WHY HASN'T DDD COMMENTED HERE OR PUT A STATEMENT ON THEIR WEBSITE ABOUT THIS FIASCO?????

This is probably the most disturbing point about this whole thing. They seem to be playing ostrich and hoping the problem will just go away!!!!!!!!!!!!!!!

Which customers do you think should get a discount? Just the ones who's info was exposed, or every customer who has ever purchased from DDD?

Personally, I think DDD should apologize for exposing customer's info AND should then apologize again for not taking their website down immediately after finding out about this problem!

I also want to know what they plan to do to stop this from happening in the future (since they didn't fix it the last time).

Do I want money or a discount? No! I simply want to be able to again trust one of the most cost-competitive DVD websites out there.

They may be playing ostrich, or looking for more business. Or, they may not be in control of the site. No way of telling at this point.

If they had a 25% off sale, I'd be willing to bet that most people would just forget this little incident even happened.

Someone posted earlier that this happened before several years ago. Can anyone verify that? Is so, what was the outcome?

Honestly, if it wasn't for DVDTalk, I don't think anyone would know how widespread this problem is. This is the only place I see any kind of info about this. The thread at HTforum is all but dead.

Amen to that.

Let's say someone accesses your DDD account and orders a ton of DVDs and has them shipped to your address (either on purpose or by accident).

Let's also say that you pay for your DDD purchases with a debit card tied directly to you bank account (like many people do, although they have warned against this).

So, all of a sudden your bank account gets drained and your checks start to bounce when they reach the bank.

In addition, any monthly direct debits tied to your account also get denied due to non-sufficient funds.

Pretty soon, you are up to your neck in fees from your bank and from check collection services! It's a domino effect!

Sure, you should get reimbursed by your bank (especially if you have a Visa or MasterCard Debit Card), but that takes time and they don't deal with clearing up all the overdraft charges due to third party collectors.

So, hopefully you now see that we aren't just "worrying wayyy too much about nothing".

No, it doesn't.
At least not in my case, the number of asterisks/stars always is equal to the number of letters in the password. Always has been for me @ DDD, and every other site where I've ever had a password.

If they took prompt protective and corrective action I wouldn't be concerned. After you switch to bill me later there isn't a lot you are exposed to. Then you can enter your CC, place an order, and remove your CC before logging out. So it's not as bad as it could have been, unless as some have posited this is the work of hackers and the damage was done in the first few minutes.

But as Mod-Mod-World said, without this site I never know people have access to my account. What percentage of DDD customers do you think know whats been going on for 48 hours? DDD sure hasn't told them.

Nope. Eight.
But the "Verify Password" box has 6 (even though I've changed it a dozen times).

Can't say I noticed one way or the other before Friday, but I do see what you see now. And before Friday lots of oither things didn't use to happen either.

So, Bill, your "Verify Password" box is different now too? Meaning: # of asterisks in that box is not the same as in the "Password" box above it?

If DDD are unwilling to take down their compromised site, I think the Better Business Bureau should be brought in to FORCE them to close it down.

Has anyone tried emailing DDD yet and/or got a response?

I think I gave the wrong impression due to posting sequence.

Both boxes show 6 asterisks no matter how long my password is. They are the same length. So I don't see a length that matches the actual PW length (like you), but both are the same length (apparently not like you).

Yep. Many times. With details of the problem. No response other than the occasional "Thank you for contacting DeepDiscountDVD.com...Please do not reply to this automated notification."

That is my question also.

Now, we cannot be completely sure about the compromised site part.

As has been stated before, I've never had a problem. Nor, as a few posters have stated, have many others on this site.

Perhaps, DDD is unaware of this problem. Sure, they've heard about it from other people, etc. etc., but perhaps they are like myself and many others and have not seen any problems firsthand.

Should this be the case, it would not be prudent for them to take the site down. They would have no knowledge themselves of this problem, merely some emails/phone calls from a few concerned people here on the site/other sites. Taking the site down would lose them quite a bit of money, and would be a rash decision.

They've told people that they know about the problem and are trying to fix it. Let's not make excuses for their negligence.

They knew/know of the problem according to phone calls Saturday am, and just the evidence I've emailed them alone should convince them. And in fact they did take their site down for an hour or two (12 hours after the initial problems arose). But any fix was incomplete at best. Then they apparently went home for the weekend.

OK, thanks Bill.
Just checked using a different browser (IE) -- and both Password boxes show up with 6 characters (as you said), even though the password is actually not that length. Although on my IE browser, they aren't "asterisks", but black "dots" instead. Obviously the browser can make a difference in these trivial matters.

I think we are on common ground here, and between the cross posting some of the original meanings have been lost. Even if you won you could end up with one of those infamous moral victories, a $1 judgement, and a pile of legal bills. But I also don't discount the personal burden of going through the cancel/reissue of CCs and the process of extracting yourself from any fraud that might occur whether you are ultimately on the hook or not. And the liklihood only goes up the longer DDD does not act. Hopefully this will all be moot soon. And like you, I'll be back, especially after they offer out that punitive 50% discount and compensatory free upgraded shipping.

Now fixed!

Problem appears to be fixed!