Just found this on another site re Shopto & possible credit card details leak - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HotUKDeals, you accept our cookie and privacy policy.
Get the HotUKDeals app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Just found this on another site re Shopto & possible credit card details leak

£0.00 @ ShopTo
"ATTN ShopTo customers - possible credit card leak It appears that a German hacker community has discovered a leak in ShopTo's security certificate, and as a result several credit card numbers have…
clondikemike Avatar
7y, 11m agoPosted 7 years, 11 months ago
"ATTN ShopTo customers - possible credit card leak

It appears that a German hacker community has discovered a leak in ShopTo's security certificate, and as a result several credit card numbers have been leaked online. Anyone who has used ShopTo in the past should take a look at their bank balance and take the appropriate action to minimise any loss.

ShopTo's official statement on their forums is that the issue is external, and that if you have only ever entered your information on ShopTo's website that you should be okay. We've contacted ShopTo for a statement.

UPDATE 5:29 PM
It appears that this leak may be related to an earlier incident from late March. Details are very sketchy at the moment but it seems that the ShopTo security certificate weakness may not be related to the leak of 19,000 credit card numbers. However, if you are in any way unsure about the security of your details, contact your bank or card issuer to take the appropriate action. ShopTo have updated their security certificate today to eliminate this weakness.
Other Links From ShopTo:
clondikemike Avatar
7y, 11m agoPosted 7 years, 11 months ago
Options

All Comments

(7) Jump to unreadPost a comment
Comments/page:
#1
How interesting - recently some thieving b...... decided that they would use my bank account to make several online purchases and I did actually wonder did it have anything to do with Shop to (whom i use regularly). I have since been refunded the monies and the bank are investigating the matter.

It would be interesting to find out if it was anything to do with Shop to ??????
#2
buzylizzie
How interesting - recently some thieving b...... decided that they would use my bank account to make several online purchases and I did actually wonder did it have anything to do with Shop to (whom i use regularly). I have since been refunded the monies and the bank are investigating the matter.

It would be interesting to find out if it was anything to do with Shop to ??????


Have just been on the phone to my brother as he uses them quite a lot, fingers crossed all is ok,
#3
clondikemike
Have just been on the phone to my brother as he uses them quite a lot, fingers crossed all is ok,


Hopefully will be ok
#4
buzylizzie
How interesting - recently some thieving b...... decided that they would use my bank account to make several online purchases and I did actually wonder did it have anything to do with Shop to (whom i use regularly). I have since been refunded the monies and the bank are investigating the matter.

It would be interesting to find out if it was anything to do with Shop to ??????


Mine got done over after Christmas - the only place that I had used it that wasn't one of my regular online stores was shopto - never used them since.
#5
buzylizzie
Hopefully will be ok


Just let me know that all seems fine,:), cant trust anywhere nowadays!!!:x
#6
Hi,

The article above is a mistranslation as it has been translated from English to German and back to English. Shopto are not mentioned in the original article. It appears that a payment processor (Paypal, Protx, Google Checkout) was compromised and this was the source of the leak for the 19k credit cards. There was a seperate issue with Shopto's SSL certificate which was easily fixed by reissuing the certificate. I can assure you Shopto were not compromised nor were any details leaked from the store. Original articles below, please note the lack of mention of Shopto...

The original article before mistranslation from 20th March 2009..

http://www.itnews.com.au/News/99250,aus ... mbers.aspx

Quote:
By Ry Crozier
20 March 2009 03:36PM
A defunct payment gateway has exposed as many as 19,000 credit card numbers, including up to 60 Australian numbers.

The discovery by a local IT industry worker was made by mistake.

Apart from being the result of poor security, it may also have been aided by a side-effect of the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone.

The cached data, viewed by iTnews, includes 22,000 credit card numbers, including CVVs, expiry dates, names and addresses.

Up to 19,000 of these numbers could be active. Most are customers in the US and Britain although some are Australian.

The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus.

Within the address bars of the cached pages are URLs of companies, including UK retailers of laboratory supplies, sports and health goods, apparel, photo imaging and clothing.

"I received a Google Alert for a name," said the worker who discovered the problem, speaking on condition of anonymity to iTnews.

"The alert started with a bunch of other numbers, so I went to the web page and it was just a virtual directory listing with a bunch of directories underneath and a load of files inside."

"It looks like the site might have been a payment processing gateway that handled credit card transactions for a bunch of websites before it went belly-up," the worker speculated.

The worker tried to report the find immediately to Visa and Mastercard, which have the lion's share of card numbers, but said neither returned calls.

iTnews has contacted the credit card providers for comment.

"We're investigating this report as a matter of priority, but it's too early to make any further comment," said a spokesperson for Visa.

The information will be handed to police tonight, the worker said.



THe update on this article on 23rd March 2009

Quote:
23 March 2009 03:25PM


Australians whose credit card details and other personal data have been exposed on the public Internet since Friday are yet to be contacted by their credit card merchants or law enforcement authorities.

As reported on iTnews on Friday, the credit card and contact details of some 19,000 people have been discovered sitting in the cache of a popular search engine.

Within hours of the attack, representatives from both the Australian Federal Police and Visa told iTnews they would be investigating the matter.

As of 3pm today (Monday, March 23, 2009), the details remain available on the public Internet for viewing.

Today iTnews took the opportunity to contact a sample of affected Australian customers.

One couple from Perth, Western Australia, recognised one of the names of the UK apparel e-tailers listed on the site as a place from which they have purchased goods in the past.

The two British ex-pats said they had heard nothing from their bank, credit card company or law enforcement, and went about checking their bank statements for irregularities.

Another affected customer, a young girl from Victoria, said she had heard nothing and expressed some relief that in her case, the credit card in question had recently expired.

Representatives from the Australian Federal Police promise to update iTnews before day's end.



The article then made to other sites on 30th March, 2009 mainly UK (where the German Google link came about mentioning no sites just stressing 19k was stolen)



http://www.pcworld.com/businesscenter/a ... cards.html

Quote:

The credit card details of 19,000 Britans who shopped online were freely and briefly available on Google, it has been revealed.

Anyone using the search engine could have easily accessed not only the name and addresses of thousands of Visa, Mastercard, and American Express card holders, but also the full card details too.

It is thought cybercriminals accidentally made the information live during a bid to sell the credit card details to other online criminals.

According to the banking body APACS, the majority of the cards had already been cancelled but the owners were probably unaware their information was available online.

An APACS spokesman told The Telegraph: "The data was originally posted on an unsecured server in Vietnam used by criminal gangs. The site was closed down in February but the information remained available on a 'cached' version of the page on Google, which stores historical snapshots of Websites even after they are removed."

Google confirmed the information has since been removed.
#7
So what do you guys think about shopping with ShopTo after this incident? Is it still safe?

It's a shame really if this site is no longer safe as I find their price for PS3 and other games to be very competitive.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Looking for Twitter login?
Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!