I could log in and see my info during the height of the problem, but I could NOT log in and see random other people's info as well.

I can still log in OK, and for the last few hours I haven't gotten other people's accounts to pop up. Others say they still see the issue as recently as an hour or two ago.

I just clicked on the DDD link...and I'm logged into someone elses account. Shit.

I've been getting a message saying the site was down since I got home from work. How is everyone here still getting in?

DDD knowingly letting this go on in my opinion is way beyond a mistake or mishap. I would have been more forgiving if they shutdown the site first thing in the morning when they became aware of the security issues, and reopening later when it was fully repaired. Letting it persist and failing to notify customers about it has become negligent. It shows they don't care about security or protecting your personal information. Maybe they need to be put out of business.

Just click a link or type in the address and you're in. It was only down briefly this morning.

Hear that, DDD? Plan a 30% off sale to assuage our discontent...

I'm still getting other people's account information when I click the DDD link.

Here's another security issue I discovered. I was chatting with a friend on AOL, and my friend copy and pasted the URL from DDD, and sent it to me via 'IM'. When I clicked that link...I was logged into her account.

DDD obviously has little regard for the privacy and security of the personal information we trust them to protect.

Bullshit - 50 percent, and I might *THINK* about using them again. And if I ever do, you can bet your bottom dollar that its going to be with the "Bill Me Later". There is NO FUCKING way that I am ever trusting these guys with my credit card ever again.

To allow the slip-up to occur is human error - bad, but shit happens. To allow it to go unchecked for the whole god damned weekend (cause you know there isnt going to be anyone in on sunday) is negligent.

So if one hasn't logged in recently is it best not to at all?

You should probably login to remove you credit card info, but it may already be too late to matter.

Man i just ordered so much stuff

Just kidding- i changed my account to bill me later- thanxs for the heads up- hopefully it is not to late

Just a warning update:

The problem is NOT fixed over 24 hours later.
I just recieved an email from a kind DDD customer who said he was logged into my account. He even sent me a screen shot, and sure enough, all my account information was right there in the hands of a complete stranger.

I've always really liked DDD, but this is too much.

That's why I suspect the problem is if you use the "Remember Me" function. I don't, I was able to log in and out of my account w/o problem and I have never ended up in anyone elses account. Please take time to vote here http://www.dvdtalk.com/forum/showthr...hreadid=389906 so we can find a correlation.

Ever hear of irony and sarcasm?

I haven't yet tried logging into my account this morning, but I suspect the problem still hasn't been solved. I'm going to try re-installing Internet Explorer and try logging in through IE instead of AOL and see if that works so i can delete my info.

I did receive an email from another customer yesterday, just for the record I don't bother looking at other customers' account info, I just want to get into my own account.

I hope the problem is resolved soon, I really don't want to stop ordering from DeepDiscount, I ordered twice from them and their prices are great and their shipping services are also very good.

Well said!

What exactly is the security problem you people are complaining about?

As posted above, no one can get your credit card information.

As posted, no one can change the shipping address so dvd's cannot be paid by you and shipped to someone else.

The very worst might happen is a) someone might be able to order you more dvd's or b) someone can see what you have previously ordered.

Or, is that the problem, you don't want someone to see you actually did order Nurse Betty?

Its a freekin' glitch. Happens often on the net. More than you know. Lighten up!

If you don't want to order from DDD anymore then don't. That will save bandwidth so we can place out multiple orders next time they have a sale!

Disclosing customer details like full name, address, phone number and email is a serious problem as it practically invites identity theft. Maybe you have not experienced identity theft yourself yet, but I can assure you that it is a huge ordeal.

I just logged into my account and it was correct. I changed the info to bill me later though and checked to see if there were any recent or open orders and there were none thankfully. There really is no reason not to shut down the site completely until the problem has been resolved. In addition all recent orders should be cancelled. This is ridiculous really.

Any security breach is a problem that needs to be corrected as quickly as possbile, but ...

My name, address and phone number have already been printed several million times in the phone book, and considering the amount of spam I receive, my email addresses are not well-kept secrets. What information that could lead to identity theft has actually been compromised?

I tend to agree that this is not a particularly big deal. The only information that is readily visible on the site is the same information that can be obtained by typing my name into Google. My only concern is that some prankster might have ordered a ton of DVD's and had them sent to me. I changed my billing method to Bill Me Later, so I am not even worried about that any more. Compared to the DVDPacific fiasco, this is minor.

I haven't logged in to DDD for over a month. Do you think it's better to just stay out for now or to login and change my info?

This is why I love my Citibank virtual account number program. It generates a random account number that can only be used once by a particular merchant, and expires in a month.

Minor or not, they should take the site down while this problem is occurring.

I could be wrong but I think it's safest just to stay out.

There are plenty of other places to get DVDs so I'm going to wait to see what DDD has to say about the situation.

I agree

But we're not sure that the credit cards are secure either. There are ways to get this ***'ed out information - packet sniffers and so on. Just because YOU cant see it doesnt mean that someone else cant.