Three charges to Blizzard last month. Had to cancel and replace the card. I guess I now have an idea how it happened. Though I have not yet received an email from WL about the breach.
Me too. Replaced a VISA that had been used for WoW. Glad to finally know the source.
It happened to me as well. I made 2 purchases in last 2 years from WL. Recently bought 2000 Seavey and soon afterwards my AMEX was used at Blizzard Ent and iTunes.
I saw a pending charge for Elizabeth Arden, Inc on my account earlier this week which no one in the house claimed, though it never did come through as an actual charge. I was suspicious, but thought maybe it was a charge that someone in the family made that came up under a parent company name so wasn’t recognized. But today I see a couple of small “BLIZZARD ENT WOW SUB” pending charges, so I guess it’s time to cancel the card. Freakin’ low-lifes ![[swearing.gif]](/uploads/db3686/original/2X/8/8a0d3f3461d40641d294442fc2be78039bf94d19.gif "[swearing.gif]"){kind=small}
I am so glad that someone started this thread. For the past couple of weeks I’ve been freaking out about what went wrong. I uninstalled my existing anti-virus and have been cancelling cards and trying to figure out what went wrong when. From the fraudulent charges that others have been seeing, I’m pretty confident that this was the source of my problems as well. My charges have been to Itunes and Blizzard as well.
I also see one for SUGARSYNC, so there’s another one to look for.
By the way, the only credit card information I had stored in my account at WL was an old card that is no longer valid. However, I did buy something from them late last month using a different card, but I didn’t check the box to store the card information in my account. So it doesn’t matter if you intentionally stored your card info there or not. Apparently WL is (or was) storing the credit card data from the purchase itself. Very bad practice, and really ticks me off because I’ve made a point to not store credit card data on sites anymore. Looks like I didn’t have a choice with WL.
Interestingly enough, my card was hacked last month, and I had a charge from Blizzard on there too. I’ve ordered from WL in the past.
My Amex was used by iTunes Luxemburg for $19.95. A quick call to Amex killed the charge and voided the cards. Thanks to the original poster for starting this thread - would have taken me another day or two to catch it!
Hi Everyone,
I just posted this on another board that is talking about this but wanted to get it in here as well. If anyone has any other questions, feel free to email me directly - brandon at winelibrary dot com. I can’t express to all of you how upset we are that a hacker decided to target us. What we put out is really all that we know right now. We wanted to get out what we know so far to people who we thought might have been affected - even if it turns out in the end many of them were not.
We’re trying to do everything we can to stay in front of this issue. Please, if anyone has any other questions, feel free to let me know and I will do my best to answer them.
Brandon
I posted on WL as well, but I got nailed with someone buying stuff from blizzard last week. Still waiting on my replacement card from BofA
A quick note - if any of you own smaller businesses and process CCs, either make sure you encrypt the numbers on your site, don’t store them at all or consider using an outsourced solution ala Shopify, etc. Storing CC info in plaintext (or encrypted with the decryption key available) is risking precisely what WL has been hit with.
Yes. My Amex was hacked in oct and video games were purchased. I am also on WL base. Wow.
Same.
[quote=“Frank Smith”]I also see one for SUGARSYNC, so there’s another one to look for.quote]
Yep, me too.
Add me to the list (Blizzard charges went through; I disputed them, and then shortly after that, per my CC company, the hacker tried to buy some very expensive stuff in France. Wine?).
Is it worth passing this info on to my credit card company? I find it tragic how little prosecution there is of such crimes. And I’m a prosecutor. Wrong department, unfortunately.
I spoke with someone from WL today. Hacker had a wait for it…Chinesse IP…shocker that! Apparently there IT people are trying to identify which specific CC were compromised.
Same thing happened to me with the Chase card I used at WL. Charge for online game appeared. They called me right away.
I am a strong proponent of PayFlow Link. Cardholder data is basically a munition as far as I am concerned, so I never, ever want to touch it directly myself or have any responsibility for it.
My sympathies to WL. Tough situation.
Honestly, most small merchants probably should outsource the store in any event. The card companies are starting to crack down and require PCI compliance from every merchant regardless of transaction volume for just this reason - smaller merchants don’t have the security expertise or infrastructure in place that larger players do. See Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards for information on PCI.
Hosting elswhere (Shopify, Magento Go, etc) pushes this on them and they usually have much better systems for dealing with this kind of thing. If someone does host thier own cart, never ever store cardholder data in plaintext or even encrypted unless you’re VERY sure the decryption key is safe. This makes doing customer account based shopping harder of course. It’s possible to do this well, but it’s something that needs real thought and attention and is pretty easy to mis-deploy.
i was blizzarded as well. forgot about it until this thread. amex was great about it as they often are.