PDA

View Full Version : Bulk Reef Supply Security Breach


Jone
02/19/2015, 11:31 AM
I just got a notice in mail that Bulk Reef Supply had a security breach,,this is for time period of July 30,2014 -January 21,2015..
I have already got an Early Warning from my credit card company this past Monday of fraud activity on my credit card..
I can assume this is were it is coming from ..
SO INVESTIGATE YOUR PURCHASES WITH BRS NOW.......

Scorpius
02/19/2015, 11:46 AM
hmmm.... no problem on my end. I buy stuff all the time from them. Maybe it's a scam?

Jone
02/19/2015, 11:48 AM
Nope,,just called Bulk Reef supply and they confirmed it..Im not making this up..

Scorpius
02/19/2015, 11:51 AM
Nope,,just called Bulk Reef supply and they confirmed it..Im not making this up..

Well no email or anything from BRS to me. I've bought stuff since May 2014 till now.

Scorpius
02/19/2015, 11:53 AM
BOOM

http://www.bulkreefsupply.com/security-update

Jone
02/19/2015, 11:54 AM
be hopeful nothing bad happens,,just a warning and its REAL !!!!!!!!

Scorpius
02/19/2015, 11:56 AM
be hopeful nothing bad happens,,just a warning and its REAL !!!!!!!!

If you read my link they're sending info out to those of us who had our info compromised. I never allow any website to store my credit info for future use and I wonder if those are the people affected.

gone fishin
02/19/2015, 12:14 PM
I know I had some people in Turkey use my card to the tune of 3k right after thanksgiving. My Card company caught it. I only use the card for BRS and DR's F&S. I called both places and got thank you we will look into it.

Jone
02/19/2015, 01:35 PM
I received the info in my mail box today from BRS with this topic..If you read my link they're sending info out to those of us who had our info compromised. I never allow any website to store my credit info for future use and I wonder if those are the people affected.

ClownMan727
02/19/2015, 02:10 PM
That is why I like to use PayPal on sites that offer that option. BRS allows PayPal. If you don't have an account it is really easy and secure.

Spyderturbo007
02/19/2015, 03:57 PM
Wonderful.

madweazl
02/19/2015, 04:19 PM
That is why I like to use PayPal on sites that offer that option. BRS allows PayPal. If you don't have an account it is really easy and secure.

It's no more secure than any other online purchase.

Scorpius
02/20/2015, 09:53 AM
I had my credit card number stolen from a gas station I used to use. Stuff happens.

Spyderturbo007
02/20/2015, 11:07 AM
I just got my letter in the mail yesterday offering me one year of identity theft protection. Who's going to pay for it the year after that and the year after that?

They need to fire their IT department.

hkgar
02/20/2015, 12:04 PM
I just got my letter in the mail yesterday offering me one year of identity theft protection. Who's going to pay for it the year after that and the year after that?

They need to fire their IT department.

Unbelievable

Spyderturbo007
02/20/2015, 12:49 PM
Unbelievable

You act like I'm not allowed to be angry.

Ooops. Sorry. I totally forgot we live in a blameless society. Carry on.

BlackTip
02/20/2015, 12:55 PM
I just got my letter in the mail yesterday offering me one year of identity theft protection. Who's going to pay for it the year after that and the year after that?

They need to fire their IT department.

Will firing their IT department going to protect you the year after that and the year after that?

Any and everything that processed through or connected to the internet can be hacked whether it is BRS or the FBI.

gone fishin
02/20/2015, 01:00 PM
The key here IMO is to catch all these hackers and institute some hard core jail time.

alton
02/20/2015, 02:49 PM
With my wife it was Target. With me it was Home Depot. I spoke someone at BRS and they feel they have it handled and I trust them. In saying that I will continue to check my accounts daily for fraud, it has become too easy for some to steal your identity.

cryptic_grower
02/20/2015, 03:53 PM
I've switched to using bitcoin online where I can. Using your due diligence is utmost to your safety but still you're never 100% covered. There are many companies that provide you some peace of mind so to speak for a reasonable cost.

DaveRaz
02/20/2015, 04:31 PM
Things like this happen. Unfortunately it's a risk we all take in the eCommerce world in which we live.

What SHOULD NOT happen is to be blindsided WAY after the fact! My situation went down in January! And NOTHING from BRS. You get in front of situations like this, own it and move on. Not communicating to the customers when this compromise was realized is not acceptable! While many of us struggled to correct this on our end, someone in some conference room made a conscious decision to sit on their hands.

that Fish Guy
02/21/2015, 12:35 AM
If you read my link they're sending info out to those of us who had our info compromised. I never allow any website to store my credit info for future use and I wonder if those are the people affected.

Wait?

So you are saying that I am safe?

I have bought multiple purchases from BRS but I never saved my CC info.

I always Manually Type it in every time I order something.

So am I safe or no?

that Fish Guy
02/21/2015, 12:37 AM
I had my credit card number stolen from a gas station I used to use. Stuff happens.

How can you pinpoint to what place stole the info?

Unless you only use your card at that gas station and nowhere else?

How do you know that it was the Gas Station?

Scorpius
02/21/2015, 09:16 AM
How can you pinpoint to what place stole the info?

Unless you only use your card at that gas station and nowhere else?

How do you know that it was the Gas Station?

Because that particular card is only used at gas stations. At that time I was using the same station also. :)

Scorpius
02/21/2015, 09:19 AM
Wait?

So you are saying that I am safe?

I have bought multiple purchases from BRS but I never saved my CC info.

I always Manually Type it in every time I order something.

So am I safe or no?

I'm not saying anything. I was asking a question. I too have bought many things from BRS in the timeframe that they had the breach and my credit card has yet to be compromised, but who knows it may yet still be used fraudulently.

tundra1000
02/21/2015, 01:17 PM
I received a letter from BRS today outlining the incident and the steps they have taken to protect their customers. Given the level of data that was available to hackers it seems like BRS has gone above and beyond to make amends. based on how it has been handled so far I certainly would not let this unfortunate incident deter me from shopping with them in the future.

Matt

Scorpius
02/21/2015, 01:54 PM
Finally received my letter today. Signed up fro their free credit monitoring, but I know deep in the pit of my stomach that the sky is still falling. :lol:

hkgar
02/21/2015, 03:13 PM
The first thing all of you who are concerned, actually everyone should do this, freeze your credit with each of the major credit companies, i.e., Experion, Transunion and Equifax. This will prevent ANYONE from opening new credit in your name. It may cost $10 per credit bureau. If you need to obtain credit, you can unfreeze for a specific creditor. I did this over a year ago. Freezing your credit is better than the fraud protection companies as they typically only let you know when something happens through the credit bureau such as a credit inquiry or new issue.

If you are concerned about anyone running up charges on the cc card you had on file with BRS, call the issuer and report it stolen.

Greaser84
02/21/2015, 04:31 PM
I got my letter from BRS yesterday. I contacted them they said if you received a letter your info was compromised. They also said that full credit card number's were not stolen. I believe mainly names, addresses, email's and phone number's were taken. I've been getting a lot of out of state phone calls, several calls were people posing as tax expert's that claimed they did my taxes a couple of years ago (they don't realize I do my own taxes). I played along with one lady, she needed to verify my SSN. Most likely our info was sold to other scammer's, who are trying to gain more private info to further scam.

MCWRT
02/21/2015, 07:23 PM
Got my letter today! Awesome... but I guess this is the cost of doing business on-line. All you can do is continually monitor your credit and accounts.

coral102
02/21/2015, 09:13 PM
I just got a notice in mail that Bulk Reef Supply had a security breach,,this is for time period of July 30,2014 -January 21,2015..
I have already got an Early Warning from my credit card company this past Monday of fraud activity on my credit card..
I can assume this is were it is coming from ..
SO INVESTIGATE YOUR PURCHASES WITH BRS NOW.......

Thanks for your info....

Savant
02/23/2015, 07:06 AM
1) They have to offer free credit monitoring because thats what the law says they have to do in cases of compromise.
2) As HKGAR said contact the credit companies and put a block on your credit, this is free for a year i believe when you can show compromise even if not free pay for it.
3) contact the credit card company fraud dept of the card you used with BRS and let them know

Watch for monetarily small "test" charges, if they succeed with those the big hits will be on the way (this isnt always the case and sometimes they just try for it all)

If the hackers are organized enough nobody can stop them. The days of hackers being pimple faced teenagers in their parent's basement are long over and this is now the domain of highly organized crime syndicates with very intelligent and educated code writers. If they are determined and skilled you will be compromised.:fun2:
LOL although even "script kiddies" get lucky now and agian

vair
02/23/2015, 10:41 AM
I used BRS recently and had my credit card frautlenty used 'alot' card cancelled by CC company.
Looking into a new password place to aid in oneline security:

https://agilebits.com/onepassword

Anyone use it before?

Sydoriakp
02/23/2015, 10:44 AM
i never save my cc info and i got the letter so just throwing it out there you would have gotten the letter it said if they even got your name and address and dob so its not exclusive to those whom store there cc info...... just throwing that out there

Sydoriakp
02/23/2015, 10:45 AM
lol just throwing it out there lol just woke up... throwing that out there as my excuse oops

Scorpius
02/23/2015, 11:09 AM
I used BRS recently and had my credit card frautlenty used 'alot' card cancelled by CC company.
Looking into a new password place to aid in oneline security:

https://agilebits.com/onepassword

Anyone use it before?

Everything is hackable. Why keep every password on one server seems irresponsible at best.

Spyderturbo007
02/24/2015, 08:04 AM
I use a password app called SplashID for my iPhone. You can sync it online, but I don't use that functionality. I do sync over Wifi to my desktop PC. It's an additional charge for the wifi sync add on.

I have the password set on my iPhone, along with auto wipe after 10 failed attempts. I also have remote wipe enabled, should I ever lose my phone. The app is also password protected and according to SplashID, runs unbreakable AES and 256-bit Blowfish encryption. So you would have to guess my iPhone password within 10 attempts and then crack the 256-bit encryption to get my passwords.

LeRenard
02/24/2015, 08:41 AM
Some small tips:

1) Change your BRS password.
2) Change your password on any site where you used that same password. If you are an average human being, you probably did that a lot of places.
3) Stop doing that. Use a password manager, and use unique passwords for every site.

I break into computer systems for a living- the difference is I only do it when hired to do so and when I get in I provide the administrators with a report on how I did it and instructions on how to fix it. (It's called "penetration testing" in the computer security industry)

If the attackers got your email address and BRS password, you can bet they will try that same email and password on other sites, since they know most people don't like to remember multiple passwords and tend to use the sames ones over and over. The old adage used to be "never write your passwords down", but I actually feel you are safer to use unique passwords everywhere you can and write them down if you need to. Just make sure you lock up or secure that piece of paper when you aren't using it.. maybe keep a backup in your safe deposit box. I think most people can relate to physically securing a piece of paper more easily than they can the electronic world.

As for BRS, while I'm sure lots of people are mad, they appear to have done the right thing here. They detected the breach, called in experts, rectified the problem, and notified their customers. Not all companies are so forthcoming, and depending on the circumstances they sometimes aren't even legally compelled to notify their customers (though I have no idea what legislature applies to BRS)

If you think this is atypical, you should probably know that penetration tests by a skilled tester are more often successful than unsuccessful when the test isn't hampered by a tiny scope ("Only this unplugged system, only during this 5 minutes of the moon cycle, and only while the tester is yodeling" etc.)

Grandlotus
02/24/2015, 09:24 AM
You act like I'm not allowed to be angry.

Ooops. Sorry. I totally forgot we live in a blameless society. Carry on.

No emotions allowed!
:beer:

Pegasus209
02/24/2015, 11:52 AM
I received a letter from BRS today outlining the incident and the steps they have taken to protect their customers. Given the level of data that was available to hackers it seems like BRS has gone above and beyond to make amends. based on how it has been handled so far I certainly would not let this unfortunate incident deter me from shopping with them in the future.

Matt

I got the same letter with an offer for a free 1 year subscription to Expedian's ProtectMyID Alert. I didn't sign up for the Alert, as I always use PayPal on their site.. as with most others. I thought the breach was very professionally handled, and won't hesitate to shop with them in the future. Great bunch of guys up there at BRS!

Tank2379
02/24/2015, 12:46 PM
Got the same letters in the mail yesterday. Now I know why my card was tapered with. The one time I use it online and with Bulk Reef it happened. It happened not once but twice in a span of 2 months. Not Blaming Bulk Reef for the issues because it's happening to more and more companies and not just the small time ones either. Whoever is suppose to be in charge of the security features for all big named companies need to beef up there software to stop they folks from hacking into the system.

Tweaked
03/14/2015, 04:36 AM
I received the letter and also had my card compromised last week. Funny cause it's a card only used for reef purchases, so confident it was from the breach. After some time on the phone with card company last week, yesterday it was all fixed.

ageno125
03/23/2015, 09:01 AM
I received one as well. I havent notice anything funky with my credit credit card though..

BuckeyeFrags26
03/24/2015, 06:55 AM
I just got my letter in the mail yesterday offering me one year of identity theft protection. Who's going to pay for it the year after that and the year after that?

They need to fire their IT department.

Why would they fire their IT techs when its hackers that have compromised their systems. That would be like saying, You were working one day and someone came in an robbed a store you work for, Should You Be Fired?

Needless to say, They offered a free fraud protection for a year, that in my opinion is saying we at BRS want to extend our apologies and offer you a free year of fraud prevention service for a year. Take it as you see it though.
"I got one as well!, & Activated it!"
Happy Reefing....

BuckeyeFrags26
03/24/2015, 06:56 AM
I received one as well. I havent notice anything funky with my credit credit card though..

I got one as well, no nonsense on my end!

Curt2199
03/24/2015, 11:21 AM
Paypal for payments and LastPass for password management. Let the companies that do this full time manage those pieces as they will be the most secure. Not saying they can't be hacked but they employ teams of security analysts that are constantly doing penetration testing so their chances of being hacked are much less when compared to the average company. The only other website that I allow to store my credit cards besides paypal is Amazon for the exact reason above.

You can hire a handyman to do your plumbing or you can hire a plumber. If you're not paying for it anyway then why use the handyman?!?

SS_Sean
03/24/2015, 11:54 AM
My card I used at BRS (and other places) was hit with online purchases to the tune of $2000 back just after Christmas. They ordered a bunch of stuff from Macy's East online. I have no evidence to support the info came from BRS, but the timing is correct.

firebirdude
03/24/2015, 02:53 PM
I too got my letter and had my credit card number jacked. ~$380 from somewhere in France. First time in my entire life have I had someone use my credit card without my authorization. And I buy online quite a dang bit.

To whoever said the letters were too little too late, I completely agree. The letter came over a month after my credit card fraud. Could that mean it wasn't BRS's fault? Sure I guess. But like I said, this has never EVER happened to me before. So that would be a pretty friggin big coincidence.

Plasticmask
03/24/2015, 05:58 PM
What if you just switch to Paypal? That's what we use with BRS.

Lacy
04/01/2015, 06:59 AM
We placed an order several weeks ago and then the next day we got the notice that our card might have been compromised. :uzi: Wished they would have informed us before the purchase. We could have gotten one of those one time charge cards.

Nina51
04/02/2015, 07:50 AM
Who's going to pay for it the year after that and the year after that?

i'm not sure about this but i believe it automatically expires after the one year.

I received one as well. I havent notice anything funky with my credit credit card though..

same for me.

Chaucer
04/21/2015, 07:52 AM
2 days after my last purchase from BRS in April 2015 I have a fraudulent charge again on my bank card. This happened to me in January also? Has there been a 2nd set of problems on their website? I'm getting ready to call them, will update.

Chaucer
04/21/2015, 08:04 AM
I talked to BRS and they say they aren't having any problems at this time they are aware of. They have a new server and said they have all that taken care of? Leaves me wondering how my card got hacked this time? Hoping no other problems out there.

Jim.mer
04/21/2015, 08:37 AM
I got a letter from them, only thing is I moved 3 months ago and the letter was in a friends name who lives 600 miles away. It's a scam to drum up business

GhostCon1
04/21/2015, 09:37 AM
I got a letter from them, only thing is I moved 3 months ago and the letter was in a friends name who lives 600 miles away. It's a scam to drum up business

How could you possibly come to that conclusion??