Wiggle may be compromised

[Angelfishsolo]

Hi all. I made an on-line purchase this morning from Wiggle and a few hours later had a call from my Bank to say my card details had been compromised. I have no way of knowing if shopping at Wiggle caused this but as CRC was recently hit it is a possibility. I just want to give you all the heads up.

 

[Rob3rt]

Bought anything from Play.com recently? They have been emailing about compromised security this week, although they do state no card details were leaked (maybe they werent, but if you bought from them this week, I would bare it in mind!).

 

[byegad]

I get my card company replacing my card for this reason a couple of times a year! It used to be far more often.

In the past they used to tell me where the attempt to use the card had taken place and I adjusted my shopping accordingly. Now they refuse saying its a data protection issue. (I could argue that one at length!!!)

I suspect companies have pressurised them not to divulge any details as it causes a reduction in business to them if a card is compromised and traced back to them or their area.

I still avoid the firms I think caused the problem but it is harder to be sure which firm caused the leak.

Some years ago I worked for a firm taking card payments over the phone. Had I been a wrong 'un I could have gathered details for 20 or 30 cards a day. Nothing easier. So if some firms have a criminal employee they leak card details, and computerised payments make that 20 or 30 into thousands, IF you have access to the system that takes them.

As my card company are quick off the mark I tend to shop where the thing I want is cheapest and only stop using a card before I go away from home to avoid the firm cancelling it while I'm away.

 

[pshore]

Bought anything from Play.com recently? They have been emailing about compromised security this week, although they do state no card details were leaked (maybe they werent, but if you bought from them this week, I would bare it in mind!).

Play said in their email that is was only email addresses stolen from a 3rd party company that handles marketing.

 

[ian turner]

your bank isn't HSBC is it ?

I left hem after two consecutive months of pay bill, buy itemsm card blocked because they didn't like my spending patterns and the second time because I tried using both debit and credit card on a transaction that passed verisign verification but was blocked they claimed my cards had been cloned. Idiots.

Did they actually identify an attempted transaction that wasn't yours ?

 

[davefb]

Play said in their email that is was only email addresses stolen from a 3rd party company that handles marketing.

yeah


but its far far far far far easier to crack into accounts if you have the emails...

 

[pshore]

yeah but its far far far far far easier to crack into accounts if you have the emails...

.... but its they would still need the passwords. Brute force attacks are a bit old school now and are a way to get noticed quickly. I would only worry if I had a weak password. The email addresses are far more likely to be sold to spammers for general spam and also for password phishing.

The clever fraudsters are installing programs on peoples home computers and in the CRC case, something on their server to sniff account details.

 

[Riverman]

Speaking of blunders, I received the pin number and replacement card for my Santander credit card today. I think the postman are getting lazy round here.

 

[Angelfishsolo]

Nope. I have seen the e-mails though.

Bought anything from Play.com recently? They have been emailing about compromised security this week, although they do state no card details were leaked (maybe they werent, but if you bought from them this week, I would bare it in mind!).

 

[Angelfishsolo]

NatWest. As for identifying a transaction that was not mine, no. They simply said that they had reason to believe that my card had been compromised and to destroy it.

your bank isn't HSBC is it ?

I left hem after two consecutive months of pay bill, buy itemsm card blocked because they didn't like my spending patterns and the second time because I tried using both debit and credit card on a transaction that passed verisign verification but was blocked they claimed my cards had been cloned. Idiots.

Did they actually identify an attempted transaction that wasn't yours ?