WARNING! Possible Mattel Ghost Trap Digital River CC Info Leak

[BlackMarketMagi]

Hey guys I bought one of the Ghost Traps yesterday and used my credit card Today I went to check to see if it had been charged and when I did there was 2 other charges pending, one from wmvmatch.com and one from debityahoomail. Totaled around $60. Both unauthorized and scams.

Since I very rarely use this card and the 3 digit security number on the back I assume my number got stole somehow on Matty or Digital River. I never hand this card to anyone so it had to be stolen online . You should all check to make sure as $60 could go by easily unnoticed. (One was $19.99, the other $39.99) My bank has cancelled them so I am ok but wanted to spread the word just in case someone there is swiping cc numbers.

 

[Wes R]

Did you contact those companies as well? I've gotten into the habit of checking my account balance once a day or so. Never had issues but rather safe than sorry, glad to hear you caught this though.

 

[sycor]

Just checked my card and it's clean. It's possible you just got bad luck and got hit by a credit card number generator. Hope you get it sorted out.

 

[BlackMarketMagi]

I looked the companies up and they are both known for this. If you call, they ask you for your credit card info and security number to verify. There is no reason to ask for the security number to see if there was a transaction. I called my bank they stopped them both and will investigate without giving out my info. Apparently some banks have these two companies flagged and will automatically reject any charges to them.


Could be random cc generator, but the timing would be incredibly coincidental. And they also got the security number which seems improbable. Either way just looking out for my fellow RPF'ers and want to make sure no one else gets boned.

 

[Cenobyte]

I used my AMEX so I should be covered is this happens.

Thank you for the heads up.

 

[Bootlegger137]

Could be random cc generator, but the timing would be incredibly coincidental. And they also got the security number which seems improbable. Either way just looking out for my fellow RPF'ers and want to make sure no one else gets boned.

Scary. Glad the bank is looking into it.

Have you done a recent virus/phishing filter scan? Maybe some sort of trojan that you unknowingly downloaded at some time in the past? :confused

 

[exoray]

And they also got the security number which seems improbable.

The so called 'security' number on credit is only three (maybe 4) digits, hardly a security feature when it can be brute forced in a few minutes...

Once a 'hacker' gets your credit card number and expiration date, all they need to do is brute force the three digit 'security' number using a few different sites with an automated brute force attack walking through all 999 possibilities in a matter of minutes until one is accepted... Heck even the expiration date can be brute forced easily as it's almost always only 1-3 year out, even at 3 years out that is only 36 possible expiration months...

FYI there are programs designed to do just this and are fully automated so even the 10 year old script kiddie can manage the brute force attack...

And on a second FYI most skimming operations don't exploit the skimmed numbers for a month or two after they were skimmed, as they like to exploit the source of the skim to it's fullest and to collect a large number of skimmed accounts before they tip off anyone to where they where skimmed, resulting in the banks and people canceling the accounts used at the location skimmed...

There IMO a much larger chance you got skimmed a few weeks or months ago or you have a sniffer program on your computer...

 

[BlackMarketMagi]

Well I use a mac so it is unlikely but not impossible I have a virus, trojan, or sniffer. Like I said I very rarely use this card I'd have to go look up when the last time I used it before this was.

However I did update my card info on Matty a few days before so it was ready to go.