Jump to content

Defender Marine - Hacked. Watch your Credit Cards

Slowboat

By Slowboat,
in Sailing Anarchy

 Share Followers 1

Recommended Posts

Slowboat

Slowboat 22

Posted
Posted

I got a notice from Defender that they had malware injected into their system recently. Unfortunately the notice was 24 hours after I got a few grand worth of charges from a PayPal account that hit my debit card. 

Watch closely if you recently placed an order. No idea how long it was going on. 

 

 

  • Like 1
Link to post
Share on other sites
apophenia

apophenia 263

Posted
Posted

I received an email notification and a letter in the mail. Credit to Defender for notifying people in a timely manner.

I use a password manager for everything important now. It was trivial to verify that I don't share my Defender password with any other sites.

Link to post
Share on other sites
  • 3 months later...
brycechard

brycechard 0

Posted
Posted

This is terrible news, because there are people who are poorly versed in this or they are too trusting. And therefore they are easily deceived and scammers can steal money from their card. The most annoying thing is that good people lose their money, and bad people earn money on the contrary. An interesting story happened to me once. I made friends with a guy from Finland and we sometimes exchanged a few words in Finnish. I didn't know him well, but I understood him and he could say something in his own language as a joke. And so he asked me: mistä lainaa velkojen maksuun(where can I get a loan to pay off my debts? I asked him: what happened? It turned out that he helped someone pay for a purchase, and that person was a fraudster and he somehow got remote access to his card and stole all his money. In general, a very unpleasant situation, so be careful.

Link to post
Share on other sites
ryley

ryley 682

Posted
Posted
4 hours ago, brycechard said:

This is terrible news, because there are people who are poorly versed in this or they are too trusting. And therefore they are easily deceived and scammers can steal money from their card. The most annoying thing is that good people lose their money, and bad people earn money on the contrary. An interesting story happened to me once. I made friends with a guy from Finland and we sometimes exchanged a few words in Finnish. I didn't know him well, but I understood him and he could say something in his own language as a joke. And so he asked me: mistä lainaa velkojen maksuun(where can I get a loan to pay off my debts? I asked him: what happened? It turned out that he helped someone pay for a purchase, and that person was a fraudster and he somehow got remote access to his card and stole all his money. In general, a very unpleasant situation, so be careful.

ok but that isn't what happened in this case. In this case, somehow Defender's server was hacked and malware was in place, so basically you would have been scammed just by doing business with them.

Edit: but yes, Apophenia is correct - they were very quick to provide updates about the situation. Kudos to them.

Link to post
Share on other sites
PurpleOnion

PurpleOnion 293

Posted
Posted (edited)

Ignore please.  I didn't realize the date of the first post

Is the message you received specific in that it says you were identified as one of the people whose data was exposed?

I'm asking because I placed an order last Thursday and another yesterday, but haven't received any notification via email or when I log in?

Good news is that I changed my password from 123456 to 654321.

 

 

Edited by PurpleOnion
  • Like 1
Link to post
Share on other sites
ryley

ryley 682

Posted
Posted
9 minutes ago, PurpleOnion said:

Ignore please.  I didn't realize the date of the first post

Is the message you received specific in that it says you were identified as one of the people whose data was exposed?

I'm asking because I placed an order last Thursday and another yesterday, but haven't received any notification via email or when I log in?

Good news is that I changed my password from 123456 to 654321.

 

 

they seem to have corrected the error ;)

Link to post
Share on other sites
Slowboat

Slowboat 22

Posted
  • Author
Posted

I thought I would clarify a few things. I love Defender, but their website tech is crap, and their website was compromised for a very long time: 

"Based on our investigation, it appears that payment cards used by customers for online purchases between November 22, 2020 and April 15, 2021 may be involved"

1: That is disgraceful. I'm in the ecommerce world, and hackers are real, but to go for 6 months without detecting the issue makes me question their business practices (were PCI scans really up to date?)

2: Never use a debit card for ecommerce (lesson learned). It took me 3 months to get the cash that was taken from my account back. Our bank was People's United, and they did everything in their power to deny the claim. We are now switching banks due to their unwillingness to honor fraud claims.  Never use a debit card for this stuff, because they can take the money out of your account...liability is way different than with a credit card. While the Debit card does have a "zero liability" claim (through Mastercard or Visa) you are at the mercy of the bank. 

 

Link to post
Share on other sites
SEC16518

SEC16518 114

Posted
Posted

My card got hit from this.....a bunch of small transactions on the other side of the country.  Only noticed it after a few months, reported it to my bank and all of the charges were credited.  The card was replaced and all is good now. 

Link to post
Share on other sites
ryley

ryley 682

Posted
Posted
6 hours ago, Irrational 14 said:

buying beauty supplies

that's  how I knew mine had been hacked. They shipped a metric shit-ton of Olay products TO MY ADDRESS. umm.

Link to post
Share on other sites
Snaggletooth

Snaggletooth 5,150

Posted
Posted
2 minutes ago, ryley said:
6 hours ago, Irrational 14 said:

buying beauty supplies

that's  how I knew mine had been hacked. They shipped a metric shit-ton of Olay products TO MY ADDRESS. umm.

Didde thay macke you feelle youngere, moire beutifulle, and confidentte?  Askeng foire a frende............               :)

  • Like 1
Link to post
Share on other sites
ryley

ryley 682

Posted
Posted
3 minutes ago, Snaggletooth said:

Didde thay macke you feelle youngere, moire beutifulle, and confidentte?  Askeng foire a frende............               :)

well.. now that you mention it.. :)

  • Like 1
Link to post
Share on other sites
apophenia

apophenia 263

Posted
Posted
1 hour ago, ryley said:

that's  how I knew mine had been hacked. They shipped a metric shit-ton of Olay products TO MY ADDRESS. umm.

eBay is your friend. People spend boat bucks on cosmetics and fashion items, and there are active communities that seek out and trade items that are generally rare or just hard to get locally.

 

 

 

Link to post
Share on other sites
ryley

ryley 682

Posted
Posted
1 minute ago, apophenia said:

eBay is your friend. People spend boat bucks on cosmetics and fashion items, and there are active communities that seek out and trade items that are generally rare or just hard to get locally.

 

 

 

actually, I did what I thought was the right thing and contacted Olay and they sent me instructions to send it all back. Of course, they also inventoried it all to make sure I hadn't kept any of it LOL

  • Like 1
Link to post
Share on other sites
apophenia

apophenia 263

Posted
Posted
10 minutes ago, ryley said:

actually, I did what I thought was the right thing and contacted Olay and they sent me instructions to send it all back. Of course, they also inventoried it all to make sure I hadn't kept any of it LOL

I was thinking about this from the perspective of receiving a random package, but it occurs to me that the situation might be different with regard to what are effectively stolen goods. 

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...
MauiPunter

MauiPunter 1,371

Posted
Posted
On 8/31/2021 at 11:01 AM, PurpleOnion said:

Ignore please.  I didn't realize the date of the first post

Is the message you received specific in that it says you were identified as one of the people whose data was exposed?

I'm asking because I placed an order last Thursday and another yesterday, but haven't received any notification via email or when I log in?

Good news is that I changed my password from 123456 to 654321.

 

 

'password' is the best password, cause what idiot would ever use password as the password.   #AmIRight? 

  • Like 2
Link to post
Share on other sites
DELETED

DELETED 208

Posted
Posted

I still have an actual cheque book.. Ah those were the heady days of hedonistic paper and ink gamble game... Would the check be cashed before my wages made it to my account 3-5days later??... Those beers always tasted better with a pinch of fraud risk...:-D The local publican did advise me to round the edges of the cheque next time i give him a bouncer, apparently at least they bounce straighter than with square edges.:-) 

 

Link to post
Share on other sites
Guest

Guest

Posted
Posted
On 8/31/2021 at 9:07 PM, brycechard said:

This is terrible news, because there are people who are poorly versed in this or they are too trusting. And therefore they are easily deceived and scammers can steal money from their card. The most annoying thing is that good people lose their money, and bad people earn money on the contrary. An interesting story happened to me once. I made friends with a guy from Finland and we sometimes exchanged a few words in Finnish. I didn't know him well, but I understood him and he could say something in his own language as a joke. And so he asked me: mistä lainaa velkojen maksuun(where can I get a loan to pay off my debts? I asked him: what happened? It turned out that he helped someone pay for a purchase, and that person was a fraudster and he somehow got remote access to his card and stole all his money. In general, a very unpleasant situation, so be careful.

so he was finished then

Link to post
Share on other sites
Guest

Guest

Posted
Posted
11 hours ago, MauiPunter said:

'password' is the best password, cause what idiot would ever use password as the password.   #AmIRight? 

Shit yes, its the one I always use, it's the best password although I did consider covfefe which is really the best word folks

Link to post
Share on other sites
Foreverslow

Foreverslow 495

Posted
Posted

This is not the first time Defender has been hit.  I got burned years ago when I got a call for an electronics retailer asking if I was drop shipping high end stereo gear to the other coast.  They stopped the order when I said no I had not ordered anything.

 

Next day I got a call from the FBI in Hartford.  Evidently Defender's web site had been hacked via an underlying commercial web package they used, along with a couple dozen other web sites.  I had to cancel all my cards and was leaving for a vacation in Aruba the next morning. Luckily had a couple grand in traveler cheques at home (remember those?).  But Defender had never told a soul about the hack.

Luckily the FBI caught the SOB who ordered the stereo gear and he got seven years at Club Fed (don't you love a happy ending?).

 

So it sounds like Defender at least warned folks that they had been compromised  this time which is start.

 

<rant on>

Fucking idiots to keep credit card details in the first place.  Used to work for one of the largest computer companies in the world. Though most the money was via purchase orders, we still did billions on credit cards every year.   And we never stored a single one.  You give us your card number, we do a real time transaction to VISA with the details and they ok the charge with a transaction code.  We kept the transaction code but never stored your credit card number.  NEVER!  

If there was an issue, we could always contact the bank with the transaction code and resolve the issue as they had the details.  Should we be hacked, the transaction code is useless to hackers. 


Why web sites think they ought to hang onto your credit card details is beyond me.  Shows ignorance of business processes.  All the risk for what?  If a hundred billion dollar a year company who secures computer systems for governments and companies around the world does not keep credit card details, why should some mom and pop business?

<rant off>

Link to post
Share on other sites
Marcjsmith

Marcjsmith 1,005

Posted
Posted
4 hours ago, Foreverslow said:

<rant on>Fucking idiots to keep credit card details in the first place.  U

What I know about e commerce would fit in the eye of a needle.  

But is it possible that the hackers, since the breach had been going for some time, just skimmed the cc info as it was coming in for purchases, Rather than a one time grab for data?

 

 

Link to post
Share on other sites
Foreverslow

Foreverslow 495

Posted
Posted
31 minutes ago, Marcjsmith said:

What I know about e commerce would fit in the eye of a needle.  

But is it possible that the hackers, since the breach had been going for some time, just skimmed the cc info as it was coming in for purchases, Rather than a one time grab for data?

 

 

can go both ways.   grab a list and then come back to grab new victims later.

Most the time, they sell your information on the dark web for quick cash.

They will sell the same list to dozen of people.

 

My point is if the data does not exist to steal, there is nothing to worry about.

as I said, why do companies take the risk? The only thing you can do with  it is to offer to have the cc number on file for repeat customers.

We did not think the risk was worth it.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing
×
×
  • Create New...