Breech of security - someone got my credit card number

Discussion in 'macOS' started by wbhambone, Jul 30, 2005.

  1. wbhambone macrumors member

    Jan 26, 2005
    Hope you guys can follow...I'm really stumped by this and am looking for a little insight.

    On the evening of the 21st I placed an order for photos through iPhoto. I have one-click ordering turned on, so it was a quick process.

    Then, on the 27th I received a phone call from a web hosting company. They called to ask if I had any questions regarding my recent hosting package purchase. Problem is - I never ordered a web hosting package from this company, or any company for that matter. This company had my name, address, phone number, credit card number...everything. My credit card was charged $119 for the web hosting package. Needless to say, I had the service rep kill the package purchase as fraudulent. I hung up with him and called the credit card company to cancel the account to prevent any other purchases.

    So, what does this have to do with my mac. Well, I've not lost my credit card, it's never left my side, which means someone got my information through some online purchase. The only purchase I've made through any online system is through iPhoto. All the information that I have for my Apple ID account is the same that the guy had from the web hosting company.

    So this means one of two things:
    - iPhoto is not a secure method for ordering photos.
    - I have some type of infection on my system (spyware, etc) that has captured my info. I find this to be highly unlikely but it's the only thing I can think of.

    System specifics:
    - OS X 10.4.2
    - 15" PB (Rev. D)
    - browser: Firefox 1.0.4
    - SBC Yahoo DSL (2Wire DSL modem - firewall turned on)
    - Linksys WRT54G wireless router (firewall turned on)

    Any thoughts about how this could possibly happen. Are iPhoto purchases secure...should I be looking somewhere else for how my info was stolen.

    I'm at a complete loss as to how this could happen.

  2. iGary Guest


    May 26, 2004
    Randy's House
    They can grab your purchase through any number of means - doesn't have to be online.
  3. CanadaRAM macrumors G5


    Oct 11, 2004
    On the Left Coast - Victoria BC Canada
    Your pizza delivery person has your home address, phone number, name, credit card number, expiry date and security code. What else would they need -- they're in business.
  4. grapes911 Moderator emeritus


    Jul 28, 2003
    Citizens Bank Park
    This may or may not apply to you:

    It is very rare for credit card info to get stolen over the net (unless you enter your info in a non secure site) Most times the info is stolen from human contact. ie) Sales clerk copies/remembers you number, fraudulent card reader placed over real card reader, and so on.

    While your card may have been stolen over the net (and many signs point to iPhoto), I'd bet it was from something else.

    Sorry I can't be more helpful.
  5. wbhambone thread starter macrumors member

    Jan 26, 2005
    Thanks for the responses.

    What makes this crazy is that when the web hosting company called they asked to speak with me over the phone by using my shortened middle name (Brad). This is what I go by. My credit card, though, has my first name. He had that name as well.

    Whoever got my information knows that I go by Brad but have another name on my credit card.

  6. rkristich macrumors member

    Jul 27, 2005
    Punta Gorda, Florida
    While iPhoto may be the culprit, it's more likely that someone working in a brick and mortar store/restaurant stole your number, as grapes911 said.

    In my town a few years back, a waiter at Applebees was copying down all the info from customer's credit cards and putting fradulant purchases on the cards. It wasn't too hard for him to get addresses and phone numbers, he would just look up the person's name in the phone book.

    Cancelling the account asap (as you did) is the best thing you can do after you've found out your number and info is in somebody else's hands. Hopefully there's a way for the credit card company or even the web hosting company to find out who used your credit card, but even if he/she is not caught, at least you didn't lose any money.

    Edit: Just saw that you responded while I was replying to the post. That is very strange that the company knew what name to call you, and possibly points even more to someone locally who knows (or overheard) that you do not go by your first name.
  7. pubwvj macrumors 68000


    Oct 1, 2004
    Mountains of Vermont
    It does happen though. It happened to me. I know because I mistakenly gave the wrong card exp date with an online purchase. I then realized the error and corrected it. Meanwhile, someone at the vendor tried to use my card to make a purchase at another online store. Fortunately my credit card company caught the strange purchase that was being made since it didn't match my buying patterns. The credit card security department called me to check to see if the fake purchase was valid. No it wasn't. They cancelled the now insecure card and sent me a new card by FedEx.
  8. alex_ant macrumors 68020


    Feb 5, 2002
    All up in your bidness
    Corporations pretty much know everything about you. There's no way to avoid it. If a particular corp only has partial information, they will acquire the rest from a vast network of other corps and cross-reference to get the rest. Anything in their database will stay there forever. If you have a social security #, you are owned. The only thing to do is live with it and use what power you do have to make sure that information is not abused (i.e. calling the credit card company when you notice fraudulent activity).
  9. Over Achiever macrumors 68000

    Over Achiever

    Jul 22, 2002
    Toledo, OH, formerly Twin Cities, MN
    Speaking of identity theft, I was foolish enough to click on a fake link and "logging in" into E-bay, after which I realized that address bar was an IP address. Blah x_x

    At least I didn't give my credit card info.
  10. pdpfilms macrumors 68020


    Jun 29, 2004
    What's strange to me about this is the fact that they knew your name, and for the following reasons.
    Firstly, why would someone committing identity theft bother to find out the commonly used name of their victim? Secondly, why would they bother to use it? One could easily do the job by using legal names... an online store is more likely to have issues with the transaction if the name doesn't match up with the legal name.

    This is very odd to me... Makes me think it was either an amateur theft or someone who may be relatively close to you.

    On the other hand, were you able to get any information from this web hosintg company? Domain name, IP addresses... anything?
  11. wbhambone thread starter macrumors member

    Jan 26, 2005
    I was able to get the registered domain name from the hosting company. The only bogus thing given when buying the hosting package was the email address the theif gave (some aol address).

    I plan to call them back on Sunday (the hosting company) to see if I can get anything else out of them.
  12. Chip NoVaMac macrumors G3

    Chip NoVaMac

    Dec 25, 2003
    Northern Virginia
    There was a report today on the radio that credit card companies are having security issues with the off-shore support centers they are using.

    Add to that my own tail of woe. Some of you all may have followed the saga of the split of my ex and I, of 12+ years.

    Long story, short (hopefully), is that my ex had been between jobs and had health issues that in the end ran deeper than what I thought or was told.

    On April 15th I told him that he needed to find a new place to live. He had indicated that he saw it coming, and decided to move to Florida. It was about a week and a half later that he was ready to make the trip to Florida. I was truly concerned about a long distance trip, since I had been paying the bills for the household for awhile. He told me not to worry, for he was resourceful.

    Add to that I had started my move to a new place and selling of my TH. Fast forward a bit to about two weeks ago. I was finally forwarded by the USPS my May XXXXXXXX VISA statement. There were charges that I did not make.

    Sad to say, those charges were for food and items that I questioned at the time on how he was able to afford them.

    In talking with the Fraud Department, I found out that some were done by key entry - but many of them were done by the actual Credit Card. This is an issue in that only two cards were ever sent by the Credit Card company. One that expired, and the other I held in my hands as I was talking with the Credit Card company.

    Some here may remember how distraught I was over "news" that my ex and our dog Chewey were homeless for a week and half. The concern I and the rest of you had was missed place. My ex was never homeless. He was in motels across the south on my credit card!

    Some of you may wonder how this is possible. Evidently there is a process of credit card cloning. And that is what he did.

    Not to worry, I had fraud protection. And the Credit Card company and I will pursue any avenues needed.

    I share this tale for everyone to realize that they can be subject to credit or indenty theft. Even from those that they had trusted. For in my case after 12+ years, I would have never expected my ex to stoop so low.

    Another thing I learned was that the credit laws protect the credit card companies, not the consumer. Between all of the above, I was denied credit because he had placed me as an "authorized user" on one of his credit cards - all without my knowledge or authorization! I had to do battle do battle with the GM Master Card because of their failure to protect the consumer!

    IMO it is all about the money. Credit companies are not truly concerned about the average consumer. Not unless we sign up for their "credit protection" plans. Debt that is no longer collectable by state or federal law is bought and sold on a regular basis. Many are forced to pay a debt that legally they no longer owe.

    New federal laws allow the consumer over the next year or so to get annual reports on their credit activity. i would suggest spending the money to make sure you are safe - until the politicians can get their hand out of the credit companies deep pockets.
  13. MUCKYFINGERS macrumors 6502a


    Jun 7, 2005
    This crap happened to my mom before. I think a girl at a local supermarket or a restaurant made about $1,400 or more in fraudulent purchases that were to be shipped to Mexico. The good thing about credit card companies, though, is that they pretty much trust you when you tell them that your account has been hacked and someone is making fradulent purchases.
  14. Chip NoVaMac macrumors G3

    Chip NoVaMac

    Dec 25, 2003
    Northern Virginia
    In my case my ex got away with $2400 in fraud charges. To add insult to injury, he stopped using the card when it was maxed out. And began using it again when I made a major payoff.The card issuer so far has been great in getting it corrected.

    Still hurts though.....
  15. MUCKYFINGERS macrumors 6502a


    Jun 7, 2005
    At least things worked out though :)
  16. Mechcozmo macrumors 603


    Jul 17, 2004
    Sucks to hear about your ex and everything. Hope it all works out in the best for you and your ex should find a new source of blood to suck. Good news is that he's now a criminal, if that makes you feel any better. Which probably doesn't, seeing as you helped him out for a bit.

    Companies don't give a crap about who gets them their money, they just care that they get it. That's the bottom line...

    This line is the bottom one in my post however. ;) :rolleyes:
  17. Chip NoVaMac macrumors G3

    Chip NoVaMac

    Dec 25, 2003
    Northern Virginia
    After 12+ years I have been through the emotions so far. Pity that he felt the need to go this low, anger that he treated me this way in the end, vengeance wanting to see his ass nailed to a cross. compassion that his life had entered into such a low point that this was his only way out.

    This does not yet to begin to tap the depth of emotions in the preceding year and all that we had gone through. Betrayal is another word that comes to mind.

    Believe it or not, I still have deep concern for his well being at this point too. There are times that I wonder who truly needs help, me or him.

    But in the end do not worry about me. Last week's trip to SF was what I needed. 1000 pictures taken (I am a photographer) and no real party going on (too old for that I guess at 47 now).

    If there is anything that bothers me most, is wondering how our dog Chewey is doing at this point in time. And I might et call the Vet that he took Chewey to while they were "homeless".

    For I now realize that Chewey loved me unconditionally. Did not matter whether there were good times or bad. All that mattered was the time we had together.

    As to my ex, it hard to look at each charge and try to make sense of it. The week before he left for Florida it was a case of of seeming "normal". While he was on the road, it was a need for "survival". After he came back, there was no rhyme or reason.

    The breakdown of the charges prior to his departure was for "fast" food and the such. While he was on his way to Florida it was a mixture of food, lodging,and medical care for Chewey. Once he got back to the DC area things got strange. Movie tickets for two. About $200 in one day to Giant Food, in 5 to 6 separate charges.

    One point that I did not mention, is that in my last conversation with is Mom - he his terminally ill according to her. And in no small way, I am trying find excuses for all that has happened.
  18. Mechcozmo macrumors 603


    Jul 17, 2004
    Neat about the photography thing. I term my self a professional amateur. Love my PowerShot S2 IS for not being an SLR but doing amazing stuff.

    Well... life is terminal. I guess. Some people can't see what is really happening, but it is sad that it is his mother.

    Hmm.... I think this is a good time to say:
    "This is a thread jacking. NOBODY MOVE! We will continue on our present course until the moderating police take us down. But don't worry... the thread jackers shall strike again!
  19. Chip NoVaMac macrumors G3

    Chip NoVaMac

    Dec 25, 2003
    Northern Virginia
    Sorry, wasn't trying to thread jack. I thought I had tried to stay on course, but personal experiences sometimes get in the way.

    For those of us that have had credit fraud committed upon, it is surprising how easy some of it is for the thiefs.
  20. superbovine macrumors 68030


    Nov 7, 2003
    order your credit report now, and order your credit report in 3 months. if they got you credit card, and know personal information stands to reason they know enough about you to open a line of credit.
  21. Mechcozmo macrumors 603


    Jul 17, 2004
    I know you weren't trying to jack the thread. I helped too, if you notice. All in the fun of something or other.
  22. GoCubsGo macrumors Nehalem


    Feb 19, 2005
    The majority of the time ID Theft or Theft such as this is caused by a close friend or family member.

    I can find the actual number for you, but you get my drift.

  23. Makosuke macrumors 603

    Aug 15, 2001
    The Cool Part of CA, USA
    I didn't see anybody in this thread mention the fact that several million credit card numbers and accompanying information were exposed recently, and that left a LOT of people who'd never even shopped online with fraudulent charges. I have a friend who had to cancel a JAPANESE Visa card because of that blunder, and though most people were informed, it's possible this incident was in some way connected.

    On the other hand, the middle name thing sure sounds like an "inside job" to me--have any unruly kids or anything? The keylogger/spy seems unlikely (few exist for OSX); more likely would be your computer got used by someone else or hacked into directly, but the latter is unlikely, too.

    One comment on online security: There are only three ways I know of that online cards actually get stolen: Unsecured wireless connections, sending the info in the open (certainly not the case with any decent e-shop), or the store gets hacked, and the third is BY FAR the most likely (it's happened to me at least once). In this case, that's not going to be it, or it'd probably be a bigger deal and more folks here would be having the same experience.
  24. Abstract macrumors Penryn


    Dec 27, 2002
    Location Location Location
    Oh true. I never thought of it that way. :mad:
  25. mpw Guest

    Jun 18, 2004
    All you have to do is go to a post box and check the name on the post, you now have name and address. The white pages give you a tel. no. which you ring and it's "Hi, Brad's not home right now..." which gives you the name your victim goes by. Of course take someone garbage and you'll probably find a few old recipts with card numbers maybe even a statement with transactions etc. it's really not that hard.

    I also know a good way of reading others web based email systems which I used once when I wasn't thinking but really need to contact someone. I 'hacked' into his mail account and checked his user profile from a coffee shop PC. It's not certain to work but that I could do didn't exactly make me feel safe.

Share This Page