Geeks.com Hacked
January 08, 2008 | by Christopher Nickson
They sell tech gear, they're certified hacker-safe, but they've been forced to admit that their e-commerce site was hacked last month.
Post Your Comment...Comments
ScanAlert on Jan 9th, 2008 at 8:17 AM:
ScanAlert's Reply:
The allegation that Geeks.com was hacked while it was certified HACKER SAFE is false and misleading, and does not match the facts provided by Geeks.com to its customers. So far, no one knows exactly what happened, or whether this breach occurred on the web site or somewhere else. There is no evidence that this web site was hacked while it was certified HACKER SAFE. In fact, all of the information that ScanAlert has gathered so far indicates that this breach did not happen while Geeks.com was certified HACKER SAFE.
ScanAlert on Jan 9th, 2008 at 8:17 AM:
ScanAlert's Reply:
The allegation that Geeks.com was hacked while it was certified HACKER SAFE is false and misleading, and does not match the facts provided by Geeks.com to its customers. So far, no one knows exactly what happened, or whether this breach occurred on the web site or somewhere else. There is no evidence that this web site was hacked while it was certified HACKER SAFE. In fact, all of the information that ScanAlert has gathered so far indicates that this breach did not happen while Geeks.com was certified HACKER SAFE.
Matt on Jan 11th, 2008 at 7:39 AM:
What bothers me is that their staff didn't email everyone warning them that this happened. I have been a loyal customer for years now and I didn't receive one either.
Having your site hacked unfortunately is sometimes part of doing business online, but to not inform ALL your customers that it happened is in my opinion criminally negligent. Shame on you Geeks.com!
Not Notified by Geeks.com on Jan 15th, 2008 at 3:13 PM:
I've also been a loyal customer for years as well as a GEEKS' affiliate, sending new customers to their website. I did not receive any word from Geeks regarding the hack or the risk to my financial information. I DID receive more than 10 marketing emails from Geeks over the past month since the website hack so I'm pretty certain they have my email address.
Today I learned from my bank that one of my credit cards was recently compromised "in connection with a website that is now undergoing a fraud investigation". This particular credit card is less than 12 months old, is -rarely- used for online purchases but happened to have been used for a GEEKS purchase in November. Not a word to me from GEEKS, though. Maybe they were hoping I'd not notice the fraudulent charges that started appearing today? Lucky for me my bank spotted those charges and gave me a call.
As if failure to notify customers wasn't bad enough, it seems that GEEKS stored customers' CVV2 card verification numbers -- the special 3-digit numbers on the backs of VISA cards that merchants are ABSOLUTELY NOT supposed to keep as expressly stated by VISA in their merchant agreement.
If GEEKS.COM wants to retain some level of customer trust, GEEKS needs to inform ALL of their customers of the hack, the resulting risk and how GEEKS is going to fix things. And a "We're sorry" probably wouldn't hurt, either...
Comment on this article
Please keep your comments relevant to this article. Email addresses are not displayed, they are only required to verify you are human.
When you submit your comment, an email will be sent to your email address with a confirmation link. Once you have clicked on that confirmation link your comment will be posted.
HTML is not allowed.
RSS Feed
Scott Beckstead on Jan 8th, 2008 at 5:29 PM:
What's the point of certifying anything if it doesn't mean certified? McAfee has a lot to answer for and we should not let them off the hook either. Since we assume as consumers that hacker safe means hacker safe and it says cerified that's what we expect.