Credit card info hacked from Widner's purchases

[number6]

If you've made any purchases online from Widener's in the last couple of months or so, your CC/DC info has probably been hacked.

As for me, I made one ammo purchase from them on 3/7. On 3/14 they charged my account. By 3/21, $7000 of tickets from Quatar Airlines had been purchased, using my card. I thought it was just an anomaly, my bad luck, but then I found a thread of others that had the same problem, after a purchase from Widener's.

I found more threads on ar15.com in the "AK47" thread, and "AK47 ammunition" thread and the "GD" thread. I'm sure with more searching, more threads will turn up. Two or five people may be a coincidence, but many dozens of people that were affected 2 to 7 days after a Widener's purchase is no coincidence.

http://forums.gunboards.com/showthre...as-been-hacked!

Some people that have actually gotten through to them on the phone have been told there's no problem. All Email complaints (like mine) go unanswered/ ignored.
I caught it early and my money will be put back in my account after my bank finishes their investigation (policy). Other banks work faster, some slower.

I'm sort of surprised I didn't see anything here. I'm putting this in the C&R area because a lot of us buy surplus ammo & stuff from this vendor. I have been dealing with Widener's for many, many years. It saddens me that they haven't stepped up and said anything to their customer base. All the the guys that I have found that had their CC hacked will not be doing business with them anymore. I'm sure there will be many hundreds more as soon as they put 2 and 2 together.

And please, credit card or debit card have the same zero liability protection, and has been that way for years. The biggest difference is small payments + interest on CC and one lump sum with a DC. So let's not even go there.

[l921428x]

you are correct in that debit and credit have the same liability, but the amount of time you have to work with is VERY VERY different.

[Schuetzenman]

It came up 2 days ago in General Discussion of Gunsnet GD forum.

[number6]

I searched for over an hour and eventually found a weak brief mention buried in another thread. But anyhow;

On 3/21 I sent Widener's a "soft" message about getting hacked. At the time, I had not seen all the other messages about all the other people that this has happened to. This is a big deal. We put a lot of trust in these vendors when we purchase hundreds of dollars of merchandise from them.
Today I finally got a reply from them. I suppose that they got a lot of complaints by phone and email. They should keep getting these complaints until we are sure it has been resolved. After all, this fiasco is costing them money. I pity the customers that don't know about this or the ones that don't read the gun forums.

Subject: Credit card compromised.

"Thank you for your email regarding your credit card.
Our internet provider is currently investigating possible
unauthorized access to Widener's payment card data.

We keep credit card numbers on file only for a short period
so any breach is extremely limited; however, we are taking this
very seriously and have already reviewed and strengthened our security procedures.

This is a great shock to us and believe me, we are working very hard to
understand how this happened and to make sure it can't happen in the future.

It takes time to fully investigate what happened, but we are continuously
working on it. The extra security features we have just installed will protect against future unauthorized activity.

We sincerely apologize for any inconvenience, and we will assist you in resolving this problem.

Sincerely,

Stan Widener, President
Widener's Reloading & Shooting Supply, Inc."
.

[L1A1Rocker]

Last purchase from them for me was the week before Sandy hook. I guess I'm clear on this?

[l921428x]

you are correct Schuetz, thought so. Now the same q I asked them last time. Did # 6 survive?

[Durangokid]

Thanks for the information. I was about to place an order. I will not be ordering from them.

[number6]

Well, Widener's put the following up on their website (emphasis mine). From what I have seen on the 3 or 4 forums I have read about customers getting hacked, there's more than a very few.
So like it says, if you got your CC hacked after buying from them, please send them an email, if you have not done so, to let them know.

Email: wideners@wideners.com



To all our customers.

Data breaches are all too common in these times, and unfortunately, we have become a victim of one. We have been hard at work determining what happened and doing everything we can to make sure it doesn’t happen again. Here’s a summary of what we have discovered and what we have done about it:

Just prior to February 16th, there was a brute force attack on the site that we now believe allowed access to some customer credit card information. Fortunately, we keep very few customer records in our on-line database. Since there is very little information on the site, exposure is minimized just in case something like this ever happens. We were alerted to this potential breach by a few customers, and we are fortunate that it was so small.

When our internet provider later discovered the attack, we immediately took action to prevent unauthorized access. Since that time, we have further tightened security. We have also performed internal audits to insure all our in-house systems are free of problems.

At this point, we believe we have identified only a few customers who were affected by the incident, and we have done everything possible to prevent recurrence of this activity. If you suspect you have had a problem due to doing business with us, please let us know immediately. We sincerely apologize for any difficulty this has caused.

Sincerely,
Stan Widener
President, Widener’s Reloading & Shooting Supply, Inc.

[number6]

There was an update on Widener's web site. Besides the original declaration posted above, there are these two.
Also, he states the compromise took place starting 3-31-14. My card was hacked on 3-21-14, and it was happening a month or two before. Also happened a few years ago. They are not taking internet orders.

*******************************
Please excuse the inconvenience!
Ordering via the web site has been temporarily terminated to allow for security and design upgrades.
You may still phone orders in at 1-800-615-3006.


Sincerely,
Stan Widener
President, Widener’s Reloading & Shooting Supply, Inc.

Update 4-4-14: For the period 3-31-14 to 4-3-14 our website provider’s website was compromised and credit card information for those dates may have been obtained by unauthorized users.

We have been in meetings all day long with a host of computer experts and programmers and our web provider. The breach from overseas has been finally been identified and eliminated as of 4:00 EST. Our web provider now declares that the website is secure.

On a personal note, words alone cannot express the regret I feel about this situation.

[number6]

The Heartbleed Bug.

With news breaking on Monday, April 7th that the Heartbleed bug causes a vulnerability in the OpenSSL cryptographic library, which is used by roughly two-thirds of all websites on the Internet, we want to update our community on how this bug may have impacted LastPass and clarify the actions we're taking to protect our customers.

https://lastpass.com/heartbleed/
Use this to check on website vendors vulnerability.

LastPass Heartbleed checker

Site: wideners.com
Server software: Apache
Was vulnerable: Probably (known use OpenSSL, but might be using a safe version)
SSL Certificate: Possibly Unsafe (created 2 years ago at May 7 00:00:00 2012 GMT)
Assessment: It's not clear if it was vulnerable so wait for the company to say something publicly, if you used the same password on any other sites, update it now.

[Gunreference1]

And just when you thought it couldn't get any better.

http://www.newsmax.com/Newsfront/nsa.../12/id/565223/

Steve

[shorthair]

My Norton 360 just sent me a check tool as well.