Greysheets Website was Hacked
AACoinCo
Posts: 241
FYI: I received a letter this week from the United States Postal Inspection Service and it stated “After a forensic examination of the suspect’s (Amirsarmad Mirzadehazad) computer, a spreadsheet containing information was discovered. This information consisted of Social Security Numbers, Dates of Birth, Addresses, and Credit Card information.” Apparently 18 months ago the Coin Dealer Newsletter or Greysheet had their web site hacked and the entire database of customer information was downloaded. Check you’re CC’s carefully!
I spoke with a Diane Downing at the CDN and she said that they indeed knew that the information was hacked. Although they knew that this information had been obtained they failed to inform their customers of the potential for a fraud to inflicted upon them by this scumbag. Diane asked “what do you want me to do about it?” I wanted her company to inform me, the consumer. In this way I could take precautions by canceling the card and thus prevent potential problems.
With the type of information obtained the person could open charge accounts, start telephone and other services and thus ruin your hard won credit. I find the action of CDN to be an egregious abuse of our trust and the consumers should let them know your feelings.
PS-I ordered my credit report today!
I spoke with a Diane Downing at the CDN and she said that they indeed knew that the information was hacked. Although they knew that this information had been obtained they failed to inform their customers of the potential for a fraud to inflicted upon them by this scumbag. Diane asked “what do you want me to do about it?” I wanted her company to inform me, the consumer. In this way I could take precautions by canceling the card and thus prevent potential problems.
With the type of information obtained the person could open charge accounts, start telephone and other services and thus ruin your hard won credit. I find the action of CDN to be an egregious abuse of our trust and the consumers should let them know your feelings.
PS-I ordered my credit report today!
0
Comments
Where did you order your report from? I better check mine.
Great transactions with oih82w8, JasonGaming, Moose1913.
How can they NOT INFORM THEIR CUSTOMERS! That's ridiculous!
I just read an article about identify theft and sometimes these people sit on the information for a year or two, waiting for people to reduce their vigilance. How wonderful, having to monitor my credit report for the next five years or more.
Jerks.
BTW, thanks for letting us know, Bob. I do appreciate it.
New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.
Thanks,
Carol
Free Trial
They're not exactly inspiring confidence in me.
Sean Reynolds
"Keep in mind that most of what passes as numismatic information is no more than tested opinion at best, and marketing blather at worst. However, I try to choose my words carefully, since I know that you guys are always watching." - Joe O'Connor
I typed that (I thought) but it didn't work. I guess my spelling abilities are getting worse as I get older.
I see from the posts that they didn't notify anyone directly. Did they post this on their site any where?
I'd be interested in knowing how they got in and what they are doing to prevent it from ever happening again.
We have such strict security measures implemented by our IT guys for our systems that I find it interesting to see how other sites security measures were circumvented.
Carol
Equidax CRB
800-685-1111
Experian
888-397-3742
Trans Union
800-916-8800
The sad part about this is that the Federal Government is looking out for my interest better than one of my industry peers!
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
J&J Coins
website
Wild Ebay Toners for sale
The big O
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
No wonder the dealers think this market is WHITE HOT !
No wonder the dealers think this market is WHITE HOT ! "
Now thats funny
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
incursion and loss of customer private data, failure to do so can have 'consequences'. Might be worth
making a few calls to some associates in the network security industry out that way.
Everything is linear if plotted log-log with a fat magic marker
Tom
<< <i>If they do any business in CA (I'm sure they do) they are REQUIRED to report any
incursion and loss of customer private data, failure to do so can have 'consequences'. >>
CDN is located in California.
New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.
So they might be off the hook if they only interact online, but I suspect that is not the case.
Everything is linear if plotted log-log with a fat magic marker
<< <i>Why in the world would you ever give a company, such as CDN, your Social Security Number? >>
I was just wondering exactly the same thing. Once a month I buy a copy off their web site, and it has never asked for my SS#.
Russ, NCNE
www.transunion.com
www.experian.com
www.equifax.com
Go BIG or GO HOME. ©Bill
I think the only thing I ever gave them was my CC#. I never renewed my subscription & that CC is long gone.
Great transactions with oih82w8, JasonGaming, Moose1913.
FYI, as recently as a couple weeks ago, CDN is still storing your credit card information. I ordered a sheet and then went back and changed my credit card number to something bogus. Glad I did.
It's something to be careful with whenever you are purchasing online. Most people know you shouldn't transmit sensitive information unless you're on a secure connection (https:// in the address and that little padlock icon in the bottom of your browser) but that only protects the information from being intercepted while you are communicating with the web site. It does nothing to protect your information after the web site gets it.
And credit card numbers are generally stolen by someone hacking into a database (as happened to CDN), or physically gaining access to the computer storing the database, not by intercepting individual web browser transactions.
In my opinion a small company (like CDN) simply does not have the technical resources or budget to responsibly protect an on-site database of card numbers.
I'm definitely of the small-variety company
John Marnard Keynes, The Economic Consequences of the Peace, 1920, page 235ff
And, I'll tell you what. If the average consumer were aware of how many times a day hack attempts are made against merchant sites it would scare the crap out of them. Even as a very tiny business, I get dozens a day.
Russ, NCNE
Unless the credit card was actually swiped through a card reader (whcih is different than someone punching in the number on the machine) or your signature is attached to a credit slip, if you dispute the charge, the merchant has to prove its validity. It's NOT the other way around.
The credit card folks try to scare everyone with this stuff because if they don't catch the crook, they eat the charge and take the loss.
I am certain that I used it at least once to purchase some GS's online.
I cancelled it after buying my new truck and opened a different one that I have used 1 or 2 times in the past year.
here is GS's contact info!!!!!!!!!
Our Mailing Address is:
CDN
P.O. Box 7939,
Torrance CA 90504
Phone: 310-515-7369
Fax: 310-515-7534
Email: orders@greysheet.com
<< <i>You guys are getting worked up over nothing.
Unless the credit card was actually swiped through a card reader (whcih is different than someone punching in the number on the machine) or your signature is attached to a credit slip, if you dispute the charge, the merchant has to prove its validity. It's NOT the other way around. >>
Tell that to somebody who becomes a victim of identity theft, has their credit history completely trashed, then spends months and even years cleaning up the mess.
<< <i>Unforuntately Barry, it's not that simple. Card companies will require you to prove that you didn't make the purchase. Have you ever tried to prove a negative? >>
Actually, he's 100% correct. It is that simple with internet transactions. The merchant must prove the transaction, the cardholder has to do nothing but file the chargeback, stating the reason. If the merchant can't prove it's a legitimate transaction, the re-imbursement is automatic.
Russ, NCNE
I speak from both sides of the fence here - as a credit card user and as a merchant. It is up to the merchant to prove the charge was valid if the buyer disputes it.
Yes, I have disputed charges in the past. For example, a restaurant that double billed me for dinner. All I had to do was call the 800 number on the card, explain the dispute and the charge was temporarily removed until the investigation was complete. In this case, the merchant never responded to the inquiry, and the charge was permanently removed after about 60 days.
Experience the World through Numismatics...it's more than you can imagine.
I'm stunned that they would not inform their customers! It may be a violation of their stated privacy policy if they had one in place when the breach occured. Also, if the breach occured before the regulations in CA or wherever went into the books then not much can be done to them.
Web site security is not necessarily easy, but with some vigilence, planning, and good programming the risks are very few. Judging from their website when I first saw it, they don't seem to have the best staff in place. Or the programmers/IT people cannot get the equipment they need. I'm taking a glance at it again right now... I don't want to monkey with it too much but I bet I could get a good cross-site scripting hack on it. And a good form post hack would probably work.
Obviously SSN is not needed by any company and I hate that they request it. Some even "require" it though I believe it's required to be optionally supplied by law now. Many companies try to get away with it until you remind them to use the newer forms and regulations. Then miraculously you get the "corrected" forms.
The reason it can be such a big deal is not how much money you are out of pocket with fraudulent purchases on your existing credit cards but trying to clear your credit history of fraudulent purchases. They can easily open up another account using the data retrieved and have statements sent to some phoney address. You will never even know your credit history was trashed but there will be plenty of default judgements against you since you are not even receiving statements, dunning notices or court documents. Then when you go to finance that next mortgage or car you'll be flagged.
I can think of a dozen reasons not to have high capacity magazines, but it's the reasons I haven't thought about that I need them.
09/07/2006
Michael
<< <i>slight rumblings >>
I hear an earthquake coming!
09/07/2006
<< <i>She said that no one has complained and that she was completely indifferent to any complaints. >>
Talk about "clueless" -- duh!! How could anybody complain when they hadn't yet learned their info had been ripped off. It takes time for the inspectors to get notices out and then only after they'd nabbed the guy. Greysheet needs to get their legal act together!
Come on over ... to The Dark Side!