'Hacker Safe' Geeks.com Hacked

Source: Information Week

The site discovered last month that customer information, including Visa credit card information, may have been compromised.

By Thomas Claburn
InformationWeek
January 7, 2008 06:50 PM


Geeks.com, a Web site that still displays a banner from McAfee's ScanAlert certifying that it is "Hacker Safe," on Friday sent a letter to customers saying that it was hacked last month.
"Genica dba Geeks.com ('Genica') recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised," said a letter posted on The Consumerist from Jerry L. Harken, Genica's chief of security, to an undisclosed number Geeks.com customers. "In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, e-mail address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our e-commerce Web site."

Geeks.com has reported the incident to federal authorities and Visa, and is encouraging customers to review their credit card statements for unauthorized charges. The company has set up two help numbers -- 1-888-529-6261 or 1-212-560-5108 for non-US customers -- that will be active starting on Tuesday for those with questions about the incident. It is also providing contact information for the major credit agencies to make it easier to report any identity theft fraud arising from the incident.

Geeks.com describes itself as a direct-to-consumer e-commerce site that specializes in computer-related excess inventory, manufacturer closeouts, and popular and esoteric products for the tech-savvy.



Read more: http://www.informationweek.com/news/showArticle.jhtml?articleID=205600099&subSection=All+Stories

I wonder if Geeks are still running it?

Couldn't have happened to a better bunch of pricks is what I say, saying you're hacker proof may as well be waving a flag in front of a bull.

I bought a monitor from them months ago. Thankfully there haven't been any unusual transactions against it.

That said most crooks manage to only crack the weaker websites. So it sounds like someone was a little cheap and didn't a) follow good business practices and b) never did any penetration testing.

Both of which are penny wise and pound foolish.

Worked there for a year and a half, never a got a single raise once, cut back on the work force hours just enough so the full-time people wouldn't be technically full-time so they could deny benefits when profits started to dip, shit like that. Couldn't have happened to a nicer bunch.

Winzoze, hacker proof? Pleeeze. :rofl:

Not to defend the Beast of Redmond but IIS6 is vastly improved over IIS5. Then again, I wouldn't run a big ecomerce site on anything other than OpenBSD, mostly because its known for its security.

Agreed.

if you're going to be using a computer for serving purposes and security is paramount, you can't beat OpenBSD...they even have it in their slogan that they have an amazing record for not being hacked.

Security Linux could also be an option.

I use it because it's a bit more user-friendly than OpenBSD.

I walked away from Windoze several years ago.

and it has infinitely better client-side software (GUIs, etc). But, for server specific operations where security is paramount, it's OpenBSD. That's their forte.

If I wanted a BSD that could match 90% of Linux' user friendliness, it would be FreeBSD.

All BSDs, however, are infinitely better than Windows. BSDs are systems derived from a Unix system developed at Berkely. Unix has always been a superior operating system (that's why Macs use Darwin, a derivative of BSD Unixes, as their core system, coupled with a Mac proprietary graphic user interface that makes using the computer easy). The problem has been that they never spent much time making using the system easy (until recently with Linuxes and with Mac OSx). If Windows would make a Unix-based OS, coupled with their Windows GUI...they'd have a system that would kill the competition and that would deal a death blow to Macs.

Considering that Linux and BSDs can be used as source operating systems for commercial software, I don't get it why Microsoft's head honchos don't sit down, plan out a new operating system, and instruct their engineers to essentially make their own "Mac OS X", based on BSD Unix or Linux (BSD Unix if I had my choice).

I think it is time for Marta and I to join LifeLock.

http://www.lifelock.com/lifelock-for-people/how-we-do-it/how-does-lifelock-secure-my-personal-information

The "card verification number" (the three digits on the back or, on Amex, the four on the front) are specifically singled out as prohibited from being stored in any system. They must be used only at the moment of sale, then discarded.

Oh well, this is the era of BushCo. The corporate/political culture rots from the head down. Lie, cheat and steal -- the motto of the Bush era.

couldn't they have encrypted the damn strings before they wrote them to the database?

Hmm... Ya know if any site one does commerce with prepopulates the CVN on a return visit; they should be reported to the company that issued the card. Then sued.

rather...They paid by credit card too, non?