DeepDiscountDVD Security Problem
#1
For those who have accounts with DDD, please change/delete your credit card # or change the option to "Bill Me Later" if you are in USA. It will automatically clear your CC #/information.

Read the following posts at DVDTALK.

Initially, I logged in, it was my account. However, after changing the information, tried logging in again, it was some poor dude in Netherland's account.

Good Luck!
Reply
#2
Thanks for the heads up. It took me about fifteen minutes to get into my account, but I managed to get it changed. I can't get into my father's account, however...
[Image: ShinnSig.jpg]
[ #Uke-Fansubs current projects: Gundam SEED Destiny ]
Reply
#3
You are most welcome. Even though your CC # isn't fully shown, ppl could still change the address for the dvds to be shipped to.

Hope that nobody gets burn for this. Hehehehhe DDD should have a 40% sale for in-stock dvds and pre-orders to make up for this breach!!!! *CROSS MY FINGERS* :p Big Grin Wink
Reply
#4
I guess I am lucky then because I don't even use their site, I have three sites I use for my anime needs, this is one of them.
I am "Pedro" I am an afro warrior-----
Excel saga
Reply
#5
Now I am seeing a maintence message as their home page. I'll be checking my credit card daily just to make sure nothing was charged. Thanks for letting us know Japschin Smile
Reply
#6
Wow. Yes, Japschin, thanks for letting us know. I will pass the word along to a friend of mine as well! Smile

I do buy from them, so to hear that this is not the first time this is happened is disturbing. Wonder why they have problems with their website?
Reply
#7
Think the problem has been fixed. I could log into my account now without having prbs logging out and logging into some1 else's a/c.
Reply
#8
Japschin Wrote:You are most welcome. Even though your CC # isn't fully shown, ppl could still change the address for the dvds to be shipped to.

Hope that nobody gets burn for this. Hehehehhe DDD should have a 40% sale for in-stock dvds and pre-orders to make up for this breach!!!! *CROSS MY FINGERS* :p Big Grin Wink

Use rightstuf.com and sign up for the newsletter. They give you codes to use in the newsletter and they have sales for 30-40% off certain companies titles all the time. Plus their weekly deals are awesome.
Reply
#9
Cidien Wrote:Use rightstuf.com and sign up for the newsletter. They give you codes to use in the newsletter and they have sales for 30-40% off certain companies titles all the time. Plus their weekly deals are awesome.

I've used rightstuf since the beginning of this year. I have the newsletters sent to me and I know about Black Thursdays. Their weekly deals are fantastic for vols. 1+boxes. Other than that, still more expensive than DDD's regular priced dvds. I also happen to have the GA card.

I do know which companies' prices are good and which are fantastic. Just happens that without these sales, Rightstuf is way more expensive than DDD for the regular priced dvds. I only started collecting R1s Dec 2003 and DDD was the first place I made bulk orders at. If not, sometimes I just need a couple of dvds, not enough to add it up to $100 to qualify for FS at rightstuf, I'll use DDD since it's FS for everything.

Without any sales, DDD's price is one of the cheapest online, if not the cheapest.
Reply
#10
I've haven't used rightstuff yet, but deepdiscount dvd has some good prices. Rightstuff is usually low for the empty boxsets. (example: a $39 empty box with the first dvd for $14.99 this week). For anything else, deepdiscountdvd (plus the free shipping makes it even more tempting to use)
Reply
#11
DDD sent me a reply regarding this issue (I sent them an email: "I heard your site was compromised. Is it fixed?"):

Dear DeepDiscountCD Customer:

We are writing to inform you of a problem experienced with our website this past weekend.

Maintenance was performed on the DeepDiscountCD website beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continuing through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other DeepDiscountCD customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the DeepDiscountCD account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.

The situation described above directly affected less than ½ of 1% of our customer base. The site has been closed for maintenance and all of our website operations and functionality will have returned to normal when it reopens. We sincerely apologize for any inconvenience that this situation may have caused.

Unfortunately, we have discovered that in some cases DeepDiscountCD customers that logged in during the maintenance period may have been able to actually place an order on another customer?s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th are unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.

Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers? account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer?s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our site?s cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the website will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004

On behalf of our entire company, we sincerely apologize for this problem. The patronage and confidence of our customers is very important to us and integral to our long-term success. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.

Again, thank you for writing DeepDiscountDVD.com. We appreciate your business.

Regards,

Customer Service Department
[email protected]
http://www.deepdiscountdvd.com
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)