MonoPrice Warning!!!!

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
I heard the warnings and didnt think anything of it until today.

If you didn't know MonoPrice has some serious issue going on. There are hundreds of reports of people posting online who have seen fraudulent charges after purchasing something with monoprice. I bough a mini display port to HDMI adapter and now I am also seeing purchases at online retailers for almost 500 dollars that I did not do.

If you did purchase from them check your bank account online.

This is a big issue and they still arent admitting that anything might have happened. Their company line so far is..

" Our outside investigators have continued to review log files from our Internet-facing servers. They have not found evidence of any successful attempts to penetrate our computer system."
 

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
I know it is old news

I searched other threads on here and didn't see anything about it. Thought I would let people on here know since it was an apple part that I bought.

And they aren't admitting anything even though hundreds of people are seeing the issue, they also took their site offline for a couple days.

They obviously have an issue and they need to come clean that they have an issue but are trying to track it down.
 

SilentPanda

Moderator emeritus
Oct 8, 2002
9,808
28
The Bamboo Forest
They've admitted they are investigating it and looking for the source of the leak if any.

I only knew about it because I went to their site a few days back to order some cables and saw their admission at the top of every page. I'm currently waiting until they take credit card orders again to place another order with them. They sell some cables I don't need right away and are a fair amount cheaper than anywhere else.
 

Hellhammer

Moderator emeritus
Dec 10, 2008
22,076
580
Finland
There is either a bug in their system or someone has hacked their servers and got access to CC numbers. I doubt that they would've done that with a purpose and because they can't find any evidence of that, it's probably a hacker
 

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
It just really sucks to wake up and find 500 dollars missing from your bank account. Makes me think I need to be more careful about buying things online. Hopefully this makes MonoPrice a better website with stronger security.
 

miles01110

macrumors Core
Jul 24, 2006
19,264
30
The Ivory Tower (I'm not coming down)
It just really sucks to wake up and find 500 dollars missing from your bank account. Makes me think I need to be more careful about buying things online. Hopefully this makes MonoPrice a better website with stronger security.
Why is it missing from your bank account? If you pay with a credit card you're not liable for any charges you didn't make. That's why debit cards suck... banks always give you a hard time about disputing charges with a debit card.
 

alent1234

macrumors 603
Jun 19, 2009
5,654
122
There is either a bug in their system or someone has hacked their servers and got access to CC numbers. I doubt that they would've done that with a purpose and because they can't find any evidence of that, it's probably a hacker

more like an employee downloaded customer data into an access db or excel. put it on a laptop or USB stick and lost it. or they had it emailed to them and lost their cell phone.

maybe they had an iphone and there was no security policy set up for them and they didn't have a lock code, etc?

most of these data thefts are very low tech
 

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
Why is it missing from your bank account? If you pay with a credit card you're not liable for any charges you didn't make. That's why debit cards suck... banks always give you a hard time about disputing charges with a debit card.
I paid with a Mastercard (debit card) that is linked to my checking account. The bank will refund the money but I have to wait for the items to clear my account first. Who knows how long that will be.

But yes, I also think it is probably some internal employee issue. I just wish they would admit that there is a problem, not the "we find no record of a breach"
 

mdgolom

macrumors 6502
Oct 26, 2006
318
0
But yes, I also think it is probably some internal employee issue. I just wish they would admit that there is a problem, not the "we find no record of a breach"
I agree. From what I've heard, it seems that this was an inside job. In cases like this, there are heavy fines imposed on the company by the credit card processor. Large companies like Monoprice are required to adhear to strict security policies for the protection of credit card data.
 

old-wiz

macrumors G3
Mar 26, 2008
8,318
221
West Suburban Boston Ma
I paid with a Mastercard (debit card) that is linked to my checking account. The bank will refund the money but I have to wait for the items to clear my account first. Who knows how long that will be.

But yes, I also think it is probably some internal employee issue. I just wish they would admit that there is a problem, not the "we find no record of a breach"
Exactly why I refuse to use debit cards. It is a huge hassle to argue with the banks about possible unauthorized charges. If you have a CC where you just pay them monthly, you can dispute and not pay anything. It is FAR easier to get a charge reversed than it is to get money back. Banks absolutely hate having to give money back. the CC people have much better skills at helping customers deal with fraudulent charges. With a bank, you can suddenly find your normal checks bouncing cause the fraud charges ate up your account. The banks don't really care if you get screwed.
 

007bond

macrumors 6502a
Dec 12, 2008
560
1
DFW, Texas
Thats why I use PayPal or Google Checkout with all online purchases except Amazon. It's safer since you have to authorize every transaction.
 

netnothing

macrumors 68040
Mar 13, 2007
3,639
283
NH
Thats why I use PayPal or Google Checkout with all online purchases except Amazon. It's safer since you have to authorize every transaction.
If you use Paypal (funded via a credit card), isn't that the safest way to buy online? Since the transaction to the merchant never exposes your credit card info....if you don't have any money in Paypal....then they can't do anything? Or can they trace back through Paypal to get the actual CC info?

I know for some sites I use Paypal with my credit card instead of directly with the credit card. I don't have any money in my Paypal account.

Just curious if this is safer or not.


-Kevin
 

Disc Golfer

macrumors 6502a
Dec 17, 2009
582
0
I have never had a problem with a debit card. Once "someone" bought something online using my debit card, no idea how they got the information as it's the one and only time it happened. I called my bank and they immediately refunded the charge and overdraft (as the charge was over my balance), issued me a new card and investigated the fraud. All I had to do was activate the new card. They gave me the impression that it would have been the same if I'd had a debit or credit card, as they're both backed by mastercard or however.
 

mward333

macrumors 6502a
Jan 24, 2004
526
5
Yikes! At first, when I saw the thread title, I thought that Monoprice was doing something really terrible.... but it sounds like just someone just stole some of their credit card numbers. That can happen with any company, of course. I'm glad that Monoprice is making this issue very clear on their website, and I hope that they are able to recover from it. Monoprice has some excellent quality items for rock-bottom prices. I've always been pleased with the items I bought from them in the past.

In this digital age, everybody has to keep an eye on the banking statements and credit card reports. It's just a fact of life.
 

rdowns

macrumors Penryn
Jul 11, 2003
27,345
12,408
I trust Monoprice and will shop with them again. I've bought from them maybe 5 or 6 times and price and service was always excellent.

As for online purchases, I would never use my debit card online. I have 3 credit cards, 1 kept hidden at home in case wallet is lost or stolen, 1 for online use and 1 for in-person use.
 

Music_Producer

macrumors 68000
Sep 25, 2004
1,631
0
If you use Paypal (funded via a credit card), isn't that the safest way to buy online? Since the transaction to the merchant never exposes your credit card info....if you don't have any money in Paypal....then they can't do anything? Or can they trace back through Paypal to get the actual CC info?

I know for some sites I use Paypal with my credit card instead of directly with the credit card. I don't have any money in my Paypal account.

Just curious if this is safer or not.


-Kevin
Yes, you get the benefit of dual protection - paypal plus your credit card. A lot of people don't use this to their advantage though, they simply pay with their bank account (via paypal) or a debit card. I don't even have a debit card anymore, I cancelled it since I never use it.
 

SilentPanda

Moderator emeritus
Oct 8, 2002
9,808
28
The Bamboo Forest
If I feel the site might be iffy I sometimes use my credit cards "ShopSafe" feature. It lets me log into my credit card site, create a temporary credit card number with a given amount on it that will expire in a predetermined amount of time. So if I buy something for $200 I can set the credit card to $200 and have it expire next month. Usually I'll set it a bit above the amount in case some preauths come through but usually not more than about $10 over. Then if another charge comes through on that card it will be declined due to the card being full.
 

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
Just an FYI

They are back online accepting credit cards again, but I would be cautious. They still won't even admit that something happened. They have rebuilt their hardware and installed a new software firewall. But they still seem to not know how customer data was compromised.

This is the response I just got from one of their reps.

CS - Gustavo P (Level 1): Our management team will be contacting customers who have contacted us regarding compromised information. There is no time frame on when they will be doing so. We are still currently working with forensic investigators to determine whether credit card information was stolen from our computer network.
you: What do you mean was stolen? Obviously it was.
CS - Gustavo P (Level 1): To date that has not been determined

This site was the only place I had used my card where it could be compromised, and many many other people online were posting about using monoprice and then their cards being used fraudulently online, so it isn't a question of If it happened, it is more of How, and Monoprice wont admit that. Even though they took their site offline and rebuilt all their hardware.
 

jpyc7

macrumors 6502
Mar 8, 2009
276
0
Denver, CO
Monoprice has a reputation for being a low-price leader. I wonder if they'll have to raise prices after this incident to pay for more/better security.
 

mxpx5678

macrumors member
Original poster
Feb 11, 2008
49
0
In fairness to monoprice

They have actually admitted that data was stolen now and will help out those that were affected (like me)

Notice

Information Regarding Apparent Theft of Credit Card Information from Monoprice

In early March 2010, we became aware that credit card information may have been stolen from our database server. The potential data theft may have affected customers who placed orders through our website from February 23 through March 5, 2010. Some customers who placed orders through our website and later canceled the orders after providing their credit card information may also have been affected.

When we became aware of this incident, we promptly took our website offline. We hired computer forensic investigators to help us examine our computer systems. Through this investigation, we were able to determine precisely what server was affected. We also notified local law enforcement of the theft.

We will send letters to each of the potentially affected customers with more details about the incident and services we are offering. We have engaged Kroll Inc., the world’s leading risk consulting company, to provide its ID TheftSmart™ comprehensive identity theft safeguards to those customers at our expense. If your credit card information was compromised by this incident, you will receive a letter within approximately one week to 10 days .

Before we put our website back online, we rebuilt our website using new hardware and software and strengthened the security measures we use to safeguard the credit card information. We are continuing to work with a security consultant to ensure that we are taking the appropriate steps to safeguard credit card information.

We truly apologize for any inconvenience and concern the apparent theft of credit card information from Monoprice has caused our customers.

Truly yours,

Jong S. Lee / CEO
 

alent1234

macrumors 603
Jun 19, 2009
5,654
122
Monoprice has a reputation for being a low-price leader. I wonder if they'll have to raise prices after this incident to pay for more/better security.

a lot of times it's lazy devs. one time our website was hacked, just some images and text replaced via sql injection. we had to fight with dev to get it fixed because rewriting some code is too much for people

and a lot of people have dev tools that are years old and refuse to use newer versions because they would have to learn something new