Slashback: Scrambled, Dreams, Stars 87
Well, there is just one other little thing ... jmorse writes: "In light of the recent attack on Egghead.com, the company is sending this email to its registered customers, claiming that "...Egghead.com's existing security systems interrupted the intrusion while it was in progress, and that customer data has not been compromised." Yet, later in the same email, they admit that "...In addition, reports from the credit card companies with whom we work suggest that fewer than 7,500 credit card accounts registered with us have shown possible fraudulent activity. This is a very small fraction -- less than two tenths of one percent -- of the approximately three million credit cards registered with Egghead.com. " Now, if their security systems stopped the intruders cold, why were 7500 credit cards then used fraudulently? I think Egghead has some more explaining to do..."
I think we understand each other, Mr. Bond An unnamed correspondent writes: "This e-mail showed up on the NETBSD/Dreamcast mailing list. Interesting eh?"
Interesting, that is, because it comes (seems to come? can never be too careful these days ... ) from John Byrd, manager of the Developer Technical Support department at Sega of America, who expresses interest in the recent work on Net("runs on 2-stroke oil")BSD for the Sega Dreamcast. Here's the recent Slashdot story on that port.
In it, Byrd says: "Although I can't yet release proprietary technical information publicly, there are other ways we might be able to help out with this sort of project. For example, we may be able to help with testing or verification of compatibility with various revisions of Dreamcast hardware."
Nice to hear, eh?
Mr. Walker played by Jim Carrey Finally, thanks go out to the heroic Starband installer Winston Walker. Regarding the recent story on using Starband's two-way satellite service under Linux and other OSes, Winston expresses himself thusly: "USB to serial for starband is NOT needed. You can use a 9pin to 25pin modem cable. Get rid of ALL the usb stuff on the starband No point in paying 40-50 bucks for that stupid cable (grin)."
Must tend to agree; can anyone else confirm this? Things are looking good for the move to Alpine, Texas, which seems to have some southern sky to spare.
Lest we forget The latest in our series of reprints and reactions to Jon Katz' Hellmouth columns is up.
I doubt it... (Score:1)
Two days after Egghead claims their systems were compromised, what shows up on my card? A nice little $15 transaction from Moscow.
Egghead either has no idea what they're talking about or are delibarately misleading their customers, because I pretty highly doubt this is a coincidence.
Sega's consoles and cost (Score:1)
The Dreamcast is a lot more economical to produce, so there's more chance of Sega selling it at break-even or at a small profit.
Besides, just because someone is using homebrew software doesn't mean they aren't buying games! Supporting amateur development may likely encourage people to continue using their DC (and purchasing games) for it long after they would have packed it away in the closet otherwise.
Telecom (Score:1)
Re:Settle Down, Slashdot (Score:1)
I still run my limo service credit cards throught the same old manual imprinter and submit charges through the some old XON machine I got 10 years ago, and store the (paper) receipts in a safe.
If I moved to online credit card processing, I think I'd store my financials on a removable hard drive and put that drive in the safe when I was away from my office.
- Robin
Egghead's Security breach email (Score:1)
Re:John Byrd is Legit (Score:1)
Ask him to spill the beans some time on Sega's reaction to Micros~1's XBox announcement, after Sega spent all that effort helping Micros~1 whip WinCE into shape for a console environment...
And Sega were surprised by this? They thought it was a mutually beneficial arrangement, right? How long ago did Micros~1 do over IBM?
Re:Um... (Score:1)
Re:My Egghead Experience (Score:1)
Re:EggHead.com (Score:1)
damn your card co. must suck, I can call or check my balance online, and see what purchases where made within 24 hours.
Re:learn to read (Score:1)
I do agree that having all of those credit card numbers stored and so easily accessibly is pretty stupid on Egghead's part. I have to wonder how many other on-line vendors have similar practices. On the other hand, only 7500 instances of potentially fradulent activity among 3 million accounts is pretty low - probably in the 'to be expected' range - after all, how many people use the same credit for a variety of purchases. Theft of credit card numbers isn't restricted to just on-line vendors. But then that assumes fradulently obtained credit cards might be used right away rather than stashed away for later misuse ...
Re:Settle Down, Slashdot (Score:1)
FWIW, my experiences with BA have been quite positive. Compare them to United, easily the worst airline I've flown with.
--
Re:Settle Down, Slashdot (Score:1)
Re:I doubt it... (Score:1)
I assumed that perhaps this was simply because the charge was from Russia, which is probably on a hot list of countries for CC fraud. This may well be the reason, but I can't help but wonder if they've gotten a rash of this particular charge and know something they aren't telling us yet. But, if that was the case, I would think their fraud detection systems would kick in, so maybe there haven't been enough of these to trigger it.
Re:My Egghead Experience (Score:1)
This is your bank's fault, not Egghead's.
I would like to see a class action suit filed against egghead.com for the trouble they have caused the public.
I guess you would rather not have been informed of a possible security breach.
Why do they have my credit card number on file?
I believe they are required by credit card companies to keep that stuff.
What was that number doing on a machine accessible from the Internet.
This is a good point. I'd chalk it up to customers valuing convenience over security (until the security is compromised, that is). I had to have a warranty repair done on a TV I bought from 800.com and it was nice to have a record of the order online to print out.
Re:*BSD (Score:1)
"tennant" isn't an English word. "Tenant" is, but I don't think that anyone pays rent to OpenSource in order to live there. I think you mean tennet.
Grammar Nazi
learn to read (Score:1)
on that fraudulent credit activiy... (Score:1)
hmm, maybe those 7500 people shopped elsewhere online. it's not impossible that those credit cards were compromised at another site. the only thing that bothers me is that they apparently can't even read the logs of their own auditing software.
--
EggHead.com (Score:1)
3,000,000 Credit Card Number Database (Score:1)
Re:Give Egghead Credit (Score:1)
I'm a member of an ecomerce site, and I'm glad that I don't have to go through the cleanup panic. Our company keeps the credit card numbers only as long as it takes to charge them, then we throw them out, and we pack the databases on a regular basis.
It's a funny thing to explain to a customer that relly digs that one-click convenience.
It's a terrible thing to happen, especially to a pioneer in the field, but that's business.
--
Keep all of you eggs in one basket, and WATCH THAT BASKET -- Mark Twain
Re:*BSD (Score:1)
>continue to work on *BSD.
Tell that to RedHat, TurboLinux, SuSe, VA Linux etc.
Regards, Tommy
Uh..what? (Score:1)
Isn't that assuming .2% isn't a normal number of illegally used credit cards? It's not like breaking into Egghead's database is the only way to get credit card numbers. A waiter can just copy your credit card # when you hand it to him for Christ's sake. You expose yourself to possible fraudulent use of your credit card, every time you use your credit card.
Re:Settle Down, Slashdot (Score:1)
Re:Egghead and the 7500 credit cards (Score:1)
If there hasn't been any reports by mid feb.(more then statistically likely) then I would conclude that none where taken OR perhaps they where copied and just not used, to prove that it could happen.
we'll never know.
On a side note, I hate when terms like Stolen, and Taken are used to mean copied.
Re:Correct me if I am wrong, but... (Score:1)
Re:It's always been taught (Score:1)
Re:Explaining Egghead (Score:1)
Online merchants experienced fraudulent costs of more than $1.5 billion in 1999, which is equivalent to 10 percent of all online retail sales, according to Deborah Williams, research director of Meridien Research, a high-tech research and consulting firm. "While most online security concerns focus on the consumer, it's the merchants who are getting killed," notes Williams, who fears that Net fraud could grow to $15 billion annually by 2003 unless radical new measures are adopted...
So it would appear that the percentage quoted is a small number... but it could be a case of apples and oranges.
BSD/DC (Score:1)
BSD rights, hmmm - Is that ours? who would scuttle or horribly twist any valid effort to assist the OpenSource community.
Re:Um... (Score:1)
Sample of the Population (Score:1)
That depends on how this sample compares to the population. Egghead claims 7500 is only .2% of their database. If .2% is also the total of all credit cards in existence that have been used fraudulently, then that's exactly the amount one should expect. Before jumping on them, we need info on credit card use in general.
Large glob of egg is on the face of slashdot.org (Score:1)
When Slashdot reports that a large corporation is suing the Freetype project without a shread of evidence, it makes you wonder if anyone at slashdot is even remotely familiar with the term "journalistic integrity".
Before Slashdot continues to gleefully points out the mistakes of others, they need to get their own house in order. After they finish wiping all the egg off their face, that is.
some detail (Score:1)
Re:Settle Down, Slashdot (Score:1)
Now given the amount of online ordering that we do, some other database could have been hacked. But it all seems a bit fishy to me. BTW the bank automatically canceled all cards that had been used at Egghead. It would be interesting to see how many transaction were tried after the cards were canceled.
Maybe Not Egghead's Customers (Score:1)
Something to consider is that these 7500 credit cards were probably used on other sites, as well. I believe that Egghead was trying to indicate that any issues with these cards were because of other companies (since they claimed that they didn't expose anything).
I've ordered from Egghead.com before, and I called my credit card company and asked that my number be changed. I'm glad that they have given out infomation about this situation, but I'll be honest that I'm not sure if I will shop there, again. Chances are yes, but I only bought blank CDRs there, anyway (can't seem to find the ones I need - HP - at any B&M stores in my area...)
Re:Credit card things (Score:1)
Anyone who owns their own domain and can run their own DNS and sendmail server instantly has disposable email address (e.g. the address I use above is a throw-away).
They aren't quite unique, but for shipping addresses I use a variation of my name and mailing address (e.g. adding "apt 1" to the house number, using a new middle initial, etc). I once ordered the Victoria Secret catalog under the name "Vicky", and now receive lots of junk mail of stuff like shampoo and perfume samples under that name. :)
Re:I doubt it... (Score:1)
It would seem, also, that C|Net [cnet.com] is running an investigation on this, and it was profiled in several news stories lately....
Re:7500 cards showed signs of fraud (Score:1)
Re:Credit Card security.... (Score:1)
Re:Starband confusion (Score:1)
If you read the story on the starband modem (as posted on slashdot yesterday - sorry no time to find link here) then you would know that the person they were thanking set up a website which showed you how to hack the starband modem. In the hack, one of the instructions is to open the modem up and remove the PCI-USB converter and the usb equipment.
Hence the rip out the usb shit statement.
Anyways a more clearer expanation can be explained from the site that describes the hack.
Re:Nice to see... (Score:1)
Don't get me wrong, encryption is a great idea, but I would trust my CC info to online retailers if I knew deleting my CC# after they no longer needed it was part of their process.
I have yet to hear a good reason as to why retailers have to keep my CC# long after I have my goods and am satisfied. (So it's easier to buy things in the future is most certainly not a good reason)....
Re:Go Sega! (Score:1)
Starband confusion (Score:1)
"USB to serial for starband is NOT needed. You can use a 9pin to 25pin modem cable."
Explain this to me? I have never seen a Starband setup, however their webpage states that the way they connect to your computer (unless you bought a Compaq from RatShack) is via a USB device plugged into your PCs USB port.
I do not get how a 9pin to 25pin serial cable can all of a sudden mate a usb cable to my PC. Not unless its passed through my ass which contains millions of nanites programmed to change the molecular structure of that 9-25pin serial cable into that of a usb to serial cable somehow.
I am also confused by this statement as well:
"Get rid of ALL the usb stuff on the starband..."
If all I am given by Starband is a USB device to connect to the Starband equipment then how the hell can I get rid of it? Explain this to me. Not even ass-nanites could pull this one off far as I can tell.
So anyone care to help me figure out what the heck they meant by these two quotes? Especially since there are NO URLs pointing to ANYTHING that would explain these statements.
*sigh*
My mind is like an endless carnival....only with more CHEESE!
Re:Update: Dreamcast Hoax (Score:1)
Nope. John Byrd does work at Sega, and they are looking at ways to support the NetBSD-Dreamcast port.
Greg G.
Yes, indeed. (Score:2)
It is by no means obvious that the transaction that I saw was, in fact, a result of the Egghead "information emission." It could be the result of something else. The questionable transaction is probably not amongst the 7500 that Egghead reported, so it may be that 7500 is a low figure.
If I were to claim that the "evil transaction" (involving some Moscow-based "telecom" company) was a result of Egghead's emission, that represents a potential falsehood. I cannot be certain that there was any relationship. What is certain is that due to the Egghead report, I scrutinized transactions more carefully than usual, and one appeared prominent as a likely fraudulent transaction.
Re:Settle Down, Slashdot (Score:2)
Note that it said possible fraudulent use.
Credit card companies are very paranoid about card usage, and do all sorts of stuff to prevent criminals from getting away with too much.
For example, when my family went to Europe on vacation a couple years ago, MasterCard locked out our accout due to "suspicious activity."
When we got home a week later, we discovered a message on our answering machine asking us about our card usage, recorded on the afternoon that the card was disabled. ("Hello, this is MasterCard. We were calling you at your home in the US to ask you if you are in Europe right now...")
Moral of this story: call your credit card company before you go on vacation. And don't fly British Airways (en route to Heathrow, we were diverted to Montreal because the primary power generator on the plane died and the pilot didn't want to risk flying over the ocean in such a state. Which was good, because the lighting, toilets and air conditioning wasn't working. Didn't even get frequent flyer miles out of it... )
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Credit card things (Score:2)
I don't understand why these companies think it is a "service" to me for them to keep my credit card number on file for a few years. I can understand holding it for 30 or 60 days after the transaction or something, but I haven't bought anything from Egghead in over a year.
my card was use fraudulently (Score:2)
Re:Nice to see... (Score:2)
Re:*BSD (Score:2)
People use the BSD license because they want to propogate the use of quality code. It is open source because that allows it to be improved where quality issues are found, and to facilitate the porting of it to any system, current or future. People release under the BSD license because they _want_ as many people as possible to use their code, for whatever it is found to be useful for.
They don't choose the GNU license for their code because they don't want to prevent their code from being used by anyone who hopes to generate economic activity.
Further, in this case, how would the GNU license prevent Sega from developing Dreamcast titles that run on a Linux kernel ported to Dreamcast (people are working on this)? They would only have to release the source to the kernel, not the game. And they would certainly not be prevented from charging money for a game developed which such a system.
Correct me if I am wrong, but... (Score:2)
-snippet-
Second, Sega can in principle use this work on NetBSD in official Dreamcast games, much the same way that Apple is using NetBSD as the core for OS X, since NetBSD is free of some of the licensing restrictions of Linux.
-end snippet-
Damn, I gotta pee!
-some goon from No One Lives Forever
Re:John Byrd and Dreamcast Development (Score:2)
It is really him, I just confirmed it via private E-mail.
-jfedor
Egghead and the 7500 credit cards (Score:2)
It is well known that credit card theft and fraud occurs for many reasons -- and it could be a coincidence that some victims of credit card fraud are also Egghead customers. Take a random sample of 3 million credit card accounts, and it's quite likely that some of them have been used fraudulently, just by chance. If 7500 cards, or 0.25%, is close to the average fraudulent activity for a random sample, then there is no reason to suspect a correlation with the Egghead break-in -- and we can probably conclude that credit card numbers were not stolen.
Cheers,
IT
Download stopped "in progress"...? (Score:2)
Seems to me that we're missing some fairly obvious numbers here. The fact that a very small number show evidence of fraud does not interest me as much as the percentage of the database transferred.
Re:Settle Down, Slashdot (Score:2)
Re:Explaining Egghead (Score:2)
Plus, not all of the cards are being used fraudulently. 7500 cards show possible fraudulent activity. I've been contacted by my credit card company when they thought my card was being used fraudulently when it wasn't, a few years ago my mother was detained at a store because the credit card company wouldn't put the charge through due to possible fraud.
Re:EggHead.com (Score:2)
Visa [I think it was visa, we have more than a few credit cards] assumed that my card had been stolen, and denied almost all of the charges. It took a few phone calls to Visa, the companies I ordered parts from, and about a week, to convince Visa that I was actually the person ordering the parts, and that I really did want to buy them ;)
--
Starband Satellite (Score:2)
I have already read some horror stories on 2way satellite, all to do with latency and low connection speeds.. this would just compound to the problem. The point of using USB is to avoid the 'network card' requirement while still providing a fast bandwidth rate into the computer.
just my thoughts.. but i wouldn't suggest doing that...
Sounds similar . . . (Score:2)
There were reports of Iraq buying up lots of PS2s, but this seems like a much better solution. BSD has an already understood architecture (although it would be running on bizzare hardware), a wide source base (versus almost nothing for the PS2), etc. With the ethernet adaptor being released eventually, these things could probably be more cost effective for clustered processing than PS2s.
Re:Um... (Score:2)
I personally like the line that reads (just below what the originall submitter said...I think he's just spreading FUD):
"At this point it is difficult to determine whether any fraudulent activity on this relatively small number of credit cards can be traced back to the attack on our system, or whether it may be the result of credit card theft elsewhere. At this point, the evidence we have gathered to-date suggests that these credit card numbers were NOT obtained from our site."
Stick that in your "Egghead is bad" pipe and smoke it.
Re:EggHead.com (Score:2)
Not strictly accurate (Score:2)
You could always read the next sentence... (Score:2)
Well... I guess you could always read the next sentence...
"At this point it is difficult to determine whether any fraudulent activity on this relatively small number of credit cards can be traced back to the attack on our system, or whether it may be the result of credit card theft elsewhere. At this point, the evidence we have gathered to-date suggests that these credit card numbers were NOT obtained from our site. "
Re:It's always been taught (Score:2)
So, if they embrace this niche, and help assist the NBSD team create a usable OS, the end-user may pick up a commercial game from time to time, just to have something else to do with his DC...thus actually economically contributing to the system, even if only a little. Perhaps, in time the new generation of gaming APIs will be ported and someone/company may distro a DC game that is NetBSD based. Running a free OS could give the DC enough longevity to possibly see it someday.
Back to reality though, I doubt that many people are going to ever dig into using this setup, simply because it wasn't built to be a workable PC. It will always be cumbersome; at least moreso than a PC.
...but I have to think that if someone could get two NICs into it, it would make a dandy low-profile firewall.
sedawkgrep
Did You Know? (Score:2)
http://www.newsbytes.com/pubNews/99/140307.html
Seventy-five percent of online merchants consider credit card fraud to be a concern, yet 41 percent do not know that they are held financially liable when online fraud takes place, according to an independent online fraud survey just published.
Wow, ya think egghead knows that? Or is it in the 41 percent of ignorant businesses?
Re:Correct me if I am wrong, but... (Score:2)
FreeBSD is their "reference platform." When OSX was designed, the layout and system semantics where taken from FreeBSD. In this sense, OSX is "based" on FreeBSD, but there is no other link between FreeBSD and OSX.
As the other responder suggested, OSX is based (in the traditional sense of building on top of) the Mach kernel, and takes a lot of things from NeXTSTEP.
A new year calls for a new signature.
Re:Credit Card security.... (Score:2)
Re:Credit card records (Score:2)
My Egghead Experience (Score:2)
Go Sega! (Score:2)
Re:EggHead.com (Score:2)
Just as a point of reference, Visa would not be calling you about possible fraudulent card usage. Visa would notify your card issuer (usually a bank) and they would make a decision about notifying you or not. Visa maintains the machine (Sun Ultra 10k, IIRC) that runs the scenarios and tracks usage, but the members, otherwise known as issuers and merchants, are the ones that use that information.
I maintain the global network for Visa, so I know a bit about the subject.
Re:Um... (Score:2)
At this point it is difficult to determine whether any fraudulent activity on this relatively small number of credit cards can be traced back to the attack on our system, or whether it may be the result of credit card theft elsewhere. At this point, the evidence we have gathered to-date suggests that these credit card numbers were NOT obtained from our site.
While they are somewhat non-committal in their analysis (a good idea since they have no absolute proof at this point), I think they've done a decent job of informing people who might have been affected. C'mon people: you can read!
I'll second that motion! (Score:2)
This is totally legit. John Byrd does work at Sega, and he did send that email to the NetBSD list.
Greg G.
Um... (Score:3)
Not if 0.2% of credit cards normally show evidence of fraudulent activity. What they seem to be saying is that there's no reason to believe that Egghead customers are experiencing any more than the usual amount of credit-card fraud.
John Byrd is Legit (Score:3)
John Byrd and I both worked for $(MUMBLE_SALT_PILE_MUMBLE), and I've exchanged email with him since his move to Sega. He does indeed support Dreamcast developers. While we disagree about just how much to crack open the specs of the Dreamcast for "arbitrary" development, he's basically a good egg.
Ask him to spill the beans some time on Sega's reaction to Micros~1's XBox announcement, after Sega spent all that effort helping Micros~1 whip WinCE into shape for a console environment...
Schwab
Shoddy "Journalism". Editors: Please update story. (Score:3)
- "This is a very small fraction --
less than two tenths of one percent -- of the approximately three million credit cards registered with Egghead.com. At this point it is difficult to determine whether any fraudulent activity on this relatively small number of credit cards can be traced back to the attack on our system, or whether it may be the result of credit card theft elsewhere. At this point, the evidence we have gathered to-date suggests that these credit card numbers were NOT obtained from our site.
Editors, be responsible, update the Egghead slashback item.Re:*BSD (Score:3)
Nice to see... (Score:3)
Give Egghead Credit (Score:3)
Of course, they may have been required to do this. Wow, their stock is barely breathing at 0.53, but it wasn't due to the break-in. They've been tanking steadily since they IPO'd, apparently sometime late in '99.
Are the Egghead Software stores still around? I am pretty sure they aren't. Oh, I see they announced that they were closing their doors and concentrating on e-tailing software in January 98. Too bad... I think they were one of the first successful CompUSA prototpyes.
*BSD (Score:3)
Im assuming this will get mucho flames from the BSD 31337 but:
The above is the #1 reason I release my code GPL. The reason OSX is based on NetBSD only because it does not have a GNU license. ATTENTION BSD HACKERS if you want your code to swell corporate coffers continue to work on *BSD. If you are interested in freeing (libre) computer users from Corporate Computing Domination continue to hack *BSD. If you are interested in liberating people (ourselves) from corporate computing chains please PLEASE do not work for these slugs who will use your code to make profits for themselves. If you are interested in having someone else profit from your work: hack *BSD.
The BEST aspect of Linux is the viral(sp) nature of GNU. *BSD being an alternative -- but one that can be corporatly co-opted -- is obviously contrary to the major tennants of OpenSource ie the libre portion of free...
This is why I never deploy *BSD ever.
Do I think NetBSD on DC is cool? Yes. Do i 'like' that Sega has an interest in working with an 'open' developer group? Yes. Do I like the idea that *BSD is/has/will become a 'free' code base to subsidize future corporate software projects (why hire people to write our products when we can just steal *BSD code and clean it up & call it our own & sell it for $49.95 on Amazon..) OSX is the major example. The #1 reason that Apple is using *BSD in the backend is that they can get it for free (as in beer) - and *BSD hackers will keep doing bugfixes, implementing features and the like... all for free (gratis). While the their innovative work is kept locked up for themselves -- not exactly a fair exchange between honest parties is it...
7500 cards showed signs of fraud (Score:3)
Re:Credit card things (Score:4)
I asked egghead specifically about this problem: Their reply:
Dear Joshua Wand,
We'd like to update you regarding your customer service request xxxxxxxx.
While we are able to remove your credit card number from your account and our customer files, if you have placed an order with us, the credit card number will remain on record with that transaction. We are required by credit card agreements to maintain these financial transactions. This information is also used when crediting or refunding your order. Please be assured we have taken significant measures to ensure this data is stored in a highly secure environment.
While the FBI investigation is still ongoing, we can now give you an update on our internal investigation, which has uncovered evidence which suggests that Egghead.com's existing security systems interrupted the intrusion while it was in progress, and that customer data has NOT been compromised.
Through our joint efforts with Kroll Associates over the past few weeks, we have taken additional steps to reduce the possibility of future incidents by continuing to strengthen our security measures. This is an ongoing process that we continue to take very seriously.
Sincerely,
Dan R
Your Customer Service Representative
It's always been taught (Score:4)
If SoA is supporting this, does this mean that they just don't realize that people who buy a Dreamcast solely to run NetBSD are costing them money? Or do they take the safer (much safer) guess that someone who bought it for NetBSD would also pick up a couple games? Or are they not selling them at a loss?
John Byrd and Dreamcast Development (Score:4)
John Byrd emails and reads the dc-dev mailing list (which I'm on) fairly regularly. The general consensus is that he's legit.
The archives of the list can be found here [allusion.net] (not too up to date as Dan Potter, who runs that site, has yet to find a good solution to archiving the list).
For more on dc dev, see Jules' site [consoledev.com], which is more or less a good hub site for everything dc dev related.
--Psi
Max, in America, it's customary to drive on the right.
Read the letter, don't paraphrase (Score:4)
Dear Customer,
On December 22nd, as a precautionary measure I wrote to inform you of an
attack on our computer systems. Regrettably, until now, we have not been
able to update you or comment publicly on the situation, due to an ongoing
investigation into the matter.
While the FBI investigation is ongoing, I can now give you an update on our
internal investigation, which has uncovered evidence which suggests that
Egghead.com's existing security systems interrupted the intrusion while it
was in progress, and that customer data has not been compromised.
In addition, reports from the credit card companies with whom we work
suggest that fewer than 7,500 credit card accounts registered with us
have shown possible fraudulent activity. This is a very small fraction --
less than two tenths of one percent -- of the approximately three million
credit cards registered with Egghead.com. At this point it is difficult
to determine whether any fraudulent activity on this relatively small
number of credit cards can be traced back to the attack on our system, or
whether it may be the result of credit card theft elsewhere. At this point,
the evidence we have gathered to-date suggests that these credit card
numbers were NOT obtained from our site.
We have heard from many of you, and we thank you for your support and
patience as we continue the complex investigation into this unfortunate
incident. I realize that taking this precautionary measure of informing you
and the credit card companies of the breach resulted in the cancellation of
credit cards, and even embarrassment, for some of you, and we sincerely
apologize for any trouble this may have caused. However, that was the risk
we ran by going public, and it is important to understand that the actions
taken by the credit card issuers were also out of their eagerness to protect
your best interests.
Our first priority has been to protect our customers. We deeply regret
any inconvenience recent events may have caused you, but we believed that
going public with this information would help limit any possible damage,
and give you the choice of taking precautions to protect your privacy. I
believe strongly that this was the prudent and responsible course of action
for our company -- or any company -- faced with this situation.
Through our joint efforts with Kroll Associates over the past few weeks, we
have taken additional steps to reduce the possibility of future incidents by
continuing to strengthen our security measures. This is an ongoing process
that we continue to take very seriously. All of the information that we have
gathered has been turned over to the FBI, which is conducting an ongoing
investigation.
Below is the press release we will be issuing on Monday, January 8th. If
you have questions, please contact our Customer Service Department at
1-800-EGGHEAD (1-800-344-4323), which is open from 5:00 AM - 7:00PM
Pacific Time, Monday through Friday, and 7:00 AM - 3:00 PM Pacific Time,
Saturday and Sunday. You can also send an email by visiting this URL:
https://www.egghead.com/custserv/actreq/general_q
Respectfully,
Jeff Sheahan
President & CEO
Egghead.com, Inc.
Settle Down, Slashdot (Score:5)
They have three million credit cards in their database. They checked with the credit card companies, and in the past little while, 7,500 of them were used fradulently. That's a very small percentage, and probably typical. Nowhere does it say that this fradulent use was in any way due to Egghead. Having your credit card number stolen online is not the only way to have it used fradulently, people. That pimply kid at the gas station could be copying down your numbers, for all you know.
Now, I know Egghead is a Corporation, and thus obviously guilty of the incredibly heinous act of trying to make money, but couldn't we at least stop trying to make shit up?
Explaining Egghead (Score:5)
Possibly because they believe that those credit cards are fraudulently being used not from being stolen from their site but from just ordinary everyday credit card fraud. Their justification is so low a percentage of the credit cards seem to be fraudulently used that it's comparable to normal percentages of credit card fraud.
What's more likely is that the attackers haven't gotten to use all the credit cards yet ;)
Credit Card security.... (Score:5)
This is why I always keep my Credit Cards maxed out. (Plus everybody thinks I'm a good consuemer.)
If you've not already, max out your credit cards today.