Wine Library Credit Card Breach

Tasting notes, varietals, grapes - anything related to wine
Message
Author
Erich Sachse
GCC Member
GCC Member
Posts: 281
Joined: June 8th, 2009, 12:40 pm

Re: Wine Library Credit Card Breach

#151 Post by Erich Sachse » November 29th, 2011, 4:58 am

FYI, I was hit overnight (iTunes, Blizzard) -- the CC company caught it and reversed, so just a minor PITA, but for those who thought they were in the clear, it appears they are still working their way through the list of cards

User avatar
Jay $$ Winton
GCC Member
GCC Member
Posts: 2761
Joined: June 1st, 2009, 5:21 pm
Location: University Park, MD/Rehoboth Beach, DE

Re: Wine Library Credit Card Breach

#152 Post by Jay $$ Winton » November 29th, 2011, 7:33 am

Am I wrong in thinking WL should do something for all the people affected by the database breach?
Immaturity-my life, not my wine.

User avatar
Bill Bøykin
Posts: 4439
Joined: May 30th, 2009, 2:00 pm

Re: Wine Library Credit Card Breach

#153 Post by Bill Bøykin » November 29th, 2011, 7:49 am

Jay Winton wrote:Am I wrong in thinking WL should do something for all the people affected by the database breach?
Good idea!
I'll take a bottle of Giacosa Asili Riserva 2000. [cheers.gif]

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#154 Post by Andrew L. » November 29th, 2011, 8:10 am

Jay Winton wrote:Am I wrong in thinking WL should do something for all the people affected by the database breach?
Indeed, you must be repaid for the hardship you experienced by having to take 5 minutes out of your day to call the credit card company and have a new card issued!
L I T T L E

Bill Gold
Posts: 32
Joined: December 14th, 2010, 6:39 am

Re: Wine Library Credit Card Breach

#155 Post by Bill Gold » November 29th, 2011, 8:33 am

Had three charges from blizzard
After calling cc company, talked with blizzard who gave very unsatisfactory answers to a growing problem. Claimed they nave no way of matching a charge with a specific cc. Really?

B. Jenny
Posts: 227
Joined: April 27th, 2010, 5:57 am

Re: Wine Library Credit Card Breach

#156 Post by B. Jenny » November 29th, 2011, 8:46 am

Mike Cohen wrote:
B. Jenny wrote:I would have liked to have been contacted by Wine Library also. I was compromised and it was caught by my CC company or else I may have never known. I also left a phone message with my name and phone number and was never contacted by WL. It was a pain changing my card and it seems like WL was mainly just concerned with their own selves. I buy through Cindrella Wines also which should be the same but has their charge site been effected or compromised? Who knows and I will not use them till I see some good history.
You couldn't possibly be more wrong if you think that WL is "mainly just concerned with their own selves". Feel free not to use them...you are cutting off your nose to spite your face. Just curious what your standard for "some good history" is? Seems like at least 15 years as one of the top retailers in the country might qualify as "good history"

Glad to see that WL's long history as one of the most customer friendly retailers out there has garnered them so much goodwill.

There are many people who CC are being breached that are not on Wine Berserkers. I would have appreciated being contacted by WL with a mass email to be aware of the situation or at least a response to my email or phone call. I buy Cindrella Wine which is associated with WL. There is no mention of them so are they clear of any breach? Does the change at WL cover them also. I would assume so but since I am not positive I will watch for a "good history" . If you have that answer and can confirm that I would appreciate your imput. If I were a top retailer I would have contacted all of my customers in a mass mailing to alert them of potential fraud on their CC. I am sure that this will continue with people who are not aware of this. I am not putting blame on WL just asking them to alert their customers that there is a potential problem. I am also sure that many people are very concerned why thier CC was breached that are not aware of this post and are making many other changes to their accounts thinking their identy has been compromised. Changing many direct deductions takes time and some I had to repay up front to change my card. Not a 5 min thing.
Bill Jenny

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#157 Post by Andrew L. » November 29th, 2011, 9:52 am

Ok B. Jenny, replay the scenario in your head, except this time they let you know a month earlier. The result is the same. You get on the phone, call your credit card company and have a new card issued.

I've had my credit cards (even debit cards) compromised before and it took all of 5 mins. Oh, but you had some automatic charges to change over, my bad, 10 mins out of your day while you pick your nose and browse the internet.
L I T T L E

Orlando De Jesus
Posts: 103
Joined: August 27th, 2010, 2:47 pm

Re: Wine Library Credit Card Breach

#158 Post by Orlando De Jesus » November 29th, 2011, 10:08 am

The next day WL sent me the e-mail, my VISA CC sent me an e-mail about fraudulent charges from Blizzards (twice) done the day before. They cancelled the card and I had to make all the changes to my recurrent cc payments with another card. I was also traveling that same day and had to make a lot of hard changes to the car and hotel reservations for that night.

Roy Spence
Posts: 33
Joined: June 23rd, 2010, 7:19 am

Re: Wine Library Credit Card Breach

#159 Post by Roy Spence » November 29th, 2011, 10:17 am

Andrew--- I wish I only spent 5 minutes on this.

First, I was not included in the Warning email blitz done by WL. Guess they were wrong about who would be victims.

I had no idea what was happening when I looked at my statement a month ago and saw 2 charges for Blizzard WOW on the same month. First I questioned my kids about the activity because they previously had accounts. After the interrogation, I had to call Blizzard and spent about a half hour on the phone with them as they tried to search for my credit card info to determine how the charge happened. They were no help and only told me to call the credit card company to report possible fraud. My next call was just that, to the credit card company. I spent about 30 minutes with them as well going over charges for the past two months, and getting transferred to the fraud department. I then had to receive a hard copy form from the credit card company explaining the disputed charges of fraud. I filled out the form and had to have my wife sign it and fax it back to the credit card company. Later in the month I received a letter from the CC company stating I needed to fill out a similar form or the case would be dropped, so I had to spend time calling them up again to make sure everything was in order. A couple days later I get a call from my other credit card company telling me that there appears to be someone trying to make charges on that card too from somewhere out of country and can I confirm that it is not legitimate. So not only was my first card canceled, but now another card was also canceled. That left me for a week without any cards while both banks were having to re-issue cards to me. So all in all, I'd say I had a little more then 5 minutes of inconvenience. Oh, and I also had to deal with automated charges now getting rejections and having to supply those companies with new card numbers.

So what could I have done if I got an email from WL early on. How about possibly canceling my cards with a rep in 5 minutes and just having to wait for the new ones with no further aggravation.

User avatar
Jay $$ Winton
GCC Member
GCC Member
Posts: 2761
Joined: June 1st, 2009, 5:21 pm
Location: University Park, MD/Rehoboth Beach, DE

Re: Wine Library Credit Card Breach

#160 Post by Jay $$ Winton » November 29th, 2011, 10:19 am

Andrew L. wrote:
Jay Winton wrote:Am I wrong in thinking WL should do something for all the people affected by the database breach?
Indeed, you must be repaid for the hardship you experienced by having to take 5 minutes out of your day to call the credit card company and have a new card issued!
I had to go to Baltimore to get a new debit card. That took quite a bit more than 5 minutes.
Immaturity-my life, not my wine.

Frank Smith
Posts: 801
Joined: June 30th, 2009, 5:49 pm
Location: Kansas City area

Re: Wine Library Credit Card Breach

#161 Post by Frank Smith » November 29th, 2011, 10:22 am

Andrew L. wrote:Ok B. Jenny, replay the scenario in your head, except this time they let you know a month earlier. The result is the same. You get on the phone, call your credit card company and have a new card issued.

I've had my credit cards (even debit cards) compromised before and it took all of 5 mins. Oh, but you had some automatic charges to change over, my bad, 10 mins out of your day while you pick your nose and browse the internet.
This hardly seems necessary.

B. Jenny
Posts: 227
Joined: April 27th, 2010, 5:57 am

Re: Wine Library Credit Card Breach

#162 Post by B. Jenny » November 29th, 2011, 10:39 am

Andrew L. wrote:Ok B. Jenny, replay the scenario in your head, except this time they let you know a month earlier. The result is the same. You get on the phone, call your credit card company and have a new card issued.

I've had my credit cards (even debit cards) compromised before and it took all of 5 mins. Oh, but you had some automatic charges to change over, my bad, 10 mins out of your day while you pick your nose and browse the internet.

OK Andrew L. Replay the scenario in your head. They let people know right away and many of the posters in this forum would not have had multiple charges and other problems. What about those who still haven't been hit with charges yet and when they do start to panic and become afraid their idenity was compromised. It would just take 5 mins for WL to send out a blanket email warning people, just like they do their wine specials. Not sure why you have a problem with that?
Bill Jenny

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#163 Post by Andrew L. » November 29th, 2011, 10:54 am

You're right! Lynch the bastards!
L I T T L E

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#164 Post by Andrew L. » November 29th, 2011, 10:56 am

Jay Winton wrote:
Andrew L. wrote:
Jay Winton wrote:Am I wrong in thinking WL should do something for all the people affected by the database breach?
Indeed, you must be repaid for the hardship you experienced by having to take 5 minutes out of your day to call the credit card company and have a new card issued!
I had to go to Baltimore to get a new debit card. That took quite a bit more than 5 minutes.
Sorry to hear that your bank is not capable of utilizing the mail system.

B. Jenny wrote: OK Andrew L. Replay the scenario in your head. They let people know right away and many of the posters in this forum would not have had multiple charges and other problems. What about those who still haven't been hit with charges yet and when they do start to panic and become afraid their idenity was compromised. It would just take 5 mins for WL to send out a blanket email warning people, just like they do their wine specials. Not sure why you have a problem with that?
Oh no, multiple charges that the credit card company reverses, no questions asked? When I have fraudulent charges appear on my card, I think my card has been compromised, not my identity has been stolen. I don't think there is anything wrong with the actions that WL took in waiting to confirm that there was a problem before emailing people.
Last edited by Andrew L. on November 29th, 2011, 11:14 am, edited 1 time in total.
L I T T L E

User avatar
Jim Salvito
GCC Member
GCC Member
Posts: 400
Joined: June 5th, 2009, 6:08 pm
Location: Santa Barbara

Re: Wine Library Credit Card Breach

#165 Post by Jim Salvito » November 29th, 2011, 11:01 am

Whenever I've had a similar database hacked from another company, they've always offered to pay for a year's worth of credit-monitoring service. Perhaps WL should consider doing this as a gesture of good faith to their customers.

User avatar
Ken V
GCC Member
GCC Member
Posts: 38556
Joined: January 27th, 2009, 12:42 pm
Location: Delmar, NY
Contact:

Re: Wine Library Credit Card Breach

#166 Post by Ken V » November 29th, 2011, 11:09 am

Andrew L. wrote:
Jay Winton wrote:Am I wrong in thinking WL should do something for all the people affected by the database breach?
Indeed, you must be repaid for the hardship you experienced by having to take 5 minutes out of your day to call the credit card company and have a new card issued!
You are right. Make that 2 bottles of Giacosa Asili Riserva 2000.
Ken V @ s t o l @
The Fine Wine Geek
Click on the W W W button under my name to see my website.
"Don't be meek, embrace the geek." -Terry Theise
Twitter: @FineWineGeek

User avatar
Ken V
GCC Member
GCC Member
Posts: 38556
Joined: January 27th, 2009, 12:42 pm
Location: Delmar, NY
Contact:

Re: Wine Library Credit Card Breach

#167 Post by Ken V » November 29th, 2011, 11:12 am

Andrew L. wrote:You're right! Lynch the bastards!
Do you work for WL or some other store? I'm curious as to why you've gotten so animated on this issue?

FWIW this cost me much more than 5 minutes since I have had to change my card number with loads of online merchants who DO use a secure system for storing my card info.
Ken V @ s t o l @
The Fine Wine Geek
Click on the W W W button under my name to see my website.
"Don't be meek, embrace the geek." -Terry Theise
Twitter: @FineWineGeek

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#168 Post by Andrew L. » November 29th, 2011, 11:25 am

Ken V wrote:
Andrew L. wrote:You're right! Lynch the bastards!
Do you work for WL or some other store? I'm curious as to why you've gotten so animated on this issue?

FWIW this cost me much more than 5 minutes since I have had to change my card number with loads of online merchants who DO use a secure system for storing my card info.
I am not ITB. I just felt that some were overreacting. To me, this type of thing is a risk of doing business with your credit card, whether it be online or offline. In my experiences, dealing with these types of issues is quick and painless, so I can't relate to the fuss being made in this scenario.
L I T T L E

Brian Love
Posts: 163
Joined: March 9th, 2010, 7:12 am
Location: Atlanta

Re: Wine Library Credit Card Breach

#169 Post by Brian Love » November 29th, 2011, 11:29 am

Ken V wrote:
Andrew L. wrote:You're right! Lynch the bastards!
Do you work for WL or some other store? I'm curious as to why you've gotten so animated on this issue?

FWIW this cost me much more than 5 minutes since I have had to change my card number with loads of online merchants who DO use a secure system for storing my card info.
Andrew L appears to be just another angry person wanting to trash others at a drop of a hat. Sad, really.

My time is valuable to me and I spent about a day on this whole card fraud episode. I probably did spend more time than most, because I take SERIOUS umbrage at fraud and theft. Because you know who ends up paying for it? All of us honest people do. Fraud and these types of "loss" are priced into everything we purchase (and the fees merchants pay).

Eric Levine is pretty ticked at this issue, go read his post why.

Just throwing your hands up and saying "oh well this is the cost of doing business on the interent" is somewhat defeatist and misguided. Lesson is, WL could have done much more to secure my data. Other sites do, why can't WL? Great if WL has a long track record of customer service, that doesn't totally absolve them from making a big mistake that has implications for many parties. If WL really was so customer centric, then they would have been far further out front of this issue rather than let it percolate on message boards. This episode has impacts on WL too, as I'm pretty certain that WL's costs of credit card processing just shot up, not to mention the folks who are now foregoing purchases on their site.

If this kind of fraud was so prevalent, as some posters imply, nobody would use the internet for purchases. Frankly it's made me think twice on more than one occasion lately as to whether the online store I'm dealing with is secure - although I never truly know.

Appears some here are hanging out on Occupy Berserker-Street where one's time isn't really worth squat and basic economics are not understood.

User avatar
Andrew L.
Posts: 1144
Joined: July 24th, 2011, 5:21 am

Re: Wine Library Credit Card Breach

#170 Post by Andrew L. » November 29th, 2011, 11:36 am

That's an awfully long post for someone whose time is so valuable...
L I T T L E

User avatar
Eric LeVine
GCC Member
GCC Member
Posts: 12426
Joined: January 27th, 2009, 8:58 pm
Location: Seattle, WA

Re: Wine Library Credit Card Breach

#171 Post by Eric LeVine » November 29th, 2011, 12:02 pm

Brian Love wrote:Eric Levine is pretty ticked at this issue, go read his post why.
I would say "mildly annoyed" more than "pretty ticked." If anything I was more surprised that I would be impacted since I wasn't even a customer but rather was a "vendor" of some of the same customers as WL.

GV is the only WineLibrary guy I have met, and I will defend him to the end of the earth for many things. He is a pure class act. And from what I know of the other WL folks, clearly this is a great operation with great people.

That said, in this case they screwed up which is regrettable. Obviously the initial screwup was the whole method of card handling. However, I think though now it is pretty clear that ANYONE who ever stored CC info at WL/Cinderalla deserves a proactive notification. The cardholder data is leaked and will continue to be used until all such cards are destroyed. I think we are past the point of parsing who might or might not be affected. All cardholder data they held should be assumed to be tainted.

For example, I once tried to purchase wine via Cinderella via a recent Pegau offer. However the transaction was never consummated, since they don't ship to WA State. However I now wonder, did I enter card data? Did they store it? I don't rightly know. Separately, my wife recently lost the card I would have used, so we had to cancel and reissue anyway even though there were no bogus charges. I just can't remember whether this was before or after the attempted Cinderella purchase. Separately, are my username and password for their forum or any of their other systems compromised? Only they know how securely that data is stored and if it was impacted. I am assuming it is separate, but you know what they say about assumptions... I would sleep better knowing definitively one way or another.

They will get past it of course, and I am sure they will do what they can to make amends. I certainly hate to see them struggle with this, as it is not good for them, industry, consumers etc.
-Eric LeVine (ITB)
It rhymes with wine...

User avatar
Ken V
GCC Member
GCC Member
Posts: 38556
Joined: January 27th, 2009, 12:42 pm
Location: Delmar, NY
Contact:

Re: Wine Library Credit Card Breach

#172 Post by Ken V » November 29th, 2011, 12:57 pm

Andrew L. wrote:That's an awfully long post for someone whose time is so valuable...
[rofl.gif]
Ken V @ s t o l @
The Fine Wine Geek
Click on the W W W button under my name to see my website.
"Don't be meek, embrace the geek." -Terry Theise
Twitter: @FineWineGeek

User avatar
cjsavino
GCC Member
GCC Member
Posts: 5002
Joined: April 29th, 2010, 5:00 pm
Location: Cranford NJ

Re: Wine Library Credit Card Breach

#173 Post by cjsavino » November 29th, 2011, 1:09 pm

Think some folks need to get better CC companies. I had two cards impacted, a Visa and an AMEX, both were replaced in 1-2 days with new cards sent out overnight mail. Visa actually called me with an alert, had an agent on the phone on a Sunday morning, new card in my hands on Tuesday. Amex was the same way. No forms to fill out or other documentation.
Chris
Image

Roy Spence
Posts: 33
Joined: June 23rd, 2010, 7:19 am

Re: Wine Library Credit Card Breach

#174 Post by Roy Spence » November 29th, 2011, 1:22 pm

cjsavino wrote:Think some folks need to get better CC companies. I had two cards impacted, a Visa and an AMEX, both were replaced in 1-2 days with new cards sent out overnight mail. Visa actually called me with an alert, had an agent on the phone on a Sunday morning, new card in my hands on Tuesday. Amex was the same way. No forms to fill out or other documentation.

There is a difference between getting a call from a card company, where they just don't allow the charge to go through and simply issue you a new card, and when you find charges that have been made on your card and don't know how they got there. In that case the credit card company tells you to call the vendor and try to figure it out. You call the vendor and they tell you it may be fraud, call the credit card company back and tell them you dispute the charge, followed by paper work and follow-ups.

If most people had no problems, that's great, but for someone like me that had no idea that WL was hacked, and only knew that I had unauthorized charges, it was a hassle that took about 4 hours of my time along with the inconvenience of not having my cards for a week.

Also, similar to what Eric said, I'm bothered that WL is assuming that they knew the people impacted and only sent emails to them. I never got an email from WL and had to notify them that I TOO was a victim. At this point everyone that has a valid CC with WL should be getting notified!!!

Brian Love
Posts: 163
Joined: March 9th, 2010, 7:12 am
Location: Atlanta

Re: Wine Library Credit Card Breach

#175 Post by Brian Love » November 29th, 2011, 1:41 pm

Eric LeVine wrote:GV is the only WineLibrary guy I have met, and I will defend him to the end of the earth for many things. He is a pure class act. And from what I know of the other WL folks, clearly this is a great operation with great people.
To give some credit, WL has been trying to get in touch with me after seeing an earlier post. So kudos for that. Kind of a too little too late situation, though. There is an excellent PR lesson in here...

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#176 Post by Rick Gregory » November 29th, 2011, 1:58 pm

Roy Spence wrote: Also, similar to what Eric said, I'm bothered that WL is assuming that they knew the people impacted and only sent emails to them. I never got an email from WL and had to notify them that I TOO was a victim. At this point everyone that has a valid CC with WL should be getting notified!!!
I'm a bit puzzled at the 'trying to figure out who's a victim' thing too. The hackers undoubtedly grabbed everything in the database at the time of the hack and you have to assume that they came back and updated that until the security hole was closed. So, really, the safe thing to assume is that all cardholder data collected under the older system is compromised. Trying to restrain the flow of information just worsens the goodwill and PR impacts. I think people would be annoyed at the hack, but understanding if they had been alerted. Not having been alerted though leaves a bad coverup taste whether that's intended or not.
Dang Rick, I think that's right on the money. - K. John Joseph

B. Jenny
Posts: 227
Joined: April 27th, 2010, 5:57 am

Re: Wine Library Credit Card Breach

#177 Post by B. Jenny » November 29th, 2011, 2:43 pm

Eric LeVine wrote:
Brian Love wrote:Eric Levine is pretty ticked at this issue, go read his post why.
I would say "mildly annoyed" more than "pretty ticked." If anything I was more surprised that I would be impacted since I wasn't even a customer but rather was a "vendor" of some of the same customers as WL.

GV is the only WineLibrary guy I have met, and I will defend him to the end of the earth for many things. He is a pure class act. And from what I know of the other WL folks, clearly this is a great operation with great people.

That said, in this case they screwed up which is regrettable. Obviously the initial screwup was the whole method of card handling. However, I think though now it is pretty clear that ANYONE who ever stored CC info at WL/Cinderalla deserves a proactive notification. The cardholder data is leaked and will continue to be used until all such cards are destroyed. I think we are past the point of parsing who might or might not be affected. All cardholder data they held should be assumed to be tainted.

For example, I once tried to purchase wine via Cinderella via a recent Pegau offer. However the transaction was never consummated, since they don't ship to WA State. However I now wonder, did I enter card data? Did they store it? I don't rightly know. Separately, my wife recently lost the card I would have used, so we had to cancel and reissue anyway even though there were no bogus charges. I just can't remember whether this was before or after the attempted Cinderella purchase. Separately, are my username and password for their forum or any of their other systems compromised? Only they know how securely that data is stored and if it was impacted. I am assuming it is separate, but you know what they say about assumptions... I would sleep better knowing definitively one way or another.

They will get past it of course, and I am sure they will do what they can to make amends. I certainly hate to see them struggle with this, as it is not good for them, industry, consumers etc.

This sums up the whole situation perfectly! For those who can't understand this I just scratch my head.
Bill Jenny

User avatar
Andrew Demaree
GCC Member
GCC Member
Posts: 2811
Joined: January 23rd, 2011, 7:33 am
Location: Saratoga Springs, NY

Re: Wine Library Credit Card Breach

#178 Post by Andrew Demaree » November 29th, 2011, 5:15 pm

Just found out that my other CC was also compromised. I use both cards for wine purchases, which seems to have bitten me on the ass. Luckily, I just got replacement cards for my first compromised CC in the mail. Now, I need to go back around to my automatic payment places and change the info yet again.

On a related note, this whole fiasco deterred me from making a purchase from WL during the Black Friday free shipping blitz. I looked around and found three bottles of interest but couldn't bring myself to pull the trigger...too much of a bad taste in my mouth about what seems, in significant measure, to be due to their negligence with my information.

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#179 Post by Rick Gregory » November 29th, 2011, 6:10 pm

One other note for those of you hit by this... assume that anything you entered in their order form is compromised. Email address, name, etc. I've not bought from WL, but did they have you create an account when buying? If so, and you used a username and password that you use elsewhere, change the password wherever you use that combination.
Dang Rick, I think that's right on the money. - K. John Joseph

ksmith
Posts: 104
Joined: September 30th, 2009, 7:08 am

Re: Wine Library Credit Card Breach

#180 Post by ksmith » November 30th, 2011, 1:03 pm

NB: I just checked by trying to log in (not sure if I had an account or not). It failed, and the website says all passwords have been invalidated for security reasons and you will need to create a new one.
Kemp Smith

Mike DiSalvo
Posts: 1898
Joined: August 2nd, 2011, 12:03 pm
Location: Columbus, OH

Re: Wine Library Credit Card Breach

#181 Post by Mike DiSalvo » November 30th, 2011, 1:11 pm

Given the problems with some of these sites, I think they should offer PayPal as an option. Let's Pour is doing that.

Steve Dunham
Posts: 19
Joined: May 6th, 2010, 5:13 pm

Re: Wine Library Credit Card Breach

#182 Post by Steve Dunham » November 30th, 2011, 9:38 pm

ksmith wrote:NB: I just checked by trying to log in (not sure if I had an account or not). It failed, and the website says all passwords have been invalidated for security reasons and you will need to create a new one.
Has anyone been able to reset their password for their new site? my rant below....

I haven't ordered from them online for at least a year, but wanted to check my account to see which credit card was on file.

I also couldn't login to my account, so requested a password reset from their website. No email response.... Called them on Tues got a friendly person that said IT would be in touch with me. No response, tried their website several times again on Wed with different web browsers for an auto-reset of password with no email response and nothing in my email spam-filter.

I'm sure that their IT is swamped, but I'm still getting all of my automated WL and Cindy emails filling my inbox.

User avatar
cjsavino
GCC Member
GCC Member
Posts: 5002
Joined: April 29th, 2010, 5:00 pm
Location: Cranford NJ

Re: Wine Library Credit Card Breach

#183 Post by cjsavino » December 1st, 2011, 5:46 am

Steve Dunham wrote:
ksmith wrote:NB: I just checked by trying to log in (not sure if I had an account or not). It failed, and the website says all passwords have been invalidated for security reasons and you will need to create a new one.
Has anyone been able to reset their password for their new site? my rant below....

I haven't ordered from them online for at least a year, but wanted to check my account to see which credit card was on file.

I also couldn't login to my account, so requested a password reset from their website. No email response.... Called them on Tues got a friendly person that said IT would be in touch with me. No response, tried their website several times again on Wed with different web browsers for an auto-reset of password with no email response and nothing in my email spam-filter.

I'm sure that their IT is swamped, but I'm still getting all of my automated WL and Cindy emails filling my inbox.
Reset my password yesterday without any issue. Had to enter a new password and old password.
Chris
Image

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#184 Post by Rick Gregory » December 1st, 2011, 11:19 am

My advice above wasn't about your WL password, but other accounts where you might have used the login you used to use on WL. A lot of people reuse the same username and password across accounts to make it easier to remember. So if you used the same username and password on WL and, say, your email, the hackers would have access to that. Not an issue if your WL username and password weren't used anywhere else, possible big deal if they were, esp on your email account.
Dang Rick, I think that's right on the money. - K. John Joseph

User avatar
Mark F r a n k s
Posts: 2986
Joined: March 5th, 2009, 6:52 am
Location: A little north of hell

Re: Wine Library Credit Card Breach

#185 Post by Mark F r a n k s » December 1st, 2011, 11:26 am

Rick Gregory wrote:My advice above wasn't about your WL password, but other accounts where you might have used the login you used to use on WL. A lot of people reuse the same username and password across accounts to make it easier to remember. So if you used the same username and password on WL and, say, your email, the hackers would have access to that. Not an issue if your WL username and password weren't used anywhere else, possible big deal if they were, esp on your email account.
Exactly what I had to do. I used the same password for about 30 different websites (I know, I know). It was quite the pain in the ass having to go to each one and change the passwords. Mostly e-commerce sites, so not really scary, but they could have made orders, etc. I really have to go over my Amex bills with a magnifying glass for the next month or three.
"Valar Morghulis"

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#186 Post by Rick Gregory » December 1st, 2011, 11:41 am

Mark (and others),

You might want to look at something like Lastpass or 1Password. These are password managers that generate unique and secure passwords for each site you use and can autofill them for you. The downside is that you 1) need to use a secure password to access your vault of passwords and 2) if you forget it, you're screwed (well, you need to reset each of the accounts).

The email password is critical IMO because if they can get control of that they can look through your past emails, see hwere you have an account and reset account passwords... guess where new ones are sent? Yeah... your email.
Dang Rick, I think that's right on the money. - K. John Joseph

User avatar
Mark F r a n k s
Posts: 2986
Joined: March 5th, 2009, 6:52 am
Location: A little north of hell

Re: Wine Library Credit Card Breach

#187 Post by Mark F r a n k s » December 1st, 2011, 11:46 am

Rick Gregory wrote:Mark (and others),

You might want to look at something like Lastpass or 1Password. These are password managers that generate unique and secure passwords for each site you use and can autofill them for you. The downside is that you 1) need to use a secure password to access your vault of passwords and 2) if you forget it, you're screwed (well, you need to reset each of the accounts).

The email password is critical IMO because if they can get control of that they can look through your past emails, see hwere you have an account and reset account passwords... guess where new ones are sent? Yeah... your email.
I'll check that out, thanks.
"Valar Morghulis"

Frank Smith
Posts: 801
Joined: June 30th, 2009, 5:49 pm
Location: Kansas City area

Re: Wine Library Credit Card Breach

#188 Post by Frank Smith » December 1st, 2011, 11:54 am

Rick Gregory wrote:Mark (and others),

You might want to look at something like Lastpass or 1Password. These are password managers that generate unique and secure passwords for each site you use and can autofill them for you. The downside is that you 1) need to use a secure password to access your vault of passwords and 2) if you forget it, you're screwed (well, you need to reset each of the accounts).

The email password is critical IMO because if they can get control of that they can look through your past emails, see hwere you have an account and reset account passwords... guess where new ones are sent? Yeah... your email.
I use something similar - KeePass (and the KeeFox add-on for Firefox), and it has worked well.

Steve Dunham
Posts: 19
Joined: May 6th, 2010, 5:13 pm

Re: Wine Library Credit Card Breach

#189 Post by Steve Dunham » December 1st, 2011, 2:40 pm

cjsavino wrote:
Steve Dunham wrote:
ksmith wrote:NB: I just checked by trying to log in (not sure if I had an account or not). It failed, and the website says all passwords have been invalidated for security reasons and you will need to create a new one.
Has anyone been able to reset their password for their new site? my rant below....

I haven't ordered from them online for at least a year, but wanted to check my account to see which credit card was on file.

I also couldn't login to my account, so requested a password reset from their website. No email response.... Called them on Tues got a friendly person that said IT would be in touch with me. No response, tried their website several times again on Wed with different web browsers for an auto-reset of password with no email response and nothing in my email spam-filter.

I'm sure that their IT is swamped, but I'm still getting all of my automated WL and Cindy emails filling my inbox.
Reset my password yesterday without any issue. Had to enter a new password and old password.
WL followed up today with phone call and a link for password reset. I now know which credit cards I need to stop.

If anyone is having issues, Brandon is the man. thanks!!!!

User avatar
Ken V
GCC Member
GCC Member
Posts: 38556
Joined: January 27th, 2009, 12:42 pm
Location: Delmar, NY
Contact:

Re: Wine Library Credit Card Breach

#190 Post by Ken V » December 2nd, 2011, 2:07 am

Rick Gregory wrote:My advice above wasn't about your WL password, but other accounts where you might have used the login you used to use on WL. A lot of people reuse the same username and password across accounts to make it easier to remember. So if you used the same username and password on WL and, say, your email, the hackers would have access to that. Not an issue if your WL username and password weren't used anywhere else, possible big deal if they were, esp on your email account.
You are right. Some bastard went to all these different wine websites using my cc and bought tons of Barolo! [swearing.gif]


Oh, wait. nevermind. blush
Ken V @ s t o l @
The Fine Wine Geek
Click on the W W W button under my name to see my website.
"Don't be meek, embrace the geek." -Terry Theise
Twitter: @FineWineGeek

Greg Golec
Posts: 115
Joined: April 27th, 2010, 6:13 am
Location: Chicago, IL

Re: Wine Library Credit Card Breach

#191 Post by Greg Golec » December 2nd, 2011, 10:31 am

I've not been a victim TWICE. Does that make me a winner??

Several months ago I had charges from many of the companies listed up-thread so I cancelled my card and received a new one. I then ordered from WL with my new card before this thread popped up. Sure enough, they got me again. The thing that really pisses me off is that I've yet to get any sort of communication from WL. I was not included on the email they sent. I sent an email to Brandon and look forward to hearing back. Now on to calling the CC company....

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#192 Post by Rick Gregory » December 2nd, 2011, 10:33 am

Ken V wrote:
Rick Gregory wrote:My advice above wasn't about your WL password, but other accounts where you might have used the login you used to use on WL. A lot of people reuse the same username and password across accounts to make it easier to remember. So if you used the same username and password on WL and, say, your email, the hackers would have access to that. Not an issue if your WL username and password weren't used anywhere else, possible big deal if they were, esp on your email account.
You are right. Some bastard went to all these different wine websites using my cc and bought tons of Barolo! [swearing.gif]


Oh, wait. nevermind. blush
What I want to know is how they knew to ship the Barolo here....
Dang Rick, I think that's right on the money. - K. John Joseph

User avatar
Matt Snow
Posts: 268
Joined: May 13th, 2009, 5:19 pm
Location: Boston, MA

Re: Wine Library Credit Card Breach

#193 Post by Matt Snow » December 2nd, 2011, 12:34 pm

Just placed my first order using the new WL system. Nice clean interface. A little more fooling around than the old one but not too bad. Good work, WL folks.

-- Matt

Jim V a n P e l t
Posts: 1194
Joined: June 5th, 2009, 1:58 pm
Location: Minneapolis, MN

Re: Wine Library Credit Card Breach

#194 Post by Jim V a n P e l t » December 2nd, 2011, 5:28 pm

Rick Gregory wrote:My advice above wasn't about your WL password, but other accounts where you might have used the login you used to use on WL. A lot of people reuse the same username and password across accounts to make it easier to remember. So if you used the same username and password on WL and, say, your email, the hackers would have access to that. Not an issue if your WL username and password weren't used anywhere else, possible big deal if they were, esp on your email account.
+1000

Mike Maguire
GCC Member
GCC Member
Posts: 1200
Joined: April 27th, 2010, 4:35 pm
Location: University Place Wa.

Re: Wine Library Credit Card Breach

#195 Post by Mike Maguire » December 8th, 2011, 5:44 pm

Well i sat back and watched all the carnage unfold, no worries said I, since i had only bought cheese from WL.Wrongo,my card was also comprimised to the tune of $1500.Props to Capital One for contacting me and then cancelling said card flirtysmile .I want to be PC, but once in a while it would be nice to speak with someone that doesn't have English as a second or third language, minor rant and everything worked out so maybe I need to learn a different lingo [wow.gif] [wow.gif]

Dale Williams
Posts: 1207
Joined: April 27th, 2009, 10:19 am

Re: Wine Library Credit Card Breach

#196 Post by Dale Williams » December 10th, 2011, 4:24 pm

just as a PSA- my card was replaced by my credit card company after suspicious activity a few months ago. When I read this thread I thought "aha." But that doesn't mean I was safe -apparently they also got new card's info. I just got an automated call from Discover, asking if I charged $27 to World of Warcraft today. Damn. Just talked to a cs rep, other charges to "online entertainment" places. She seemed astonished when I told her I knew what the source was. Even if you think you were missed, I'd strongly advise anyone who had a cc on file at WL to go ahead and request a replacement card.

Actually, seems to me WL should have contacted at least Amex and Discover and told them what cards were probably compromised (as Visa and MC are issued by individual banks, might be harder). I'm not out money, but this is indeed a PITA.
Last edited by Dale Williams on December 12th, 2011, 5:20 am, edited 1 time in total.

User avatar
alexnicholas
Posts: 563
Joined: February 26th, 2011, 6:22 pm
Location: New York City / New Jersey

Re: Wine Library Credit Card Breach

#197 Post by alexnicholas » December 10th, 2011, 4:38 pm

I got hit by Blizzard 3 days ago and got notified of illegal use. I have seen Blizzard posted here before and didn't put two and two together and really am ignorant about this sort of thing, but should I assume it is a result of the breach of WL? Living near them, I ordered a ton of wine from them in 5 years.
@lex N1chol@s
CT lolo66

User avatar
Gil Bauer
GCC Member
GCC Member
Posts: 265
Joined: June 16th, 2009, 11:08 am

Re: Wine Library Credit Card Breach

#198 Post by Gil Bauer » December 11th, 2011, 7:53 am

Just got hit with a fraudulent Blizzard charge ($150) on the card that I use for WL purchases...
ITB? - Wine Ambassador, City Wine Tours

User avatar
Eric LeVine
GCC Member
GCC Member
Posts: 12426
Joined: January 27th, 2009, 8:58 pm
Location: Seattle, WA

Re: Wine Library Credit Card Breach

#199 Post by Eric LeVine » December 11th, 2011, 7:57 am

I lost my chargeback with Discover (due to Discover wiping out ALL charges on a stolen card, even those the customer said were legit like mine). Upon hearing the customer happily paid me again, but now I have a blotch on my merchant record. If I could frankly, I would refuse to ever accept Discover again.
-Eric LeVine (ITB)
It rhymes with wine...

User avatar
Rick Gregory
Posts: 8729
Joined: January 27th, 2009, 12:42 pm
Location: Seattle

Re: Wine Library Credit Card Breach

#200 Post by Rick Gregory » December 11th, 2011, 9:05 am

Why can't you drop Discover? I can't imagine anyone uses it exclusively... they'll have other cards.
Dang Rick, I think that's right on the money. - K. John Joseph

Post Reply

Return to “Wine Talk”