Unprofessional, serious lack of security

[ghidu]

I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

 

[Sheepathon]

pack a bowl and relax...

 

[sixone]

Originally posted by: ghidu
I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

Pitch a fit with the company who sent you the e-mail. Seriously, if they did it to you, they're doing it to how many thousand other customers? After you have your account number changed, of course.

Better safe than sorry.

 

[ghidu]

Originally posted by: sixone

Originally posted by: ghidu
I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

After you have your account number changed, of course.

Better safe than sorry.

wouldn't be easier to change the credit card number? I realy don't know much about banking, my wife works in a bank and takes care of everything related to this.

Originally posted by: Sheepathon
pack a bowl and relax...

That's something similar to what my wife said. Unfortunately it's not that simple and I agree with sixone

 

[deadlyapp]

Everyone I've ordered through blanks all numbers but the last four on any card.

Toss them a nasty email if they didn't do that in your confirmation email.

 

[sixone]

Originally posted by: ghidu

Originally posted by: sixone

Originally posted by: ghidu
I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

After you have your account number changed, of course.

Better safe than sorry.

wouldn't be easier to change the credit card number? I realy don't know much about banking, my wife works in a bank and takes care of everything related to this.

I meant your CC account number, sorry I wasn't clear. Do you mind outing the company you ordered from?

 

[alkemyst]

Originally posted by: sixone

Originally posted by: ghidu

Originally posted by: sixone

Originally posted by: ghidu
I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

After you have your account number changed, of course.

Better safe than sorry.

wouldn't be easier to change the credit card number? I realy don't know much about banking, my wife works in a bank and takes care of everything related to this.

I meant your CC account number, sorry I wasn't clear. Do you mind outing the company you ordered from?

if it's a debit card, you will need a new account to be safe...it's like checks, putting a stop payment is not 100%.

I'd be absolutely pissed though with my CC being fully sent through email.

 

[vegetation]

Contact your credit company they are blatantly spreading your card number all over the internet (which is true with email). They'll take action.

 

[ghidu]

Originally posted by: sixone

I meant your CC account number, sorry I wasn't clear. Do you mind outing the company you ordered from?

Of course not. Like I said, it's unprofessional.

 

[ghidu]

Originally posted by: vegetation
Contact your credit company they are blatantly spreading your card number all over the internet (which is true with email). They'll take action.

That's also good advice vegetation, I'll do that.
I knew that I came to the right place 😉

 

Originally posted by: ghidu

Originally posted by: sixone
I meant your CC account number, sorry I wasn't clear. Do you mind outing the company you ordered from?

Of course not. Like I said, it's unprofessional.

So do it! What company was it? Or was the company name "Unprofesssional, Inc."? If it was, that should have been your first clue. 😛

 

[Mo0o]

Better go destroy your credit card now

 

[ghidu]

Ok, my credit card company won't do a thing because "every online shop sends confirmation in different ways" and they can help me only if someone else uses my card and they don't recommend me to change the number.
I just called the company I ordered and they told me that they're sending confirmation emails in this format for 4 years with no problems because their SMTP server is secured with SSL128.
Now I realy think I'm paranoid, because every one I called seemed to disagree with me.

 

[EyeMWing]

Originally posted by: deadlyapp
Everyone I've ordered through blanks all numbers but the last four on any card.

Toss them a nasty email if they didn't do that in your confirmation email.

I see a few that blank all but the FIRST four. That always makes me giggle.

"Wow, I wonder which Visa I used..."

 

[gsaldivar]

Fire up Google and lookup the CEO's of both companies. Send a LETTER* to the CEO of your credit card company, and a LETTER* to the CEO of the company you ordered from, describing your disappointment with the way your personal information was handled.

Then, request that your CC company reissue you a new card number, or better yet - cancel the account and take your business to a company that cares about its customers. Write up info on the incident on resellerratings.com so other people can avoid running into problems in dealing with that company. :thumbsup:

It's YOUR money, YOUR credit rating, and YOUR privacy. If YOU don't step up to the plate and demand what is rightfully yours, nobody else will...

* Mark your envelope with the words URGENT and CONFIDENTIAL to prevent them from being opened and screened before they reach senior management. :thumbsup:

 

[Kadarin]

Originally posted by: ghidu
Ok, my credit card company won't do a thing because "every online shop sends confirmation in different ways" and they can help me only if someone else uses my card and they don't recommend me to change the number.
I just called the company I ordered and they told me that they're sending confirmation emails in this format for 4 years with no problems because their SMTP server is secured with SSL128.
Now I realy think I'm paranoid, because every one I called seemed to disagree with me.

LMAO!

Just call the cc company and tell them you lost your card. Unless you are using PGP or some equivalent (if you do not know what that is, then you are not using it), your email was sent in cleartext.

 

[ghidu]

Originally posted by: EyeMWing
"Wow, I wonder which Visa I used..."

LOL... that's what I thought when the guy from the online shop told me that they send the whole number so the buyer would have all the data.

Originally posted by: gsaldivar
Fire up Google and lookup the CEO's of both companies. Send a LETTER* to the CEO of your credit card company, and a LETTER* to the CEO of the company you ordered from, describing your disappointment with the way your personal information was handled.

Then, request that your CC company reissue you a new card number, or better yet - cancel the account and take your business to a company that cares about its customers. Write up info on the incident on resellerratings.com so other people can avoid running into problems in dealing with that company. :thumbsup:

It's YOUR money, YOUR credit rating, and YOUR privacy. If YOU don't step up to the plate and demand what is rightfully yours, nobody else will...

* Mark your envelope with the words URGENT and CONFIDENTIAL to prevent them from being opened and screened before they reach senior management. :thumbsup:

Thanks for the idea gsaldivar I will write a letter because I learned that sending emails won't do any good (maybe the email isn't even reaching its destination).
I don't know if I will get the CEO to understand because the general idea is that "everything is how it should be"; and every company has the same atittude.
I'm sick and tired of this kind of behavior. I moved to Israel about 4-5years ago and this sh*t happens all the time: bad service, bad support, lousy products and high prices.

Originally posted by: Astaroth33
LMAO!

Just call the cc company and tell them you lost your card. Unless you are using PGP or some equivalent (if you do not know what that is, then you are not using it), your email was sent in cleartext.

I know little about SMTP/POP3 activity so I wanted to belive that guy, but know I'm pissed. How would he lied to me saying that the email is secured, if there were no problems until now? Now I remember... the sender and receiver should both have SSL128, public key infrastructure, a way to read the hash....

 

[Nocturnal]

Originally posted by: gsaldivar
Fire up Google and lookup the CEO's of both companies. Send a LETTER* to the CEO of your credit card company, and a LETTER* to the CEO of the company you ordered from, describing your disappointment with the way your personal information was handled.

Then, request that your CC company reissue you a new card number, or better yet - cancel the account and take your business to a company that cares about its customers. Write up info on the incident on resellerratings.com so other people can avoid running into problems in dealing with that company. :thumbsup:

It's YOUR money, YOUR credit rating, and YOUR privacy. If YOU don't step up to the plate and demand what is rightfully yours, nobody else will...

* Mark your envelope with the words URGENT and CONFIDENTIAL to prevent them from being opened and screened before they reach senior management. :thumbsup:

:thumbsup:

Could not have said it any better than this guy.

 

[gsaldivar]

Originally posted by: ghidu
I don't know if I will get the CEO to understand because the general idea is that "everything is how it should be"; and every company has the same atittude.
I'm seek and tired of this kind of behavior.

The key to writing an effective letter of this type is to be honest, consise and to-the-point. I would Google some articles that demonstrate how e-mail servers can be compromised and the contents of plaintext e-mail "farmed" for useful personal information like credit card numbers, addresses, names, etc. Include a copy of the article with the letter, demonstrating that your concerns aren't unfounded.

Example:
http://www.ciphertrust.com/resources/articles/articles/ssl.php

You can send copies of the letter and any replies you receive (positive or negative) to local newspapers, TV stations, etc. in an effort to promote the point you are trying to make. It might even be useful to STATE in your original letters that you intend to involve local media in the issue if you don't receive a satisfactory resolution from both companies. :thumbsup:

 

[ghidu]

Originally posted by: gsaldivar
You can send copies of the letter and any replies you receive (positive or negative) to local newspapers, TV stations, etc. in an effort to promote the point you are trying to make. It might even be useful to STATE in your original letters that you intend to involve local media in the issue if you don't receive a satisfactory resolution from both companies. :thumbsup:

Actually, I worked for more than 2 years at a local newspaper so that won't be a problem.
So to be sure, there is no way the email could have been sent encrypted.

 

[jjones]

Originally posted by: Astaroth33

Originally posted by: ghidu
Ok, my credit card company won't do a thing because "every online shop sends confirmation in different ways" and they can help me only if someone else uses my card and they don't recommend me to change the number.
I just called the company I ordered and they told me that they're sending confirmation emails in this format for 4 years with no problems because their SMTP server is secured with SSL128.
Now I realy think I'm paranoid, because every one I called seemed to disagree with me.

LMAO!

Just call the cc company and tell them you lost your card. Unless you are using PGP or some equivalent (if you do not know what that is, then you are not using it), your email was sent in cleartext.

Exactly. Encrypted my ass. If it's not being sent PGP then it's not encrypted.

Get your card number changed by telling the credit card company you lost your card and then never do business with this company again. There is absolutely no need whatsoever to send the complete card number in an e-mail confirmation. Most companies, if they include that information at all, will x out all but the last 4 numbers.

 

[andy9o]

Originally posted by: ghidu

Originally posted by: EyeMWing
"Wow, I wonder which Visa I used..."

LOL... that's what I thought when the guy from the online shop told me that they send the whole number so the buyer would have all the data.

Originally posted by: gsaldivar
Fire up Google and lookup the CEO's of both companies. Send a LETTER* to the CEO of your credit card company, and a LETTER* to the CEO of the company you ordered from, describing your disappointment with the way your personal information was handled.

Then, request that your CC company reissue you a new card number, or better yet - cancel the account and take your business to a company that cares about its customers. Write up info on the incident on resellerratings.com so other people can avoid running into problems in dealing with that company. :thumbsup:

It's YOUR money, YOUR credit rating, and YOUR privacy. If YOU don't step up to the plate and demand what is rightfully yours, nobody else will...

* Mark your envelope with the words URGENT and CONFIDENTIAL to prevent them from being opened and screened before they reach senior management. :thumbsup:

Thanks for the idea gsaldivar I will write a letter because I learned that sending emails won't do any good (maybe the email isn't even reaching its destination).
I don't know if I will get the CEO to understand because the general idea is that "everything is how it should be"; and every company has the same atittude.
I'm sick and tired of this kind of behavior. I moved to Israel about 4-5years ago and this sh*t happens all the time: bad service, bad support, lousy products and high prices.

Originally posted by: Astaroth33
LMAO!

Just call the cc company and tell them you lost your card. Unless you are using PGP or some equivalent (if you do not know what that is, then you are not using it), your email was sent in cleartext.

I know little about SMTP/POP3 activity so I wanted to belive that guy, but know I'm pissed. How would he lied to me saying that the email is secured, if there were no problems until now? Now I remember... the sender and receiver should both have SSL128, public key infrastructure, a way to read the hash....

its not that they lie to you, its that they're stupid and repeat whatever someone else told them before.

 

[rh71]

did you tell us which company this was yet ?

 

[moshquerade]

Originally posted by: ghidu
I ordered today some stuff for PC and when I got the confirmation email I see all my data, INCLUDING my entire credit card number, ID number, everything. It's one thing to send your credit card number through SSL128 and another to get it not encrypted through SMTP/POP3.
It's not the first time I order online, but this is the first time that something like happens.
What should I do? Should I be mad, panic or let it go(it's nothing).

i would make the company aware of this and that you find it unacceptable.

also, use a credit card with virtual numbers for all online purchases.

 

[ghidu]

Originally posted by: moshquerade

also, use a credit card with virtual numbers for all online purchases.

I don't know what's a CC with virtual numbers.

Originally posted by: rh71
did you tell us which company this was yet ?

As I stated before I live in Israel for almost 5 years and I don't think there are many israelians in here, but OK. The translation is Noa Computers and their address Noacomp

Originally posted by: andy9o
its not that they lie to you, its that they're stupid and repeat whatever someone else told them before.

Originally posted by: jjones
Exactly. Encrypted my ass. If it's not being sent PGP then it's not encrypted.

Too bad I didn't do my homework before I called so I could "b*tch slap" that guy