[NSRCA-discussion] FMA Database Compromised
Matthew Frederick
mjfrederick at cox.net
Wed Nov 19 19:23:07 AKST 2008
You'd be amazed what information someone with the proper connections can get their hands on. Usually the name on the card and the billing zip code are required to process a credit card transaction, and they're probably stored together. If I have someone's name and know where they live, I can get an address, phone number, SSN, names of neighbors, relatives, where they work, all kinds of fun stuff. Then again, I work for the government, I guess that's kinda cheating. Then again, these types of people don't really let illegal searches stop them either.
Matt
----- Original Message -----
From: Chris Moon
To: General pattern discussion
Sent: Wednesday, November 19, 2008 8:32 PM
Subject: Re: [NSRCA-discussion] FMA Database Compromised
Guys:
I kind of doubt it was simply a breach of their external credit card processor, and here's why. On Monday, I received a small print order (less than $6) from an online printing company. The small box had my name and address correctly on it and it was from a company that had 3 of the fraudulent charges on my credit card. I did not order this stuff of course, but the thieves clearly had not only my valid credit card number and expiration date as a processing company might have, but had my correct name and address to go with it. One of the online forums had a posting from a guy who said they had enough info on him to get this bank to release the pin# for his card to THEM and subsequently took out $400 in cash advances. So unless the credit card processors need the name and address data too in order to process the charges (I know for a fact they did not need this data years ago), I think it was the FMA internal server that was hacked, or an inside job from an employee or ex-employee - which I think is most likely.
Chris
Pete Cosky wrote:
That's the truth. A lock only keeps an honest man honest.
From what I gathered it wasn't FMA that was compromised, it was their payment processor, which begs the question how many other businesses are impacted by this breach.
----- Original Message -----
From: Archie Stafford
To: 'General pattern discussion'
Sent: Wednesday, November 19, 2008 7:29 PM
Subject: Re: [NSRCA-discussion] FMA Database Compromised
Matt,
The security symbol would not have helped here. I'm sure FMA has a fairly secure site. Their database was what was compromised. Technology improves daily for this type of fraud.but so do the people doing it.
Arch
--------------------------------------------------------------------------
From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of MATT LIPRIE
Sent: Thursday, November 20, 2008 4:53 AM
To: mups1953 at yahoo.com; General pattern discussion
Subject: Re: [NSRCA-discussion] FMA Database Compromised
That is why I am so leary of using a credit card somewhere like that. Plus I do always check if the website has a little security symbol on the bottom of the page.
Matthew L.
----- Original Message -----
From: mike mueller
To: General pattern discussion
Sent: Wednesday, November 19, 2008 7:52 AM
Subject: Re: [NSRCA-discussion] FMA Database Compromised
Bingo, that explains it. Good catch!
--- On Tue, 11/18/08, MKMSG <mkmsg at cox.net> wrote:
From: MKMSG <mkmsg at cox.net>
Subject: [NSRCA-discussion] FMA Database Compromised
To: "NSRCA Discussion List" <nsrca-discussion at lists.nsrca.org>
Date: Tuesday, November 18, 2008, 11:14 PM
If any of you have recently bought products on line from FMA Direct using a credit card, check your credit card account. FMA's database has been compromised/hacked and whoever has the information is making charges against the credit cards. I read this in the electric forum on Ezonemag.com. Sure enough, when I brought up my VISA account, there was a NAPSTER charge there so I cancelled the card. You might want to check yours if you've done business on line with FMA recently.
Mike
_______________________________________________NSRCA-discussion mailing listNSRCA-discussion at lists.nsrca.orghttp://lists.nsrca.org/mailman/listinfo/nsrca-discussion
------------------------------------------------------------------------
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.9.7/1799 - Release Date: 11/19/2008 8:58 AM
--------------------------------------------------------------------------
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
----------------------------------------------------------------------------
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
------------------------------------------------------------------------------
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20081120/9a12f92c/attachment.html>
More information about the NSRCA-discussion
mailing list