Bulk Reef Supply Security Breach

Ramble On Rose said:
A couple of those did a lot more than apologize and offer a year of fraud protection. I know I won't shop at BRS unless they do more than issue a statement and say they are sorry. They're not Home Depot, Target, etc... I can just as easily click on Premium Aquatics or other sites.
Click to expand...

They stated in their statement that they are going to offer the credit monitoring which is the same every other company has done.

The other companies did not do much else.


Seriously though there is not much a company can do when a hacker wants in. Even big banks have been hacked and they spend billions on security and have some of the most complex systems in the world. In today's day and age you have to almost expect it no matter where you shop and be an informed consumer who monitors their credit cards and accounts. Chances are if you were not impacted by this or previous breaches then you will be impacted by one in the future.
 
After having gone down this road a few times now, this - and I really hate to say it - is pretty much routine. A few hints on better ways to do business with what we have right now:
1. Talk with your financial institution about setting up a VISA debit card or somesuch that you will use *only*, and I mean *only* for online transactions. It should be a no-charge account, with no over-draft protection, backed by VISA's fraud protection, that you will fund from a different account at the same financial institution.
2. Whenever you set up an online purchase, opt out of "saving your credit card information" - this will not eliminate the risk (it didn't in my case this time), but it will decrease the risk if the vendor doesn't store your credit (debit) card information.
3. When you go to make a purchase, get all the way to the last step before sending off your order to get the final amount, including shipping and taxes, and then transfer that amount only into the debit account. With no extra funds in the account, any attempt at fraudulent transactions will immediately be bounced.
4. For those accounts paid automatically from a credit card, change them to the debit card and have the funds automatically transferred to the debit account from your regular account.
5. Review your account statements frequently for charges you didn't make. In this instance for me, again, it was an iTunes charge to "test the card". My bank is pretty familiar with this approach and quickly addressed the charge and issued a new card.
6. When you detect (notice I didn't say "if"?) fraudulent activity on your card, notify your financial institution immediately, calmly, and walk them through why you think it's a fraudulent charge. Ask for a new card, and go through the process of letting them know what your most recent charges were to that account. As it was *only used for online purchases* it should be pretty easy to go through both of these actions.

Now to start going through the list of companies that I do auto payments to with this card...
 
Just so that you guys are aware...

There was a huge glitch with Magento eCommerce sites that allowed an attacker to track and gather purchases.

I'm not sure if this is a platform that BRS uses or not but there were tons of companies effected by this.
 
itz frank said:
Just so that you guys are aware...

There was a huge glitch with Magento eCommerce sites that allowed an attacker to track and gather purchases.

I'm not sure if this is a platform that BRS uses or not but there were tons of companies effected by this.
Click to expand...

not the only ecommerce platform hack recently....
 
Target is an outlier since they were the first major breach, had their CC info improperly stored, and in doing so lost the CC info for almost every customer in that time frame.

It is a cost of being the first domino to drop.

No one else has offered anything to those impacted other then cheap monitoring services. I think MANY more people were impacted by the Home Depot breach for instance and they only gave monitoring.

Yes this is a pain but people need to remember that the retailer is also a victim in this. Demanding that they bend over backwards with offers and such is a bit extreme unless they were negligent which I do not think BRS was. Target however was in how they stored some of their CC info. Heck they did not even mask numbers in some instances on some DBs.
 
target also wasn't very forthcoming about the breach either. they had a badly bungled response, and were slow to take any corrective action.

when these types of breaches started, i held firm that i wasn't going to do business with companies that didn't properly protect my data. then, as time moved on, i realized that meant essentially not participating in the economy on any level.

and to echo what soulpatch said, many times the retailers are also victims here. you can have a reasonably secure system, take the normal precautions, and still become compromised in a variety of ways.

the old adage still holds true: locks are on doors only to keep out honest people.

a determined attacker will always find a way in.
 
Those of you freaking out are maybe a bit over the top. Welcome to 2015. Somehow you think reef stores are impervious to shenanigans. Give it a rest... at least they figured it out and can put an end to it. It effected me as well but I dealt with it like I dealt with it the past 10 times.

If it really is that big of a deal start using cash at your lfs and the local produce mart, I'm sure they would enjoy the business. I think you folks are overreacting and nobody actually lost money here but BRS. The consumer gets the money back. You lost some time and cool points.
 
I ordered 3 or 4 times from them over the time period of the security breach. But I paid through paypal. Am I safe since I went through paypal? That's why I always use paypal even though I pay with credit card because I don't usually trusts websites secure checkouts.
 
I would assume you are fine with paypal.

Vape, while it isn't cool it isn't odd considering over 100 million card numbers were stolen in the last year.
 
I think banks are only starting to get excited about this because up until the last few years the fraud activity was a small percentage of their revenue. They could pass the costs on in fees and charges. That's not the case anymore with these high value high volume heists. It's starting to eat too far into their profit and has become too large to pass on to consumers. So they are finally starting to do something about it. But it will be a long time, if ever, before retailers get it in gear. JMHO...
 
mmn said:
I think banks are only starting to get excited about this because up until the last few years the fraud activity was a small percentage of their revenue. They could pass the costs on in fees and charges. That's not the case anymore with these high value high volume heists. It's starting to eat too far into their profit and has become too large to pass on to consumers. So they are finally starting to do something about it. But it will be a long time, if ever, before retailers get it in gear. JMHO...
Click to expand...

Go back through this thread and see my posts as to how this is already changing this year.

The big banks while impacted by the fraud is not as much as you might think compared to previous years. Credit fraud has been at high levels for quite some time which is why there is constant monitoring by the banks and why your card gets a hold quickly when you travel.

Either way with the liability moving to the retailers (law before these massive attacks) starting this year we should all see some bigger changes coming in terms of our security with the retailers now being forced to spend more
 
I knew a guy who's job was to drive around, find medical offices, and see if he could get into their network and gain access to personal info. They didn't sell a cure, they just let people know they weren't in compliance. He said 90% of these places use consumer grade firewalls. This was in the late 90s. Now, everyone is hooked up and not a whole lot of people are wiser to the bad side of the internet.

I run a stack of servers as another hobby, I deal with !@# $%^&# frequently. The stuff we host (mostly old games that would likely be dead by now if we didn't host them) draws trolls like flies to fruit. I host in a very secure data center with extensive security and attack prevention measures. I have to take extreme measures simply due to the idiots out there looking to ruin good times.

The internet was not designed for e commerce. It's a security nightmare.
 
Last edited:
tkeracer619 said:
I knew a guy who's job was to drive around, find medical offices, and see if he could get into their network and gain access to personal info. They didn't sell a cure, they just let people know they weren't in compliance. He said 90% of these places use consumer grade firewalls.
Click to expand...

Just go to your local rite aid, cvs, or walgreens and take the trash from the can out front. So many people throw out their perscription bottles and papers even though they all have notices not to do it. So you can get a ton of info without doing anything...

Everything is all bliss and the world is a wonderful place until the underworld comes up and grab you. Then we as humans tend to blame the easiest target which is where we shopped or threw our trash away instead of the actual criminal.
 
Dumpster diving and social engineering will always be the most potent weapons for intrusion. Humans are the weakest link in any secure system.
 
Don't own a debit card and have only one credit card. Cash is still king. I love the commercials where the credit card company's make fun of the people that pay cash.
 
We need a better solution to online security...passwords and numbers aren't going to cut it.

I am liking Apple's approach to the whole thing more and more. Multi-layer encryption where each transaction has a unique card #. No stealing a number that only works once!
 
The solution with Apple works since it already has your card and can process it. An online retailer would not have that ability.

That also doesn't dave one from getting their addresses and name hacked since that is required for order and shipping.

What dinner are looking into is an app that would generate a gift card real time for use. You entered amount is sent to the gc and you use that number for checkout. Similar to Apple pay but with each institution separately
 
You must log in or register to reply here.

Similar threads

Mr. Brooks
FS: Activated Carbon - ROX 0.8 from Bulk Reef Supply - Roughly two gallons $60
Replies
6
Views
605
waterman78
W
B
Apex Pro Failure - Lack of Support from Apex
Replies
3
Views
82
reefing102
reefing102
C
Biota Group Captive Bred Mandarin Dragonet - 4 Month Update
Replies
3
Views
156
reefing102
reefing102
o2manyfish
o2manyfish - Status Update on 750g tank upgrade.
Replies
3
Views
585
acesq
acesq
W
White Mountain Floating Reef
Replies
17
Views
1K
Trevor40
Trevor40
Back
Top