and try to apply them to potential victims. It happened to me once and I patched up the hole pretty quickly(a php variable issue in php-nuke) -- they basically replaced my index.html with their own.so I reuploaded my original html file and tracked down the bug. the whole thing lasted no more than an hour, professional sites have full time admin who fix this even faster.

let me reiterate again: YOUR CREDIT CARD AND PRIVATE INFO was not stolen. if so-called "haxors" could gain access to CompGeeks credit card information, they would not deface it, they would keep low and keep milking the numbers. So relax about it.

 

[amdskip]

I'm not worried at all. I've only had good experiences with them and will continue to shop there.

 

[sxr7171]

Originally posted by: bassoprofundo
I had someone hack my AMEX Blue, too. Compgeeks could have very well been the last place I shopped. Geez... This is scary because I just ordered a case from them. Luckily, it was with my Paypal card, and there's nothing in the account right now.

I don't know Paypal scares the crap out of me, they have your bank account information and rumor has it that they have been known to delve into people's accounts (probably for legitimate reasons - I don't know and I don't know how true these rumors are). Anyway, just the fact that they have actual bank account information scares me. With Amex it's more like numbers on a page, when bad things happen things can be disputed or investigated and usually there's no liability for you.

 

[Samus]

With the exception of REALLY slow shipping (2 weeks or so in most cased from order to arrive) I have had good luck with CG the past few years, although I can't say I've ordered anything from there lately...

 

[Cpaladin]

I have had no problems with the geeks, been shopping there for 4+ years. Mind you, I would never pop $275 for a videocard from them though, I'd try to find such an item from mwave or some other merchant, and a new retail/oem version.

For older, harder to find kit, they are invaluable. My old mustek LEGAL (read, bigger scan area) sized scanner died after 4 years, was able to get the same unit from them for $18 and only $7 fedex ground shipping from texas to new england. It's not easy finding these kinda scanners and this was a LARGE, heavy box, we ain't talking some lightweight slimline POS. They offer some of the best shipping rates around, though they are slow in processing. I don't care, I don't order 'mission critical' parts from them, when it gets shipped it gets shipped. I use them strictly for harder to find parts, and smaller items here and there.

I just would never pop $300 there either like I said. For every merchant, I can find people who hate them, crap I can find people who hate staples....source of so many great deals