Fright-Rags Hacked - Customer Credit/Debit Card Warning

Moderators: Evil James, EvilDeadChainsaws

Post Reply
User avatar
EvilDeadChainsaws
Site Admin
Posts: 104
Joined: Wed Oct 28, 2009 1:23 pm
Location: England, UK
Contact:

Fright-Rags Hacked - Customer Credit/Debit Card Warning

Post by EvilDeadChainsaws »

Hi all, this is just a heads up for anyone who has ordered anything from Fright-Rags in the last month or two, it looks like they've been hacked and lost people's credit/debit card details. I know of one friend who's lost some money due to fraudulent transactions (£95.23 from shoebuy.com USA), and going by the email he got from them, looks like there might be a lot more, so please check your statements carefully.


Website Security Update - Please Read

Hi ....,

We recently received a few emails from customers who have discovered fraudulent charges made on their credit card, and they believe it may have been caused by placing orders on our website. While there has been no evidence that our site has been compromised, these concerns are cause enough for us to double check our site and server to make sure it is 100% safe and secure, and perform any updates that will prevent suspicious activity.

WHAT WE ARE DOING ABOUT IT
Our developers are currently working on a new update for our site, which will replace the current checkout code with all new, upgraded files. They are also performing another update to the entire site that will require them to look at all other files to ensure they are free of any malicious code.

While they work on those tasks, we have disabled the module that processes our credit card transactions. Even though that function is not currently active, you can still place an order using the PayPal payment method at checkout. You do not need a PayPal account to use this method, just select it and when you confirm the order, it will give you the option to enter your credit card if you do not have an account. These transactions occur on PayPal's servers - not ours - which will allow you to place an order securely.

The ability for our customers to safely order from us is our utmost priority, and as recently as September we have taken several steps to increase the security of our site. We have upgraded our cart software, checked files extensively for malicious code, and installed monitoring software that would alert us if any file had been changed on our server. All transactions on our website occur on SSL (Secure Sockets Layer) pages which are secured by high-level encryption provided by Thawte. Lastly, we do not save or store any credit card information on our site aside from the last four digits of the card for reference.

While we have yet to find any threats, we take any concerns like this very seriously and will be working closely with our development team to ensure we prevent anything that will compromise the security of our website. In the meantime, please make sure to check your bank statements for any unauthorized purchases, and contact your bank immediately if you find any that appear to be fraudulent. If you have any questions or concerns, please do not hesitate to contact me personally at ben@fright-rags.com.

Sincerely,

Ben

Benjamin Scrivens
President/CEO
FRIGHT-RAGS, INC.
User avatar
Kyle
Posts: 21
Joined: Sat Oct 31, 2009 1:21 am
Location: UK
Contact:

Re: Fright-Rags Hacked - Customer Credit/Debit Card Warning

Post by Kyle »

Glad I used paypal!
Post Reply