Has Attitude been compromised again? Credit Card fraud detected... MAY be from them..

So, last CC charge that was legit was from Attitude. Roughly one month later.... $800 fraud from NewEgg.

I've read here before about Attitude getting hacked... many said it was their payment merchant gateway (who actually handles the CC stuff) who was hacked and they had shored up their security.... I was inclined to believe and have order 2 very small orders and had no issue on the 1st... And I watched closely given that I had heard on these forums that there had been issues in the past...

So, my initial gut reaction was IT'S THE ATTITUDE! --- they got me hacked! but.... I did call my CC company and disputed/shut down the card.

I followed that up with a call to NewEgg. Of course they can't reveal things like the shipping address unless you get through red tape (i.e. you're a LEO)... They advised me to call my local police department and file a report...

Now, here's the one thing making me think it WAS NOT due to my order from "The Attitude"..... The guy from NewEgg did reveal that the item ordered was a $800 Canon Camera lens and that it shipped to my very same city.... Hmmmmmmm.... So maybe it got compromised locally somehow, but I can say this... I don't use the card for much of anything... And my Attitude order was the only recent activity for many months...

I'll share more if I do find out more... BUt consider yourselves warned that it might be happening again.... Be pro-active and check yo' shit...


Side-note... Think I should talk to the local LEO's? I hesitate due to the fact of what "The Attitude" sells and my state now being too hip to it... Don't want any questions...
Just let the CC company and NewEgg sort it out?


Fucking scammers.... If "The Attitude" is using a payment gateway that got hacked AGAIN... They need to change their shit QUICK... I personally won't be ordering from them ever again if this proves to be the case.... I'll only order if I can tell they've changed their payment gateway company...

That is why I stopped using those clowns...they are either retarded or thieves ..either way no excuse.

I work in IT... so I have zero tolerance for that shit... And I know there are measures to be taken... Question is, did the Tude do their "due diligence" ?

Even in a department with a dedicated IT security team... this shit still happens... There's money to be had so the hackers have every bit of motivation they need. My employer is constantly warding off hackers globally... so I know it takes a concerted effort... but if you want to play on the Net.. you better be ready for the shady shit and dedicate the $$ and time to protecting your customers.

I dropped them a note and let them know they better keep their eyes on shit that it might have happened again.... In case THEY aren't the culprits behind it... Which I hope is the case...

Scary. I have checked my cc billing for a few months now since reading of Attitude fraud on charges. Nothing yet.

Wait... I don't remember attitude ever getting hacked the first time...? There a thread somewhere I missed?
And you're telling us the fraudulent items ordered from newegg are being sent to your home city?

Anybody you used that card with in the last 6 months (or longer for that matter) could be the culprit.
Could also be anyone that personally has/had access to your card.

Any specific reason why your jumping on attitude as the culprit?

I'm just asking questions here. None of this makes sense and I need it to make sense.

Amaximus said:

Wait... I don't remember attitude ever getting hacked the first time...? There a thread somewhere I missed?
And you're telling us the fraudulent items ordered from newegg are being sent to your home city?

Anybody you used that card with in the last 6 months (or longer for that matter) could be the culprit.
Could also be anyone that personally has/had access to your card.

Any specific reason why your jumping on attitude as the culprit?

I'm just asking questions here. None of this makes sense and I need it to make sense.

Click to expand...

The thinking behind it being possibly from dealing with the 'Tude was that I had read here/elsewhere that they or their processor had been compromised in the past (maybe quite some time ago??) and that they had addressed the problems... Before I did my 1st order I did quite a bit of trolling and reading forums here & other sites...

The 'Tude did reply and they have passed along the heads-up I provided to SagePay... Which is why I informed them of the potential that the compromise COULD HAVE come from that transaction with them... basically just a heads-up... they also confirmed that their site/systems do NOT store any of the CC info... as it should be... Which is smart... put that legal liability on SagePay!

The fact the item was shipped to my very same city - as I said - does make me think it wasn't the 'Tude... but... the manner I use that card doesn't present much opportunity for someone else to get ahold of the info & use it... Very few transactions on it... it's not my primary card. And the Tude was the last purchase and an overseas one at that...

Most who aren't in IT don't realize how many 3rd parties your information "flows" through to get between financial institutions... and each of them is a potential system to get hacked...

What someone should take away from my warning is simply this --- check your cards often for charges you don't recognize... I was simply too lax in reviewing mine...

Not in IT but I'm more familiar with the systems audits that occur and controls are (or should) be in place for things like this.

While I'm not so quick to point the blame on the Attitude, this makes me glad I spent the $3 to load up $200 on a prepaid visa when I ordered from them. BoA (if you use them) has a feature on their website which allows you to generate a "virtual credit card". It generates a valid Credit Card #, with the expiration date you select (max of a year), and sets a spending limit on it. I learned of this feature after I bought from Attitude but figured it'd be handy in situations where I was ordering from a place I couldn't trust. I just create a card for the amount I need and set it to expire in a day or two.

I ordered from Attitude last week, nothing fishy with my card has happened and my package is already in the US, currently NJ.

I've placed several orders to the east coast via attitude in the past few months with zero problems and no unauthorized purchases.

Of course I check my credit card transactions several times a week. You'd be stupid not to, No matter who you deal with.

I still think this is a non issue.

hackers can steal my CC all they want... I'm broke as egg yoke

if pre-paid visa's/mastercard's are used, this can all be avoided. you should be able to trust the company, i know, but why take the chance?

nsbudca said:

if pre-paid visa's/mastercard's are used, this can all be avoided. you should be able to trust the company, i know, but why take the chance?

Click to expand...

This can all be avoided regardless. Not that anything happened from what I can tell.

Sage pay is a PCI DSS Level 1 processor; I doubt the issue is with there system as they have to undergo some gruelling regulation to meet and stay compliant.

My business is PCI DSS Level 4 compliant and I carry 1,000,000.00 fraud insurance, any challenged amount is usually paid by the processing company back to the bank/customer.

Hope you find out the source of the problems, and if it is sage pay let us know!

regards,