WARNING: Your DDD Details Are Not Safe! (merged)
#1
Cool New Member
Thread Starter
Join Date: Oct 2004
Posts: 49
Likes: 0
Received 0 Likes
on
0 Posts
WARNING: Your DDD Details Are Not Safe!
If you haven't logged into your DDD account in the past 24 hours -- DON'T!!!
I'm a long-time lurker, but this was enough to get me to actually register for posting.
I went to DeepDiscountDVD today to add some stuff to my wishlist and noticed that up in the top left corner, it said "Hello Veronica".
Seeing as though my name is not Veronica -- nor do I know any Veronicas -- I was more than slightly puzzled. I clicked on the account details to see what was up (thought maybe my account had been hacked), and there were all of Veronica's details -- Name, number, address, credit card info etc.
I clicked on 'order status' and was able to view her orders for the last 6 months.
Odd? It gets worse....
I refreshed the page. Now, I'm logged into the account of some guy in Oklahoma named Frederick.
Same deal -- I can access his entire account.
This happened five more times as I jumped from page to page on the site. Just as I'd be looking around to see what was going on, there would be a new "Hello..." message up where mine should have been.
That's seven accounts that I was logged into within half an hour!
If I were dishonest, or a complete asshole, I could quite easily have ordered a few DVDs from each of them for myself.
I copied the email addresses of everybody's account that I had access to and I emailed them about the situation.
Did anyone else encounter this today?!
Lord knows how many people had access to other people's accounts while it was happening. I'm just thankful my credit card on file with DDD expired a month ago.
Check your accounts, people. Make sure there are no unauthorized orders or any strange items in your shopping cart or wishlist.
EDITED:
PLEASE NOTE...
This problem seems to affect only accounts that are currently, or have recently been, logged in.
For example -- most of us are seeing each other's accounts because we are all logging in to change our information.
If you haven't logged into your DDD account in the past 24 hours -- DON'T!!!
Just leave it alone until DDD has fixed the problem and stated officially that there is no further risk. By logging in now, you're only opening your account up to others.
Again; if you haven't been there in the last 24 hours, don't worry about changing your account.
Last edited by SuburbanCowboy; 10-09-04 at 09:05 AM.
#2
Senior Member
This is bad! AND... this is not the first time this has happened with Deep Discount DVD!
I just went to their website and it says, "Welcome Christopher" and my name is Richard!! Like you, I went to account details and they belong to someone else! It also brings up a different account each time I hit the refresh button!
I have done some screen captures and plan to send them to DeepDiscoutDVD!
In the meantime, I am logging into my own account and replacing my credit card on file with zeros! I suggest everyone else do the same!
I just went to their website and it says, "Welcome Christopher" and my name is Richard!! Like you, I went to account details and they belong to someone else! It also brings up a different account each time I hit the refresh button!
I have done some screen captures and plan to send them to DeepDiscoutDVD!
In the meantime, I am logging into my own account and replacing my credit card on file with zeros! I suggest everyone else do the same!
#4
Cool New Member
Thread Starter
Join Date: Oct 2004
Posts: 49
Likes: 0
Received 0 Likes
on
0 Posts
Also -- if anyone else is encountering this, please do the right thing and email the person whose account you have access to and let them know.
Just keep in mind that someone else may be viewing your details right now. And you'd hate it if you were kept in the dark.
Just keep in mind that someone else may be viewing your details right now. And you'd hate it if you were kept in the dark.
#5
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
I just checked and didn't notice anything unusual with my account. However I have heard of this happening in the past at DDD. It is disturbing to think they have a potentially dangerous glitch with the site that puts your personal information at risk of unauthorized viewing or theft.
#6
Senior Member
OK, I couldn't log on to my account while using Mozilla Firefox web browser, so I switched over to Internet Explorer.
On IE, other accounts did not come up automatically and I was able to log on to my own account and delete my credit card number.
Has everyone else that experienced this problem been using a browser other than IE?
On IE, other accounts did not come up automatically and I was able to log on to my own account and delete my credit card number.
Has everyone else that experienced this problem been using a browser other than IE?
#7
Senior Member
Boy was I wrong! I just logged out of my account on IE and it automatically pulled up the account of "Chris". So I guess the type of web browser has nothing to do with it.
I have emailed DDD and tried to call to leave them a message, but that was not an option on their phone system.
I have emailed DDD and tried to call to leave them a message, but that was not an option on their phone system.
#8
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
I just went back to edit my credit card number and it won't let me change the number. Also the site will not let me log out now. I'm using an Avant browser which is using an IE shell.
Last edited by Laser Movies; 10-09-04 at 01:43 AM.
#10
Senior Member
Originally posted by LASERMOVIES
I just went back to edit my credit card number and it won't let me change the number. Also the site will not let me log out now. I'm using an Avant browser which is using an IE shell.
I just went back to edit my credit card number and it won't let me change the number. Also the site will not let me log out now. I'm using an Avant browser which is using an IE shell.
#11
Senior Member
DANGER! Deep Discount DVD website is not secure!!
Read this link ASAP! Thanks to SuburbanCowboy for spotting this huge problem that has hit DDD again!
http://www.dvdtalk.com/forum/showthr...14#post5399214
(and yes, I know this is not a bargain, but it is very important for all of us bargain hunters to protect our credit card info)
http://www.dvdtalk.com/forum/showthr...14#post5399214
(and yes, I know this is not a bargain, but it is very important for all of us bargain hunters to protect our credit card info)
#15
Senior Member
DANGER! Deep Discount DVD Website is Not Secure!
Read this link ASAP! Thanks to SuburbanCowboy for spotting this huge problem that has hit DDD again!
http://www.dvdtalk.com/forum/showthr...hreadid=389775
(and yes, I know this is not about a specific DVD, but this is very important for most of us who visit DVDTalk and must be acted upon ASAP!)
http://www.dvdtalk.com/forum/showthr...hreadid=389775
(and yes, I know this is not about a specific DVD, but this is very important for most of us who visit DVDTalk and must be acted upon ASAP!)
Last edited by rich-y; 10-09-04 at 02:26 AM.
#16
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
I don't remember since it was several years ago when it happened. But I never had any theft from my account at DDD. Maybe a search could dig up one of the old threads.
#18
DVD Talk Legend
Originally posted by LASERMOVIES
I don't remember since it was several years ago when it happened. But I never had any theft from my account at DDD. Maybe a search could dig up one of the old threads.
I don't remember since it was several years ago when it happened. But I never had any theft from my account at DDD. Maybe a search could dig up one of the old threads.
#20
Needs to contact an admin about multiple accounts
Join Date: Oct 2003
Posts: 449
Likes: 0
Received 0 Likes
on
0 Posts
I noticed a bunch of movies in my shopping cart that I did not put there. Probably somebody who didn't notice they were jumping to other people's accounts. Watch your e-mails for confirmations of orders you never placed.
#22
DVD Talk Platinum Edition
Join Date: May 1999
Location: Pleasanton, Ca
Posts: 3,017
Likes: 0
Received 0 Likes
on
0 Posts
Hi Guys,
For people having problems getting logged in to try to switch over to 'Bill Me later', try going to this link directly:
www.deepdiscountdvd.com/login.cfm
From there I was able to get into my account and make changes to my phone number and credit card that seemed to have 'stuck'.
For people having problems getting logged in to try to switch over to 'Bill Me later', try going to this link directly:
www.deepdiscountdvd.com/login.cfm
From there I was able to get into my account and make changes to my phone number and credit card that seemed to have 'stuck'.
#23
DVD Talk Platinum Edition
Join Date: May 1999
Location: Pleasanton, Ca
Posts: 3,017
Likes: 0
Received 0 Likes
on
0 Posts
I also posted this in the other thread, but if we're gonna keep two threads open then I wanted to put this here too:
Hi Guys,
For people having problems getting logged in to try to switch over to 'Bill Me later', try going to this link directly:
www.deepdiscountdvd.com/login.cfm
From there I was able to get into my account and make changes to my phone number and credit card that seemed to have 'stuck'
Hi Guys,
For people having problems getting logged in to try to switch over to 'Bill Me later', try going to this link directly:
www.deepdiscountdvd.com/login.cfm
From there I was able to get into my account and make changes to my phone number and credit card that seemed to have 'stuck'
#24
This explained what happened earlier when I went there and unbeknowst to me ended up ordering all these movies I had never placed in my cart. I was looking to just buy Slacker. This is really quite bad.
#25
DVD Talk Hall of Fame
Join Date: Dec 1999
Location: Formerly known as (ahem) "LASERMOVIES"/California
Posts: 9,464
Likes: 0
Received 1 Like
on
1 Post
Originally posted by gcribbs
I had an account that I had to close awhile back(around 2 years ago) and I thought it could have been from DDD. I caught it early and since I never had another problem I let it slip my mind till now.
I had an account that I had to close awhile back(around 2 years ago) and I thought it could have been from DDD. I caught it early and since I never had another problem I let it slip my mind till now.
I tried searching but couldn't come up with an old thread on this topic. But I do remember there were posts by some members claiming they could see other DDD accounts besides their own. Unfortunately the search function on the site doesn't work very well.