Wine Library Credit Card Breach

I just got an email from the Wine Library – it looks like they are being extremely careful and responsible about this, but the email said that someone (probably in China) got into their credit card database and in early-mid October customers started reporting instances of credit card fraud.

Someone tried to use my American Express card to buy time on World of Warcraft on October 12 – I had the card in my possession, and my wife’s AmEx card has a different number. I figured that it had been compromised by a wine purchase but my purchases around that time were from Zachy’s and a NJ shop, so I blamed the NJ shop. I have to confess that I never imagined it might have been Wine Library.

Did anyone else have to replace their card in October?? If you don’t check your credit card records and you buy wine – better keep an eye on things!!

FWIW I have been a very satisfied customer at Wine Library and I expect to be one into the future. This is not a WL bashing thread. But I think it’s something everyone should know about. Perhaps all of their customers got the same email that I did.

Had to replace two cards Amex and Visa

I posted this before I noticed Jorge’s thread

Credit Card Fraud - with a twist

Some interesting overlapping details. Of course my weird charge was also Blizzard. And AmEx jumped on it, sent me an email at 2 AM and I was on the phone with them at 3 AM, cancelled the card, new one came on Monday.

The only mismatch is that the WL problems seem to have hit mostly in October.

Mine was used in WoW also. Luckily, the card company notified me and replaced the card before I even knew there was a problem.

Frank,

I haven’t purchased from WL since early last year (or perhaps longer). All of my bogus charges were done in late September. It’s quite possible that more than 1 database was hit.

Jorge,

It doesn’t matter when your last purchase was, as long as they stored your cc info. Mine was also a fair time ago. But WL is the common link.

For what it’s worth – I’m on a “manga” board that has several young people on it as well. And a lot of the spam involves people selling stolen credit card information. So if that information is being “fenced” back to America, the people who decide to try the credit cards are likely to be kids, the same people who try to buy stuff from Blizzard. I think that’s consistent with a Chinese hack…

my AMEX was hacked and used at itunes.

So far, my Amex appears safe…

I had two very small charges to a company in manhattan

I had to replace my Amex last month

I the last time I purchased anything from WL was November 2009. Got hit with three Blizzard charges back in August on my BofA debit MasterCard.

I’ve had two CCs that have had to be replaced since late August. In both instance charges showed up against Blizzard and WoW. Each time the CC issuer fraud department called and took care of the false charges. I’m not prepared to say WL was the common thread (could have been a number of online wine merchants) but in each case when the vendor saw the purchase wasn’t for food or wine or Amazon they pretty much shut these down.

All things considered I feel the CC issuers do a pretty good job of keeping track of their customer purchases and fleshing out the anomalies. A couple of years ago the family hopped in the car and we drove to Chicago. We paid for gas, lunch and the hotel on a big bank debit card. Went to buy a pair of pants at Nordstrom’s and my purchase was declined. Made the purchase via other means, called the bank and they explained how the preceding purchases had tripped their fraud alerts. Now when we travel, we try to give them a head’s up. Part of the price to pay in a society where big brother is watching over us I guess.

I’m buying more stock in Blizzard!

My Amex was hacked and they charged some stuff at Sam’s Club in FL. Sam’s Club is so ghetto, Costco’s ugly red-headed step-sister. (My apologies to anyone that shops at Sam’s Club…but I stand by my ghetto comment).

Blizzard charges on my Discover card in late October as well. Discover was all over it, freezing the account and covering all charges as well. That was the card WL had for me. Sooner or later, everyone will have this happen to a card. Make sure to review and question all CC charges when you get you statements so you can contest the charges and not be liable.

I just got the e-mail as well. My Visa card (the one I use for wine purchases) was hacked in late October, and Blizzard was the main site (along with a couple of tiny iTunes charges). I was wondering how it got compromised, I guess I know now.

I have to say I’m very disappointed in Wine Library but I assume they’ve learned a valuable lesson from this. Overall, I thought they had a pretty good fulfillment operation so I shudder to think about what’s going on at Lot 18.

M @ r k M @ r c e ! ! u s

There’s more about this at: http://wine.woot.com/Forums/ViewPost.aspx?PostID=4724742&PageIndex=1&ReplyCount=11

Not sure I view this as WL acting responsibly* - sounds just as likely that people on the web had put the pieces together and WL had to send something out to head off a deeper fiasco about how they sat on it.

(*EDITED for better clarity)

According to the e-mail they sent out, they were storing customer credit card info on their web site and their web site had been hacked from a Chinese IP address. They’re responsible - if not for every one of these, at least the vast majority. And storing customer credit card info on their web site is inexcusable.

M @ r k M @ r c e ! ! u s

I think you mistook my meaning. I was saying in response to the OP’s take on it that I wasn’t so impressed that they had acted very responsibly. So, I agree with you, and will fix my language to be clearer.

Don’t get me wrong, I think they are a great store, but I’m not bowled over by their response here. The email to customers is very well-written and puts a very responsible-sounding spin on it, until you look more closely… the email talks about how they are now using new, best-in-class security protocols… which only makes me wonder, “you weren’t using that already?” As one of the biggest Internet wine stores, and one especially known for its net-savvy, seems a little tough to accept that they didn’t know better on a lot of levels here.

Nobody’s perfect, but I’m waiting to see how the full story develops. I may be being tough on them because I’ve come to expect a high level of them, but I gotta say for now, Gary V has to find a way to ‘bring the thunder’ now, more than ever in my eyes.

Interesting. My card on record with WL expired in September. I’m assuming the hackers got my card number, but not the current expiration and security code. I haven’t seen anything on that account that wasn’t mine. I’ll keep an extra eye on it just in case, though without that info you usually can’t get too far.