IMPORTANT: DeepDiscountDVD Security problems

Discussion in 'General' started by JW77, Oct 10, 2004.

  1. JW77

    JW77 Support Halliburton

    Joined:
    Nov 19, 2001
    Messages:
    2,366
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Korova Milk Bar
    I'm putting this thread in the "General" forum, even though it's probably more approrpriate elsewhere on this board, but this is a very important issue.

    There is a thread on the Home Theater Forum, and multiple threads on DVD Talk that go into more detail, so anyone who has used Deep Discount DVD or Deep Discount CD should check those out.

    Looks like sometime yesterday the site started bugging and began throwing logged-in users into random accounts. At this time, it appears that the problem might be limited only to users who have recently logged in, but it's still unknown at this time.

    The site was taken down for a short time today, but it's back up, and some users are still reporting problems.

    I would urge anyone who has an account at either Deep Discount site go to DVD Talk and monitor the threads there, in addition to keeping an eye out for any suspicious activity in your Deep Discount accounts, the credit cards you use with them, and the e-mail accounts you associate with them such as order/ship confirmations for orders you did not place.
     
  2. onebyone

    onebyone Guest

    I was trying to order Slacker on DVD and all this additional stuff was in my cart. This is not the first time this happened to me at DDD so I didn't freak out appropriately at the time. I just took out the other stuff and placed my order. Afterwards, I got 2 emails from strangers telling me they got into my account on DDD last night. When I tried to go investigate, I couldn't get into my account, but I could get into a seemingly endless string of other people's accounts. It is really quite a bad security breach.
     
  3. Nemesis

    Nemesis Guest

    what the FUCK, my account no longer exists.. if this mean i've lost my pre-orders i'll be pissed off
     
  4. RyanPC

    RyanPC Guest

    Can one take their credit card info off of DDD so no one has access to it?

    EDIT: I went in and deleted the card number and chose Bill Me Later as a safety precaution.
     
    Last edited by a moderator: Oct 10, 2004
  5. Dave

    Dave Pimp

    Joined:
    Sep 28, 1999
    Messages:
    7,373
    Likes Received:
    597
    Trophy Points:
    113
    Location:
    Boston, MA
    All will be forgiven if they issue a 20% off coupon.
     
  6. Nemesis

    Nemesis Guest

    you know they will, in late november i'm sure ;)
     
  7. Myron Breck

    Myron Breck Boom Shanka

    Joined:
    Jul 25, 2004
    Messages:
    5,065
    Likes Received:
    504
    Trophy Points:
    113
    Location:
    Atlanta
    I did the same on my account.....scary stuff. :nervous:
     
  8. Morg

    Morg Guest

    Thanks for the info, man. Luckily, everything was in order on my account.
     
  9. onebyone

    onebyone Guest

    But the question is, did anyone else get into your account last night? If so, was it innocent or did they copy down your address et al. to go apply for fradulent cards, for example? That we won't know for awhile. The entire Account Information page was unsecure last night.
     
  10. Mortis

    Mortis GARBAGE DAY!

    Joined:
    Oct 22, 2001
    Messages:
    7,419
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Pittsburgh, PA
    I went and changed mine.
     
  11. shift

    shift Hot as shit!

    Joined:
    Mar 24, 2002
    Messages:
    3,463
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    - TeXaS -
    damn that sucks all.
     
  12. Morg

    Morg Guest

    Oh, absolutely good point. No indication of any suspect activity on my card, but your right about what could still take place. Your point is well taken.
     
  13. maybrick

    maybrick Well-Known Member

    Joined:
    Jul 30, 2001
    Messages:
    11,664
    Likes Received:
    1,242
    Trophy Points:
    113
    Location:
    Keene, NH
    Fortunately, my credit card expired last month, so I should be pretty safe.
     
  14. Andrew

    Andrew Guest

    Luckily the account info doesn't display your entire credit card number, only the last four digits. I don't think anything happened with mine, as the order status is the same as it has been and I didn't get any odd emails. Hopefully nothing odd pops up.
     
  15. Nemesis

    Nemesis Guest

    they can't get your credit card details, all they can do is get your address details (which i'd guess could be obtained from a phone book anyway) or change your details to theirs and place an order (which could obviously be seen by DDD and you'd be able to get refunded).. all of which are hassles you should not have to put up with and DDD are entirely at fault.. but still it's not the end of the world and i dunno if i'd bother doing anything proactively
     
  16. dwatts

    dwatts Active Member

    Joined:
    May 13, 2002
    Messages:
    16,579
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Crashed
    I checked my account, everything is fine.
     
  17. Dilmo

    Dilmo Guest

    This place is fucked up royally. I change to Bill Me, but it won't let me log out. Assholes! :fucked:
     
  18. Andrew

    Andrew Guest

    I think it would be wise on DDD's part to cancel all order made in the last 24 hours or however long it's been since this bug first occured. Sure it'd be a pain for the people who truthfully made their own orders, but it'd save a lot of headaches for those who had issues.
     
  19. dwatts

    dwatts Active Member

    Joined:
    May 13, 2002
    Messages:
    16,579
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Crashed
    I have no idea how their system works - but it ought to be very simple for them to know how many orders were made and to correct them. This type of thing is annoying, but no more. It also assumes that anyone who actually uses the site is malicious enough to mess with peoples accounts. I'm sure there are some, but not that many.

    I'd guess they'd figure this out quickly and resolve any issues. When sites lose credit card numbers I get pissed - but this just doesn't seem like a huge problem to me - at least at the moment. We'll see how it develops I guess.
     
  20. Metronome

    Metronome Guest

    I think it should be "All will be forgiven if they stop using such crappy shipping that results in damaged discs."

    And then the 20% off coupon.
     

Share This Page