WARNING: Your DDD Details Are Not Safe! (merged)
10-11-04, 06:40 PM
#501
DVD Talk Special Edition
Join Date: Aug 2000
Posts: 1,170
Likes: 0
Received 0 Likes
on
0 Posts
Originally posted by marty888
You're probably right. I'm also waiting for a plausible explanation as to why the entire eastern part of the United States had a blackout 14 months ago.
You're probably right. I'm also waiting for a plausible explanation as to why the entire eastern part of the United States had a blackout 14 months ago.
10-11-04, 06:57 PM
#502
DeepDiscount.com
Join Date: Feb 2001
Location: Itasca, IL
Posts: 152
Likes: 0
Received 0 Likes
on
0 Posts
Dear DeepDiscountDVD/DeepDiscountCD Customer:
We are writing to give you further details of the problem experienced with our websites this past weekend.
Maintenance was performed on the DeepDiscountDVD/DeepDiscountCD websites beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continued through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.
The situation described above directly affected less than ½ of 1% of our customer base and will be fully remedied when we reopen the websites. All of our website operations and functionality will then be returned to normal. We sincerely apologize for any inconvenience that this situation may have caused.
Unfortunately, we have discovered that in some cases customers that logged in during the maintenance period may have been able to actually place an order on another customer’s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all DeepDiscountDVD and DeepDiscountCD orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th will be unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers’ account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer’s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our sites’ cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the websites will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004.
On behalf of our entire company, we sincerely apologize for this problem. The patronage of the users of this forum is very important to us and integral to our long-term success. We have noted that many of you have expressed valid concerns regarding the amount of time that it took for us to appropriately recognize and fully address this situation. We share your concerns. We did not realize the ramifications of cookies remaining on the users’ computers until Monday morning. At that time, we brought the sites down and will keep them down until we are certain that a final solution has been implemented. In addition, we made the decision to cancel thousands of orders rather than risk that any of our customers be inappropriately charged. Although problems of this nature sometimes arise in every company, you can be assured that we will establish procedures to minimize disruptions of this type and work hard to develop improved internal controls that will allow us to respond faster when we need to.
Once more, please accept our sincere apology. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.
Sincerely,
David Barker
Vice President, Marketing
We are writing to give you further details of the problem experienced with our websites this past weekend.
Maintenance was performed on the DeepDiscountDVD/DeepDiscountCD websites beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continued through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.
The situation described above directly affected less than ½ of 1% of our customer base and will be fully remedied when we reopen the websites. All of our website operations and functionality will then be returned to normal. We sincerely apologize for any inconvenience that this situation may have caused.
Unfortunately, we have discovered that in some cases customers that logged in during the maintenance period may have been able to actually place an order on another customer’s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all DeepDiscountDVD and DeepDiscountCD orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th will be unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers’ account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer’s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our sites’ cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the websites will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004.
On behalf of our entire company, we sincerely apologize for this problem. The patronage of the users of this forum is very important to us and integral to our long-term success. We have noted that many of you have expressed valid concerns regarding the amount of time that it took for us to appropriately recognize and fully address this situation. We share your concerns. We did not realize the ramifications of cookies remaining on the users’ computers until Monday morning. At that time, we brought the sites down and will keep them down until we are certain that a final solution has been implemented. In addition, we made the decision to cancel thousands of orders rather than risk that any of our customers be inappropriately charged. Although problems of this nature sometimes arise in every company, you can be assured that we will establish procedures to minimize disruptions of this type and work hard to develop improved internal controls that will allow us to respond faster when we need to.
Once more, please accept our sincere apology. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.
Sincerely,
David Barker
Vice President, Marketing
10-11-04, 07:08 PM
#503
DeepDiscount.com
Join Date: Feb 2001
Location: Itasca, IL
Posts: 152
Likes: 0
Received 0 Likes
on
0 Posts
Dear DeepDiscountDVD/DeepDiscountCD Customer:
We are writing to give you further details of the problem experienced with our websites this past weekend.
Maintenance was performed on the DeepDiscountDVD/DeepDiscountCD websites beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continued through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.
The situation described above directly affected less than ½ of 1% of our customer base and will be fully remedied when we reopen the websites. All of our website operations and functionality will then be returned to normal. We sincerely apologize for any inconvenience that this situation may have caused.
Unfortunately, we have discovered that in some cases customers that logged in during the maintenance period may have been able to actually place an order on another customer’s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all DeepDiscountDVD and DeepDiscountCD orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th will be unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers’ account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer’s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our sites’ cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the websites will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004.
On behalf of our entire company, we sincerely apologize for this problem. The patronage of the users of this forum is very important to us and integral to our long-term success. We have noted that many of you have expressed valid concerns regarding the amount of time that it took for us to appropriately recognize and fully address this situation. We share your concerns. We did not realize the ramifications of cookies remaining on the users’ computers until Monday morning. At that time, we brought the sites down and will keep them down until we are certain that a final solution has been implemented. In addition, we made the decision to cancel thousands of orders rather than risk that any of our customers be inappropriately charged. Although problems of this nature sometimes arise in every company, you can be assured that we will establish procedures to minimize disruptions of this type and work hard to develop improved internal controls that will allow us to respond faster when we need to.
Once more, please accept our sincere apology. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.
Sincerely,
David Barker
Vice President, Marketing
We are writing to give you further details of the problem experienced with our websites this past weekend.
Maintenance was performed on the DeepDiscountDVD/DeepDiscountCD websites beginning at 4:00 P.M. C.S.T. on Friday October 8th, 2004 and continued through 10:00 A.M. C.S.T on Monday, October 11th, 2004. This maintenance was intended to cache certain web pages and images to allow faster access by our customers. Unfortunately, this maintenance inadvertently resulted in certain limited customer information becoming accessible by other customers upon login by those customers. The accessible information generally included customer name, address, shipping information and order history. Credit card and debit card data is obscured on the account information page and as such, NO CREDIT OR DEBIT CARD NUMBERS WERE EVER COMPROMISED. Insofar as your credit/debit card information was always protected, it is not necessary to notify your card provider or to cancel your card.
The situation described above directly affected less than ½ of 1% of our customer base and will be fully remedied when we reopen the websites. All of our website operations and functionality will then be returned to normal. We sincerely apologize for any inconvenience that this situation may have caused.
Unfortunately, we have discovered that in some cases customers that logged in during the maintenance period may have been able to actually place an order on another customer’s account. Again, we reiterate that there was never any ability to access or copy credit or debit card data. In other cases, customers may have updated and corrected their account information and placed legitimate orders. Unfortunately, our system cannot distinguish between these two situations. To that end, we feel that we must cancel all DeepDiscountDVD and DeepDiscountCD orders received during the maintenance period, which extended from 4:00 P.M. C.S.T. on Friday October 8, 2004 through Monday, October 11 at 10:00 A.M. C.S.T. These orders will not be processed or charged. Any preorders or backorders that were originally placed prior to Friday October 8th will be unaffected and will be shipped and charged as usual. We will be notifying the customers whose orders we will be canceling to the extent that we have accurate account information for those customers. In some cases, however, we may be providing notice to a customer who is the account holder of record, but who did not actually place the order. Unfortunately, we must resolve any inquiries from these customers on a case by case basis.
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers’ account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer’s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our sites’ cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the websites will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004.
On behalf of our entire company, we sincerely apologize for this problem. The patronage of the users of this forum is very important to us and integral to our long-term success. We have noted that many of you have expressed valid concerns regarding the amount of time that it took for us to appropriately recognize and fully address this situation. We share your concerns. We did not realize the ramifications of cookies remaining on the users’ computers until Monday morning. At that time, we brought the sites down and will keep them down until we are certain that a final solution has been implemented. In addition, we made the decision to cancel thousands of orders rather than risk that any of our customers be inappropriately charged. Although problems of this nature sometimes arise in every company, you can be assured that we will establish procedures to minimize disruptions of this type and work hard to develop improved internal controls that will allow us to respond faster when we need to.
Once more, please accept our sincere apology. We truly value your patronage, and sincerely hope that you will give us a chance to restore your confidence in us.
Sincerely,
David Barker
Vice President, Marketing
10-11-04, 07:33 PM
#506
Cool New Member
Thread Starter
Join Date: Oct 2004
Posts: 49
Likes: 0
Received 0 Likes
on
0 Posts
Further, even though we corrected the problem on Saturday morning, some customers may still have had other customers’ account information (excluding credit/debit card data) contained in a cookie on their personal computers. If you were affected, another customer’s data might possibly have appeared when you logged on to our website and would have been visible until such time that the cookies were cleared or they expired. All of our sites’ cookies should have automatically expired as of this writing. As an added precaution, we have arranged that the websites will require all credit/debit card information to be reentered by all customers prior to submission of any new orders, and we have restored all user account information to its status as of 8:00 A.M. C.S.T. Friday October 8th, 2004.
I'm sorry, but this is complete crap and you know it.
After the supposed 'maintenance' on Saturday morning, I completely cleared ALL of my cookies, cleared my History folder AND restarted the computer.
I even ran defragmentation and virus checks while I was in the process of spring cleaning my computer.
Even after all that -- and despite what you have said -- I could still see other people's accounts. Not just the same ones I had seen on Friday night/Saturday morning -- but completely new ones.
And I can tell you this for a verifiable fact that they were new accounts, because I emailed each and every person whose account I accessed them and advised them of the situation.
After your 'maintenance' period, Outlook Express tells me I emailed 17 new people whose accounts had been compromised. These were NOT cached in my browser.
The situation described above directly affected less than ½ of 1% of our customer base and will be fully remedied when we reopen the websites.
Again; not true.
EVERYBODY I know personally who has an account with DDD had this same problem. I'm talking 20-25 people from all over the world who went and checked their accounts and saw the same problems.
And 27 out of the 30+ people whose accounts I had been in, responded to my alert email saying thank-you and that they are having the same problem.
Please don't go on the defensive and spin a major security breach and horrific negligence into a minor issue. By doing this, you are more or less calling hundreds of loyal customers 'liars'. And we are not liars and we are not idiots. We saw with our own eyes what was going on -- so don't tell us;
"Hoo-ha...it was all an illusion! What you actually saw was THIS..."
Here. I've re-drafted your announcement and apology to one that I'm sure 80% of your customers would accept as true and be satisfied with:
Dear DeepDiscountDVD/DeepDiscountCD Customer:
We f***ed up. Big time.
Sorry about that. Won't happen again.
Please forgive us and we promise not to let anything like that happen again.
Sincerely,
DeepDiscountDVD
We f***ed up. Big time.
Sorry about that. Won't happen again.
Please forgive us and we promise not to let anything like that happen again.
Sincerely,
DeepDiscountDVD
Just don't feed us the "Are you sure it's not actually YOUR fault...?" garbage.
I'm in customer service in the retail industry, and I'm telling you I'd be fired if I ever apologized to a customer like that.
Last edited by SuburbanCowboy; 10-11-04 at 07:57 PM.
10-11-04, 07:38 PM
#509
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
Thanks for the update Mr. Barker. One thing that wasn't addressed was the ability to circumvent the security measure of being able to edit your account information without having to re-enter your credit card number. Was that corrected? And why wasn't that aspect of the site not working? That left a big hole in the system that allowed someone the ability to edit the shipping information of another account and place orders!
10-11-04, 07:40 PM
#510
Cool New Member
Thread Starter
Join Date: Oct 2004
Posts: 49
Likes: 0
Received 0 Likes
on
0 Posts
Originally posted by Funk
SuburbanCowboy: You registered (or re-registered) just to post tripe like that? It's getting really old...
Don't bother responding; I don't care what you have to say.
SuburbanCowboy: You registered (or re-registered) just to post tripe like that? It's getting really old...
Don't bother responding; I don't care what you have to say.
10-11-04, 07:53 PM
#513
DVD Talk Special Edition
Join Date: Aug 2004
Posts: 1,716
Likes: 0
Received 0 Likes
on
0 Posts
Mr Barker, I do thank you for taking your time to address this board. Much obliged...
SuburbanCowboy, I have not had one ounce of problem in dealing with DDD on this matter. Nor have any people I personally know. A re-draft of Mr. Baker's original message is an insult to him, not specifically the message itself, but by using his name at the end.
People, personal attacks are not needed, nor necessary. Let's try and remain civil...
SuburbanCowboy, I have not had one ounce of problem in dealing with DDD on this matter. Nor have any people I personally know. A re-draft of Mr. Baker's original message is an insult to him, not specifically the message itself, but by using his name at the end.
People, personal attacks are not needed, nor necessary. Let's try and remain civil...
10-11-04, 07:53 PM
#514
DeepDiscount.com
Join Date: Feb 2001
Location: Itasca, IL
Posts: 152
Likes: 0
Received 0 Likes
on
0 Posts
Originally posted by LASERMOVIES
Thanks for the update Mr. Barker. One thing that wasn't addressed was the ability to circumvent the security measure of being able to edit your account information without having to re-enter your credit card number. Was that corrected? And why wasn't that aspect of the site not working? That left a big hole in the system that allowed someone the ability to edit the shipping information of another account and place orders!
Thanks for the update Mr. Barker. One thing that wasn't addressed was the ability to circumvent the security measure of being able to edit your account information without having to re-enter your credit card number. Was that corrected? And why wasn't that aspect of the site not working? That left a big hole in the system that allowed someone the ability to edit the shipping information of another account and place orders!
LaserMovies
This has been corrected. We are investigating why this function was disabled during the maintenance process.
We agree that this is of concern and played a part in our decision to cancel all of the orders taken during the maintenance period.
10-11-04, 07:54 PM
#515
DVD Talk Special Edition
Join Date: Jul 2003
Location: Falls Church, VA
Posts: 1,038
Likes: 0
Received 0 Likes
on
0 Posts
Appreciate the update, but it simply isn't possible the issues with the site were corrected by Saturday morning. As many others did, I cleared all of my cookies/browser cache/restarted and whatever else, and was still logging into other peoples accounts up until last night.
I'm aware you're just getting this information from someone else, but you should know that the problem was not resolved on Saturday morning. There have been far too many people in this thread repeating the same story for the situation to have resolved itself once you performed maintance early on Saturday...
I'm aware you're just getting this information from someone else, but you should know that the problem was not resolved on Saturday morning. There have been far too many people in this thread repeating the same story for the situation to have resolved itself once you performed maintance early on Saturday...
10-11-04, 07:58 PM
#517
DVD Talk Special Edition
Join Date: Aug 2000
Posts: 1,170
Likes: 0
Received 0 Likes
on
0 Posts
This is the part that I most appreciate:
At least they accepted some responsibility for their error in not taking the site down sooner. That was my primary issue with them, and they addressed it. That's more than some other companies might have done.
And canceling a whole lot of revenue-generating orders is a pretty good indication that the lack of action over the weekend was due more to incompetence or inattention than greed. Again this may not be the whole story, but they've done a lot more than others might have.
We have noted that many of you have expressed valid concerns regarding the amount of time that it took for us to appropriately recognize and fully address this situation. We share your concerns. We did not realize the ramifications of cookies remaining on the users’ computers until Monday morning.
And canceling a whole lot of revenue-generating orders is a pretty good indication that the lack of action over the weekend was due more to incompetence or inattention than greed. Again this may not be the whole story, but they've done a lot more than others might have.
10-11-04, 08:04 PM
#518
DVD Talk Legend
What SuburbanCowboy said is essentially true, even if he's not being as delicate as some might like.
But I do appreciate that at least now it appears DDD is taking this seriously, even if the grovelling quotient of the apology is a bit lacking. But this is business, and there are other considerations involved in what will and will not be said and when.
REPARATIONS!!!
But I do appreciate that at least now it appears DDD is taking this seriously, even if the grovelling quotient of the apology is a bit lacking. But this is business, and there are other considerations involved in what will and will not be said and when.
Originally posted by BrentLumkin
DeepDiscountDVD,
Are you planning on offering all of us some sort of special coupon to make up for this?
DeepDiscountDVD,
Are you planning on offering all of us some sort of special coupon to make up for this?
10-11-04, 08:12 PM
#520
DVD Talk Legend
Weird. I got on the site and tried to log in, and then down she went again, this time until 8am Tuesday. That was a little startling! I hope it wasn't anything I did!
10-11-04, 08:16 PM
#522
Cool New Member
Thread Starter
Join Date: Oct 2004
Posts: 49
Likes: 0
Received 0 Likes
on
0 Posts
Originally posted by Bill Needle
[B]What SuburbanCowboy said is essentially true, even if he's not being as delicate as some might like.
[B]What SuburbanCowboy said is essentially true, even if he's not being as delicate as some might like.
I apologize to anyone if they took offense to my bluntness.
I've been in the retail industry for almost ten years and have three certificates for it.
Our company's policy on customer service complaints is "No spin...tell the truth." No matter how bad it makes you look, you can at least salvage a relationship with that customer through your honesty.
By putting a spin on it, you're insulting the intelligence of the customer and you will most definitely lose their business because of both the original mistake and the attempt at covering up the mistake or lessening its impact.
It's like me being a chef and saying to a customer with food-poisoning; "Hey...at least you didn't die! Was it really that bad, when you think about it?"
Again; if I'm being too blunt or lacking tact, I apologize. This is how I was trained.
10-11-04, 08:27 PM
#524
DVD Talk Reviewer
Join Date: May 2000
Location: Blu-ray.com
Posts: 10,380
Likes: 0
Received 0 Likes
on
0 Posts
This was an excellent explanation and I WILL CONTINUE to support DDD. Their prices on International titles are the best. Problems happen so this is just part of the business.
Cheers,
Pro-B
Cheers,
Pro-B