A hacker or hackers had attacked Hobby Search server early this month and as many as 23,526 credit cards information have been compromised for orders prior to July 7. They switched to a more secure transaction that only allows them to store the last four digits of a credit card number after July 7. Even though they don’t store personal identification number or security on the back of your credit card, the damage has been done and malicious acts on your credit card may occur.
Timeline of events as below (directly quoted from Hobby Search):
October 6 – A system administrator found traces of attacks from Korea and began investigating immediately. That night, we contacted an external security firm to investigate.
October 7 – The external examiners began investigations in the morning. We shut off our systems for emergency maintenance, reinstalled all server operating systems and software, re-examined security settings, and isolated the server.
Logs indicated that customer data had been sent out from our server to the address of an institution in Korea.
We contacted that institution by phone and email about this incident and confirmed that the data had been deleted. We believe that they were used as a proxy.
October 8 – We revised program, network, firewall, and client machine security and implemented an intrusion detection system.
October 12 – We contacted the credit card transaction handler and began discussions about the course of action.
October 20 – The external investigators concluded their investigations and determined which and how much data had been accessed.
October 28 – With the results of the investigation and cooperation of credit card companies, we are ready to handle customer correspondence and have sent out email notifications to the customers that may have been affected.
Further information can be found on Q&A page.
If you purchased items from Hobby Search prior to July 7, please check your credit card statement to ensure that there is no suspicious charges. If you do find suspicious charges, contact your credit card company as soon as possible.
Because of this incident, Hobby Search is no longer accepting credit card and it’s been suspended indefinitely, thus, I believe the only available option is PayPal. Now, the question is will you still buy from Hobby Search ? For me, I completely lost my trust in the company because I expected that something like this should never happen in the first place. I am going to cancel all my preorders with Hobby Search and going with HLJ or Amy Amy. It may sound harsh but it’s for the best.
Image via Google.