[Archived] Shopto

[Anti-Dingle-Brigade]

I was about to buy NFS: Undercover as it was fairly cheap (plus I had some spare credit on my account) from Shopto, but I've seen in a few places that it has been hacked twice recently, and quite a few people have had their cards cloned and whatnot. Should I stay away or play it safe and not purchase? They are adamant that it is sorted and people have said that it's fixed now, but some people are suggesting it's still a big risk. They could be scaremongering I suppose.

I know a few of you use Shopto so I just wondered if you had any advice?

[dazmaz]

hmm a tricky one,

have to say its the first iv heard... i would say that the people who have been hacked will have the most simple password they can think of (rovers for example)

they used to take paypal, do they still accept it? i cant remember

[Anti-Dingle-Brigade]

It's not a case of passwords, they lost the credit card details of a huge number of people. However, now they no longer store the card numbers on the database and I know I'm okay because I've changed card numbers since I last used Shopto.

But as I said, has anyone used Shopto recently or had any experience of a buggery nature?

[Cocker]

Read This - Shopto

By Tim Stevens — Mar 4th 2009 at 11:28AM

More Credit Card Numbers Exposed, Visa and MC Not Saying HowIt was just a few weeks ago that the world learned of the millions of credit card accounts compromised by Heartland Payment, an account processing clearinghouse that had its networks infiltrated by hackers for months before anyone noticed. Now we have word of another breach, but this one is more mysterious. While both of the companies involved are reluctantly admitting that some cards were compromised, neither is saying how many have been affected or where the leak occurred.

The story, largely founded on rumors at that point, was first picked up by security blogger Steve Ragan, who posted about the leak and mentioned the lack of information being provided by Visa and MasterCard, the two companies apparently affected.

Four days later, Visa confirmed the leak, but the company still refuses to indicate where the leak happened and how many accounts have been compromised.

So, right now, we're all in the dark regarding the details here, meaning, sadly, there's not much you can do, other than wait for a letter from your bank, indicating you're the lucky winner of a new credit card number.

http://www.switched.com/2009/03/04/more ... ght-lipp/4

He goes on to talk about a German article about the subject that was incorrect:

The German article have given us a lot of damage because unfortunately customers do not understand that a certificate is between our server and the customer browser, when you make a payment with your credit card Your browser with our server certificate will encrypt your card info's and then go to our bank and encrypt it back, so if your browser is old and you have a Trojan You will give the info's and not us...

All the old browser they can't encrypt at 128bit they will only go at 45-60bit therefore is much easy for a Trojan to take your card details, this why all the banks web site are recommending to update your browser as only the latest IE or Firefox are going with minimum of 128 - 256 bit.

We have also change now our certificate with "verisign" because 99% they will force your old browser to go at 128bit

(again from Tim Stevens) We are 110% sure that there is no problem with our system and is the most secure system you will find in internet.

My promise: I will be Happy to pay any losses they had if they can prove that was our fault rather than a forum making false accusations...

[Anti-Dingle-Brigade]

Yeah I'd read that thread which is why I was less worried about it. It turns out I can get NFS:U off a friend anyhow, but I'm reasonably confident about buying from there for other games now. Cheers for the help though.