Bulk Reef Supply Security Breach

[nj_evoIXgsr]

Quote:

Originally Posted by spieszak

Fear mongering is stupid. Thats what was done, and why I responded.
Got news for you. Your cash is only worth as much as your government says it is. I can get on board with all the conspiracy theories, but if you are going to do that, dump your cash, hoard gold. Otherwise, get with the times, and stop turning progress into something devious

What? Nothing wrong with cash but others commented on how they specifically only rely on cash.

Anyway, have a nice day!

[Jone]

Never had anyone hack my wallet,,if I want to buy something with cash,,I buy it get a receipt and done..Dont have to sign anything,,open a bill of any sort,,make a bank transaction to pay the bill plus worry about getting hacked and spending time to resolve it,,and my personal info possibly being stolen.. Cash is the best and fastest EVER..
You must work for some sort of internet company ,financial institution or government agency of some sort to think the way your post reflects or maybe a member of one of those hand held, spoon fed generations ...
The ONLY thing credit cards and debit cards make possible are long distance transactions easy and fast,,outside of that ,,there's nothing else..

Quote:

Originally Posted by spieszak

There isn't anything secure, or fast about cash... your delusion here is based on the idea that you can touch it. Electronic paper trails and computer generated transactions are much more secure and the speed at which they occur is so much faster than cash transactions as to find your suggestion laughable.

[spsfreak25]

Has anyone received a letter from them. I just got a letter telling me what happen and that i could be at risk cuz i placed a order on the day they was hacked

[Arkayology]

I had some fraudulent charges made on my cars a few weeks ago for airline tickets outside the country. I also bought from BRS recently. I guess this explains it.

[bizacon]

Quote:

Originally Posted by SoCalDude

I had some fraudulent charges made on my cars a few weeks ago for airline tickets outside the country. I also bought from BRS recently. I guess this explains it.

Same... I was wondering the same, but could be another source as well.

These are the moments I take a step back and realize who we are dealing with here-mankind. Whether you are a evolutionist, creationist, or other form, we all should agree on this...someone always find a way to abuse what someone else has created for good. Case and point here, or even dating back to the Romans.

BRS is a stand up company in my opinion abs they are demonstrating this by letting people know about the breach. I know other companies have swept things under the rug and not done anything.

[Frostslasher]

I also had my credit card hacked 1 day after ordering from BRS in early January before this started becoming an issue. My bank overnighted me a new card, I placed an order with BRS, and it was again hacked the next day. I made no other purchases on the second card. What kills me is when I called to get a third new credit card, I knew it was coming from BRS and asked if I could speak with someone in their fraud department and got the generic answer that they're looking into it. I felt a little insulted that I had what I thought was some valuable information and they could care less.

I'm not really sure how I feel about using BRS in the future because of this and whether or not their response was adequate, but I understand why holding something like this against them personally sounds foolish.

[gone fishin]

Got my letter in the mail today. Signed up for the protection service plan BRS offered. Now we will see how long it takes for some other dirtbag to cause me grief. My wife was involved with the Anthem mess going on now.

[rfgonzo]

I received my letter today. I will be signing up for their protection plan today or tomorrow. It says that you can be in jeopardy for identity theft up to a year.

[gone fishin]

If I had my way all these hackers would be dealt some pretty harsh justice.

[joshky]

Got my letter, guess I'll be signing up for the free plan and notifying my bank...

[Greaser84]

I got my letter yesterday, when I spoke with BRS they said that full credit card number's were not stolen. Seems like a lot of BRS customer's have been victims of theft lately though hmmmmm.. I only had one purchase during the time of the breach and used paypal, not sure if that offered any protection or not, although you are diverted to paypals website for payment processing. I have been getting a lot of out of state phone calls from "tax expert's" who did my taxes a couple years ago (I do my own taxes). The "tax expert's" wanted me to verify my SSN. Seems like our info may have been sold to other scammers looking to further scam us.

[Mandrake]

I have been ordering a lot from them lately , really makes me mad , these hackers are everywhere!

[bizacon]

Got my letter today as well. Luckily I have had the service they are offering due to the South Carolina state breach couple years back, target, Home Depot and .....

Funny thing, I shook Letter, like a kid does for their birthday, waiting for that coupon to fall out ( that includes Ecotech)

[frost0fractal]

Quote:

Originally Posted by Jone

Never had anyone hack my wallet,,if I want to buy something with cash,,I buy it get a receipt and done..Dont have to sign anything,,open a bill of any sort,,make a bank transaction to pay the bill plus worry about getting hacked and spending time to resolve it,,and my personal info possibly being stolen.. Cash is the best and fastest EVER..
You must work for some sort of internet company ,financial institution or government agency of some sort to think the way your post reflects or maybe a member of one of those hand held, spoon fed generations ...
The ONLY thing credit cards and debit cards make possible are long distance transactions easy and fast,,outside of that ,,there's nothing else..

If someone steals your cash, it was yours, but there is no way to prove it other than your word, you're SOL in this case. However if someone steals a card, and use it, they are using the bank's money. Nowadays there are protections in place as well that most banks that offer CC's don't hold you liable for charges that weren't yours, and are good at catching them. Also unless you found a way to feed your computer cash and have it come out on the other side intact, I'm pretty sure you can't buy anything online with cash. I'm not trying to be a dick here, just wanted to offer a logical counter argument.

[kendrid]

This is why I use Paypal to pay with my credit card on any site that accepts it. Paypal is run by a multibillion dollar company and I trust their security more than Joe Blow's website coders. When you pay with Paypal the online store never gets any of your credit card information.

[firemedix911]

Add me to that list. As we speak my Debit card has been closed due to 7 attempted charges on it. Thankfully my bank is on top of things. I still have to got the bank tomorrow to get a temp card and wait for the new one. I kept banging my head trying to figure out how they got my info. I haven't used the card locally to buy anything. I use cash bc of fear of this same problem.

[broncofish]

I got hit as well. The thing I do not understand is why they were aware of the issue weeks ago (Jan 30th) and are just now getting those letters out. Sure would have been nice to cancel the card before fraudulent activity. I also dont see how their attempt at an apology is a credit monitoring service. Thats included with any reputable cc company anyways. How about a "Sorry this happened, we would like you to take a chance with our business again, here's a coupon". But that would be too reasonable.

[hobineros]

I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down.

[hobineros]

Quote:

Originally Posted by hobineros

I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down.

I still have the emails as well. I made them aware of this months ago, and now they screwed so many people.

[MarksReef]

Quote:

Originally Posted by hobineros

I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down.

You lost $3500? Your cc didn't cover it? In the words of Milton? Really?

[Ramble On Rose]

I recieved a letter from BRS as well. Also just got this in an email from Premium Aquatics-

Due to recent events of one of our fellow aquarium stores. We wanted to assure everyone of our security with your credit card information. It's such a shame to see all these attacks in the news, but especially when it hits so close to home with a fellow aquarium store. We wanted to explain our system again below and also let everyone know we are being much more strict on where your orders are shipping too and asking for additional information when necessary. We know it can sometimes be a burden, but we want to make sure everyone placing an order owns the credit card to protect you and us.

Credit Card Tokenization (data security). Unless you've been living under a rock (and you're not a fish in an aquarium, so why would you?), we know you've heard about all the credit card hacking that's been taking place. We want our customers to place worry-free orders, so for the last year we have been using an advanced tokenization method. It works like something like this: when you enter your card info, the data is never sent to our servers. Instead, it's split into tokens and we receive authorizations. We'll only have the last four digits of your card - worthless to any hacker. While it's an expensive service, we firmly believe there's no price too high to pay for your peace of mind.

[Spyderturbo007]

Quote:

Originally Posted by Ramble On Rose

Credit Card Tokenization (data security). Unless you've been living under a rock (and you're not a fish in an aquarium, so why would you?), we know you've heard about all the credit card hacking that's been taking place. We want our customers to place worry-free orders, so for the last year we have been using an advanced tokenization method. It works like something like this: when you enter your card info, the data is never sent to our servers. Instead, it's split into tokens and we receive authorizations. We'll only have the last four digits of your card - worthless to any hacker. While it's an expensive service, we firmly believe there's no price too high to pay for your peace of mind.

I'm shocked that someone as large as BRS wasn't on this bandwagon.

Premium Aquatics just got a new customer.

[Breadman03]

There once was a secure facility, created with the sole purpose of isolating the facility from any and all outside electronic access. It was hack proof because it was entirely isolated from the Internet. Someone found how to penetrate the electronic vacuum by having a virus piggyback on a thumb drive. Look into the Korean nuclear hack.

One can build an incredibly secure network, but thieves are working day in and day out to determine where cracks in the wall exist. Just like a leak in your roof, it is much more likely that you will discover it when you see water spotting inside than discovery before water penetrates. While it stinks that BRS was compromised, they are doing the right thing in addressing the issue. Heck, they are doing more than the DoD did for me when they lost my info. A couple times.

Due not to the BRS breach, but the nature of modern thievery, I am in the process of restructuring my banking network. I used to have one checking account and everything went through it. I'm structuring accounts by expense type now. Monthly bills get one account. Daily expenses, where my card information is more susceptible to getting skimmed, have another account so that I have less risk of bouncing a payment due to theft, or not realizing that my wife bought something that would make us bounce a payment.

We each have a credit card that is used for uncommon purchases, such as a large auto repair bill or renting a car for vacation since neither of our cars is big enough for the entire family, which is paid in full when the bill comes in. Gotta rebuild our credit after the housing market crash crushed us.

[soulpatch]

in a way they are with the paypal integration. Paypal only sends them an authent code.

I am unsure how they handle payments when you do not store Credit card info but it is that storing for future purchases that opens you up and what was taken from what I gather.

[MondoBongo]

Quote:

Originally Posted by Breadman03

There once was a secure facility, created with the sole purpose of isolating the facility from any and all outside electronic access. It was hack proof because it was entirely isolated from the Internet. Someone found how to penetrate the electronic vacuum by having a virus piggyback on a thumb drive. Look into the Korean nuclear hack.

this is known as a air gapped network. they're common place on very secure locations, but just like you pointed, humans are always the weak point.

the usb mechanism you mentioned is precisely the attack vector used by stuxnet (possibly the coolest malicious code ever written) to penetrate and sabotage Iranian nuclear accelerators.

the command and control infrastructure alone was impressive. wired has a great write up on it:

http://www.wired.com/2014/11/countdo...o-day-stuxnet/

i can't find the link right now, but i read an article a while back reporting on a study of these rogue usb sticks. apparently if you drop a usb stick somewhere, there is a really good chance someone is going to pick it up and put it in their computer.

if that usb stick happens to have a company logo on it, the success rate is frighteningly high.