lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 1 Dec 2011 13:33:14 -0500
From: Philippe Meunier <meunier@....neu.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: International Checkout

Hello,

Read the email below if you want to laugh a little.  Especially the
answer to question 1 in the FAQ at the end of the email.  No word on
how they were pirated or how many credit card numbers were stolen
though, but obviously I'm not the only who's received that email:
http://forums.whirlpool.net.au/archive/1822778

Anyway, I guess it's alright, since the "Security" section of their
privacy policy helpfully indicates that "by using this web site, you
acknowledge that the Internet is inherently insecure and that there is
always a risk that your personally identifiable information could be
intercepted or otherwise accessed and improperly used", which seems to
be their way of saying that, whatever happens, it's just going to be
the fault of the Internet, not theirs:
http://www.internationalcheckout.com/privacy.php
(and I guess "We take commercially reasonable precautions to protect
your personally identifiable information" is just their way of saying
they care about protecting my data only as long as it doesn't cost
them too much to do so...)

Bleh.

Philippe


============================================================
From: "International Checkout Customer Support" <Information@...ernationalCheckout.com>
To: meunier@....neu.edu
Subject: Important Information Regarding Your Purchase at International Checkout
Date: Wed, 30 Nov 2011 00:41:06 -0500

Dear Customer,

You have made a purchase of Dr. Martens through International Checkout in the last 18 months and Dr. Martens has asked us to ensure you are advised of a recent security issue which took place with International Checkout's online system.

International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information.

International Checkout has conducted a thorough investigation into the potential risks to our customers.  You are receiving this email from International Checkout because your credit card information was in the database which was compromised. We have taken all necessary action to ensure our systems at International Checkout meet recommended and compliant security levels.

We encourage you to carefully review your recent credit card statements to identify any unauthorized activity. If you find any unauthorized activity please contact your credit card issuer or bank immediately. You may also consider changing your credit card number if you are concerned for the security of your card details.

International Checkout deeply regrets any inconvenience this will cause.

For more information regarding the security issue please feel free to contact International Checkout by email to discuss this further at:

Information@...ernationalCheckout.com

You can also contact International Checkout's Customer Service by phone on any of the following numbers between the hours of 6:30 a.m. and 6:30 p.m. PST:

USA and Canada:          +1.866.682.0641
USA Phone:                  +001.310.601.8196
UK Phone:                    +44.20.8133.2436
Australia Phone :           +61.28003.4685
Denmark Phone :           +45.369.50312
Sweden Phone :            +46.4069.35779
Hong Kong Phone :        +852.8175.6057
Japan Phone :               +81.50553.46826
Finland Phone :             +358.(02)3619.0437
Brazil Phone :                +55.(11)3230.9539
Ireland Phone :              +353.1443.3715
Mexico Phone :             +52.558.421.8266
New Zealand Phone :     +64.9889.0408

You can also find answers to questions you may have in the FAQs below.

Sincerely,

International Checkout Inc.

___________________________________________________________________________________________________

International Checkout
Security Breach FAQ's
November 29, 2011


Q1:	What is this about?

A1:	International Checkout has been the victim of a recent security breach.  In mid-September, 2011 we discovered that an intruder accessed and potentially compromised our system.  We immediately commenced an investigation, notified law enforcement, purged credit card data from our databases to ensure no future vulnerability, and have consulted with both our processor and the credit card associations.  Through this investigation, which was just completed on October 31, 2011, we learned that on August 23, 2011, an intruder gained access to part of our system that contained credit card numbers of customers.  The credit card information in that database was encrypted, but we have learned that the intruder was able to access the encryption key that was stored separately.  International Checkout has implemented all security enhancements recommended by the third party investigator to improve our system security.  In addition, we have successfully moved our website to a new system t
 hat has stronger security measures in place.


Q2:	What is International Checkout doing?

A2:	As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take appropriate action to protect themselves.  We have conducted a thorough investigation through a well-recognized third party expert. We have contacted law enforcement and are providing law enforcement, our processor and the card associations with our full cooperation.


Q3:	What information was in the database that was hacked?

A3:	The database that was hacked into by the intruder contained credit card numbers of customers.  The credit card information in that database was encrypted, but we have learned through our investigation that the intruder was able to access the encryption key that was stored separately.


Q4: Were credit card numbers exposed?

A4:  Yes.


Q5:	Were bank account numbers exposed?

A5:	No.


Q6:	If my information was in the file, what should I do?

A6:	If you received an email from International Checkout then you name was in one of the files that were accessed.  Your credit card number was also in that file.

You should review your account statements carefully to see if there have been any charges that you have not authorized.  If there are, contact your bank or card issuer immediately at the number on your monthly statement. Even if there has been no unusual activity on your account, you can ask your bank to change your account number.

Mark on your calendar to review all this information again every three months.  Sometimes identity thieves will wait for time to pass before using your information.


Q7:	How will I know if my information was used by someone else?

A7:	You should check your account statements carefully.  If someone else has used your bank account or credit card number the activity will appear on your statement.  If you see activity that you did not authorize, call your bank or card issuer at the number on the back of your statement immediately and tell them that the activity was not authorized and ask the bank to change your account number


Q8:	Should I close my bank account or change my account or credit card number?

A8:	You should review your account activity carefully.  Even if you do not find any unusual activity, you may want to contact your bank or credit card issuer to discuss whether you should request a change of account number as a precaution.


Q9:	Will International Checkout contact me to ask for my personal information because of this event?

A9:	No. We will not contact you unless you call or write to us first.  We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number.  If you are contacted directly by someone who claims to be with International Checkout and who ASKS YOU FOR YOUR PERSONAL INFORMATION, please immediately contact us on the Customer Service details above.

This message was sent to meunier@....neu.edu from:
International Checkout | 7950 Woodley Ave.
Unit C | Van Nuys, CA 91406

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ