Started By
Message
Bamastuff.com website hacked - Credit card info vulnerable
Posted on 1/25/12 at 2:25 pm
Posted on 1/25/12 at 2:25 pm
If you do business with Alabama Book Store online (Bamastuff.com) you may need to start cancelling your credit/debit cards. They got hacked and apparently a ton of personal information has been compromised.
I know it's long, but here is the email received about it.
THE BAD NEWS:
We are writing to inform you that there may have been illegal and unauthorized access to some of your information at Bamastuff.com including your name, e-mail address, billing and shipping address, phone number, credit card information and/or your cryptographically scrambled password (but not your actual password).
We are still investigating the server's log files to pinpoint exactly what was taken and how, but we suggest if you have not already taken action (due to prior bank notification) to cancel and/or change your credit or debit card associated with your order, to do so immediately. We have included the expiration date of that card below so you will know which one it is. While the majority of the cards are well past expiration, we wanted to be safe and alert everyone regardless of how old the data was. If you receive multiple emails, it is because you had multiple cards in the system for different orders. We are almost certain that orders placed after January 16th are not affected based on the access logs on the server. It appears to be a one time attack and we have taken numerous steps to fend off any future ones. We suggest those who placed their first order with us after 16th to monitor their bank statements for any fraudulent activities.
SECURITY MEASURES:
We are archiving old orders and deleting customer data from the system that have not placed an order with us since the start of the 2009 season. We will be deleting all associated records from those prior orders (customers, addresses and credit card information) as well.
We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Bamastuff.com will never ask you for personal or account information in an e-mail, ever. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information. We have upgraded and installed various security software to monitor future intrusions and locked the box down extremely tight. We are also working with our PCI compliance company and our server host to figure out where the attack originated and how to mitigate future attempts.
PLEASE CHANGE YOUR PASSWORD:
Please goto Bamastuff.com Account page sign in then click Password. We have taken the site down temporarily (the night Jan 24th) for upgrades, so if you can't reach it, try again later. Once there, if you can't login, DON'T FRET! We removed all orders older than August 1st, 2009 and then all customer and address information that no longer had an "active" order in the system. So if it says you don't exist, you haven't ordered since August 2009 and are no longer in our database. Even if you don't change the password on our site, if you use the same password on sites that have sensitive data, you might think about changing those.
We can't tell you how sorry we are this has happened and apologize for any inconvenience this has caused. We are still investigating to see how it happened and to figure out exactly what was taken but to err on the cautious side we wanted to inform you of this incident. Please let us know if you have any questions or concerns. We setup a special email address for questions at ccinfo@bamastuff.com.
I know it's long, but here is the email received about it.
THE BAD NEWS:
We are writing to inform you that there may have been illegal and unauthorized access to some of your information at Bamastuff.com including your name, e-mail address, billing and shipping address, phone number, credit card information and/or your cryptographically scrambled password (but not your actual password).
We are still investigating the server's log files to pinpoint exactly what was taken and how, but we suggest if you have not already taken action (due to prior bank notification) to cancel and/or change your credit or debit card associated with your order, to do so immediately. We have included the expiration date of that card below so you will know which one it is. While the majority of the cards are well past expiration, we wanted to be safe and alert everyone regardless of how old the data was. If you receive multiple emails, it is because you had multiple cards in the system for different orders. We are almost certain that orders placed after January 16th are not affected based on the access logs on the server. It appears to be a one time attack and we have taken numerous steps to fend off any future ones. We suggest those who placed their first order with us after 16th to monitor their bank statements for any fraudulent activities.
SECURITY MEASURES:
We are archiving old orders and deleting customer data from the system that have not placed an order with us since the start of the 2009 season. We will be deleting all associated records from those prior orders (customers, addresses and credit card information) as well.
We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Bamastuff.com will never ask you for personal or account information in an e-mail, ever. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information. We have upgraded and installed various security software to monitor future intrusions and locked the box down extremely tight. We are also working with our PCI compliance company and our server host to figure out where the attack originated and how to mitigate future attempts.
PLEASE CHANGE YOUR PASSWORD:
Please goto Bamastuff.com Account page sign in then click Password. We have taken the site down temporarily (the night Jan 24th) for upgrades, so if you can't reach it, try again later. Once there, if you can't login, DON'T FRET! We removed all orders older than August 1st, 2009 and then all customer and address information that no longer had an "active" order in the system. So if it says you don't exist, you haven't ordered since August 2009 and are no longer in our database. Even if you don't change the password on our site, if you use the same password on sites that have sensitive data, you might think about changing those.
We can't tell you how sorry we are this has happened and apologize for any inconvenience this has caused. We are still investigating to see how it happened and to figure out exactly what was taken but to err on the cautious side we wanted to inform you of this incident. Please let us know if you have any questions or concerns. We setup a special email address for questions at ccinfo@bamastuff.com.
8
Posted on 1/25/12 at 2:26 pm to Lombardi44
lol
Posted on 1/25/12 at 2:27 pm to hg
Not using THAT site anymore! 
Posted on 1/25/12 at 2:27 pm to Lombardi44
Good thing I don't shop on bamastuff
Posted on 1/25/12 at 2:28 pm to Lombardi44
Dear Lord, TLDR
Posted on 1/25/12 at 2:28 pm to Lombardi44
nb4madlsufan
Posted on 1/25/12 at 2:30 pm to dkreller
quote:
nb4madlsufan
quote:
dkreller
You seem to be here
Posted on 1/25/12 at 3:22 pm to Lombardi44
Thank you hackers
Posted on 1/25/12 at 3:25 pm to Lombardi44
Butthurt corn dog trying to get the money he lost on the game back
Posted on 1/25/12 at 3:28 pm to Lombardi44
am i gonna be the first one to say the criminals in question made a huge tactical error when they decided to steal credit cards from the Alabama fan base of all choices?
Posted on 1/25/12 at 3:28 pm to Lombardi44
Bamastuff.com is the site that had all the save harvey stuff. I hope they got every cc number on that site and max them out.
Posted on 1/25/12 at 3:30 pm to Damn Good Dawg
quote:For real. They should have went for UGA. They havent had to buy NC gear in a long time
am i gonna be the first one to say the criminals in question made a huge tactical error when they decided to steal credit cards from the Alabama fan base of all choices?
Posted on 1/25/12 at 3:30 pm to NYCAuburn
That rig should be outlawed.
Posted on 1/25/12 at 3:36 pm to NBamaAlum
quote:
That rig should be outlawed.
A guy I know makes and sells them online. He's sold so many that he could do it as a full time job right now.
Its a genius configuration, and its not uncommon for a fisherman to land multiple fish on a single cast...
Posted on 1/25/12 at 3:48 pm to DvlsAdvocat
quote:
He's sold so many that he could do it as a full time job right now.
No doubt.
quote:
Its a genius configuration
Yep, hard to cast...but kills 'em if trolled.
quote:
and its not uncommon for a fisherman to land multiple fish on a single cast...
A guy caught a 12lbs largemouth on the upriver side of Guntersville Dam the other day...I've heard reports of folks landing 6-8 lbs 2 a two at a time on the damn thing.
Like anything else, ADCNR will have a reaction...and someone will do what happened in Tennessee. They outlawed the 5 piece Bama Rig, and a guy is selling 3 piece ones named Tennessee Rigs.
Page 1 of 1
Popular
Back to top
Follow SECRant for SEC Football News