12-11-2011, 10:34
FYI - dnevitamins.com site hacked!
May 31 2008 at 5:51 AM riven_one (Login riven_one)
--------------------------------------------------------------------------------
FYI-
DNE has been recommended here by several users, so I placed an order. Subsequently my credit card number was stolen and was used to purchase various things. I got all of the charges reversed but it created quite a mess, and took a lot of time. I have an e-mail into DNE expressing my displeasure at their business operations; and i'm not for sure if I will ever order from them again. My credit card details are posted quite blatently in a thread on a warez type message board along with dozens of others. For obvious reasons I will not post that link up here. I have reported the crime to the government internet crime people for all of the good that will do.
If you have been the victim of credit card theft and placed an order with DNE between February 27, 2008 to March 2, 2008 then that is how your card # got into circulation.
I received this information in an e-mail from someone else that had been hacked and who sent an e-mail to all of the affected users whose credit card info was in that hacker message thread:
"I contacted DNE this evening to be told that they were aware of the security compromise and that I needed to contact someone named MichelleR@DNEPharm.com. She was not available at the time I called. She can be reached at the email address I just listed or at DNE Customer Service during normal business hours. The number is 1-800-221-1833. I am upset that DNE knew about this, yet failed to contact their customers to let them know. I am certain some sort of legal action can be taken against them if any of you have fraudulent charges on your credit cards"
Riven
Author Reply
Deb
(Login ddover) Re: FYI - dnevitamins.com site hacked! May 31 2008, 11:12 PM
Oh my! I've ordered from them for about 2 years now and have NEVER had a problem. Thanks for letting us know about this because I was getting ready to place another order.
I had the same thing happen to me about a month ago and it was because I used my debit card at TJMaxx. Someone purchased tickets to Uraguay (sp?) for over 800.00. I got the charges reversed, like you, but also like you, it was a big mess and a pain to deal with. TJMaxx is currently in a law suit because they knew their customer database had been hacked and refussed to up the security on it because they fell that they are right where they need to be with their security levels. Yeah right!
Princes Pearl
(no login) Re: FYI - dnevitamins.com site hacked! June 2 2008, 8:11 AM
*cursing*
that must be where my mess started...I had to close and reopen my checking account. Big pain in the butt. I did order from them around the time frame that Riven mentioned.
they sent all kinds of crap to my house as well as tried to buy a tv in another state, a lot of fraud. it is all taken care of now, but it was a real pain with lots of red tape.
Thanks for the heads up as to what happened to you. Now I am sure it was DNE that leaked my number or was hacked like you said, Riven One.
Edit Message Delete Message
waxingmoon
(Login waxingmoon)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 5 2008, 5:45 PM
I ordered some vitamins from DNE way back in November 2007. My account got attacked in March. I was racking my brains trying to figure out how the thieves got my info since there were no online purchase in 2008 on that account.
Now I know. At least I am pretty sure. The hackers must have been able to go way back into the account histories.
I don't know if I will ever do credit card internet business again. I always assumed the thefts would occur from some breach in my own computer and I have a lot of protection from that. To find out that hackers can get at a business and use data that is months old... that is horrible.
Got all the money back ... eventually... my bank was the one who tipped me off about the theft. So no money lost on my end but man what a nightmare anyway... grrr!
waxingmoon
Edit Message Delete Message
jellyDeeee....
(Login jellyboobs)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 6 2008, 12:34 AM
Girls/ guys does that site have a security pad lock n????
My husband said you should be safe it it has so Id like to know please love jelly....
Edit Message Delete Message
riven_one
(Login riven_one) Re: FYI - dnevitamins.com site hacked! June 6 2008, 5:09 PM
The "security pad" you see means that the data that is exchanged between your web browser and their web site is encrypted (as it should be for credit card transactions), and I do believe that the dne website uses this encryption. However, once your transaction has been processed then the data from it is stored somewhere on a server which is (in this case) being accessed by hackers due to some kind of missing or lax security, or their web site is susceptible to a "sql injection" kind of attack. One of the cardinal rules of dealing with credit card numbers is that they should always be stored in an encrypted form to guard against a hacker getting ahold of them. Had dne stored the card numbers this way then even if a hacker had gotten the credit card data from the server or from an "sql injection" attack then it would be useless to him. The fact that their server/web site is not secure, and the fact that their credit card numbers are not encrypted when they are stored on a server tells me that whoever built their on line store was not concerned whatsoever about the security of the data. It is possible that their merchant agreement could be revoked if their credit card processor ever finds out about these serious security breaches.
Edit Message Delete Message
jelly
(Login jellyboobs)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 8 2008, 12:35 PM
WHOOOOOO>>>>>.... scary !!!! thankyou Riven one Im so sorry that happened to you and the others love jelly.....
Wonderpuff
(Login Wonderpuff) Re: FYI - dnevitamins.com site hacked! June 19 2008, 8:18 PM
Wow, I haven't been here forever and was just going to check in and I see this. I have been driving myself crazy about a charge on my card that I didn't make and I couldn't think of how my number might have been compromised. Well guess what? I used this card to place an order to DNE way back in Nov. 2007! I guess that teaches me to shop at sites that I have never heard of before! I was lucky though, I noticed the charge immediately and reported it and had new account numbers issued. What a joke! There are a lot of pathetic people out there who have nothing better going on in their life than to screw with other people. I hope everyone that has had problems with this gets it resolved quickly. I believe in karma and I just smile thinking about the payback these idiots have coming to them. Anyway, good luck to each of you with all your endeavors!
May 31 2008 at 5:51 AM riven_one (Login riven_one)
--------------------------------------------------------------------------------
FYI-
DNE has been recommended here by several users, so I placed an order. Subsequently my credit card number was stolen and was used to purchase various things. I got all of the charges reversed but it created quite a mess, and took a lot of time. I have an e-mail into DNE expressing my displeasure at their business operations; and i'm not for sure if I will ever order from them again. My credit card details are posted quite blatently in a thread on a warez type message board along with dozens of others. For obvious reasons I will not post that link up here. I have reported the crime to the government internet crime people for all of the good that will do.
If you have been the victim of credit card theft and placed an order with DNE between February 27, 2008 to March 2, 2008 then that is how your card # got into circulation.
I received this information in an e-mail from someone else that had been hacked and who sent an e-mail to all of the affected users whose credit card info was in that hacker message thread:
"I contacted DNE this evening to be told that they were aware of the security compromise and that I needed to contact someone named MichelleR@DNEPharm.com. She was not available at the time I called. She can be reached at the email address I just listed or at DNE Customer Service during normal business hours. The number is 1-800-221-1833. I am upset that DNE knew about this, yet failed to contact their customers to let them know. I am certain some sort of legal action can be taken against them if any of you have fraudulent charges on your credit cards"
Riven
Author Reply
Deb
(Login ddover) Re: FYI - dnevitamins.com site hacked! May 31 2008, 11:12 PM
Oh my! I've ordered from them for about 2 years now and have NEVER had a problem. Thanks for letting us know about this because I was getting ready to place another order.
I had the same thing happen to me about a month ago and it was because I used my debit card at TJMaxx. Someone purchased tickets to Uraguay (sp?) for over 800.00. I got the charges reversed, like you, but also like you, it was a big mess and a pain to deal with. TJMaxx is currently in a law suit because they knew their customer database had been hacked and refussed to up the security on it because they fell that they are right where they need to be with their security levels. Yeah right!
Princes Pearl
(no login) Re: FYI - dnevitamins.com site hacked! June 2 2008, 8:11 AM
*cursing*
that must be where my mess started...I had to close and reopen my checking account. Big pain in the butt. I did order from them around the time frame that Riven mentioned.
they sent all kinds of crap to my house as well as tried to buy a tv in another state, a lot of fraud. it is all taken care of now, but it was a real pain with lots of red tape.
Thanks for the heads up as to what happened to you. Now I am sure it was DNE that leaked my number or was hacked like you said, Riven One.
Edit Message Delete Message
waxingmoon
(Login waxingmoon)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 5 2008, 5:45 PM
I ordered some vitamins from DNE way back in November 2007. My account got attacked in March. I was racking my brains trying to figure out how the thieves got my info since there were no online purchase in 2008 on that account.
Now I know. At least I am pretty sure. The hackers must have been able to go way back into the account histories.
I don't know if I will ever do credit card internet business again. I always assumed the thefts would occur from some breach in my own computer and I have a lot of protection from that. To find out that hackers can get at a business and use data that is months old... that is horrible.
Got all the money back ... eventually... my bank was the one who tipped me off about the theft. So no money lost on my end but man what a nightmare anyway... grrr!
waxingmoon
Edit Message Delete Message
jellyDeeee....
(Login jellyboobs)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 6 2008, 12:34 AM
Girls/ guys does that site have a security pad lock n????
My husband said you should be safe it it has so Id like to know please love jelly....
Edit Message Delete Message
riven_one
(Login riven_one) Re: FYI - dnevitamins.com site hacked! June 6 2008, 5:09 PM
The "security pad" you see means that the data that is exchanged between your web browser and their web site is encrypted (as it should be for credit card transactions), and I do believe that the dne website uses this encryption. However, once your transaction has been processed then the data from it is stored somewhere on a server which is (in this case) being accessed by hackers due to some kind of missing or lax security, or their web site is susceptible to a "sql injection" kind of attack. One of the cardinal rules of dealing with credit card numbers is that they should always be stored in an encrypted form to guard against a hacker getting ahold of them. Had dne stored the card numbers this way then even if a hacker had gotten the credit card data from the server or from an "sql injection" attack then it would be useless to him. The fact that their server/web site is not secure, and the fact that their credit card numbers are not encrypted when they are stored on a server tells me that whoever built their on line store was not concerned whatsoever about the security of the data. It is possible that their merchant agreement could be revoked if their credit card processor ever finds out about these serious security breaches.
Edit Message Delete Message
jelly
(Login jellyboobs)
SENIOR MEMBER Re: FYI - dnevitamins.com site hacked! June 8 2008, 12:35 PM
WHOOOOOO>>>>>.... scary !!!! thankyou Riven one Im so sorry that happened to you and the others love jelly.....
Wonderpuff
(Login Wonderpuff) Re: FYI - dnevitamins.com site hacked! June 19 2008, 8:18 PM
Wow, I haven't been here forever and was just going to check in and I see this. I have been driving myself crazy about a charge on my card that I didn't make and I couldn't think of how my number might have been compromised. Well guess what? I used this card to place an order to DNE way back in Nov. 2007! I guess that teaches me to shop at sites that I have never heard of before! I was lucky though, I noticed the charge immediately and reported it and had new account numbers issued. What a joke! There are a lot of pathetic people out there who have nothing better going on in their life than to screw with other people. I hope everyone that has had problems with this gets it resolved quickly. I believe in karma and I just smile thinking about the payback these idiots have coming to them. Anyway, good luck to each of you with all your endeavors!