DDD sent me a reply regarding this issue (I sent them an email: "I heard your site was compromised. Is it fixed?"):
Dear DeepDiscountCD Customer:
We are writing to inform you of a problem experienced with our website this past weekend.
Maintenance was performed on the DeepDiscountCD website beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continuing through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other DeepDiscountCD customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the DeepDiscountCD account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.
The situation described above directly affected less than ½ of 1% of our customer base. The site has been closed for maintenance and all of our website operations and functionality will have returned to normal when it reopens. We sincerely apologize for any inconvenience that this situation may have caused.
Unfortunately, we have discovered that in some cases DeepDiscountCD customers that logged in during the maintenance period may have been able to actually place an order on another customer?s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th are unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers? account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer?s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our site?s cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the website will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004
On behalf of our entire company, we sincerely apologize for this problem. The patronage and confidence of our customers is very important to us and integral to our long-term success. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.
Again, thank you for writing DeepDiscountDVD.com. We appreciate your business.
Regards,
Customer Service Department
[email protected]
http://www.deepdiscountdvd.com
![[Image: ShinnSig.jpg]](http://morningview.net/chris/sigs/ShinnSig.jpg)
