Beware: Wideners credit/debit cards hacked?

[cantstop]

I suspected they were hacked when I got a scam email to the email address I used exclusively with Wideners. I warned them on 03-12 that they'd been hacked, to which they replied "we'll look into it."
...

That explains where the recent Spam email has been coming from. I last ordered from Wideners in July, with a credit card that expired in September, so that's probably the only reason I haven't had issues... yet.

 

[Machodoc]

They seem to FINALLY be getting the message:

Thank you for your email regarding your credit card.
Our internet provider is currently investigating possible
unauthorized access to Widener’s payment card data.

We keep credit card numbers on file only for a short period
so any breach is extremely limited; however, we are taking this
very seriously and have already reviewed and strengthened our security procedures.

This is a great shock to us and believe me, we are working very hard to
understand how this happened and to make sure it can’t happen in the future.

It takes time to fully investigate what happened, but we are continuously
working on it. The extra security features we have just installed will protect against future unauthorized activity.

We sincerely apologize for any inconvenience, and we will assist you in resolving this problem.

Sincerely,

Stan Widener, President
Widener’s Reloading & Shooting Supply, Inc.

 

[amoebicmagician]

holy crap, my buddy was just telling me about how someone tried to make a couple grand of purchases on his card, namely a whole bunch of cab rides and luxury goods in japan.

He orders from wideners all the time, we were just shooting some of his recently bought tin of 7.62x54r

Still though, I'm not ready to swear off Wideners for this. Just because there was a security breach is not necessarily their fault, now the keeping the information to themselves is kind of hinky, IF it turns out that this is true, but frankly I'm not going to screw over a company that has given me some of the best firearms I own at some of the best prices, and has leadership that parallel my own political interests in word and in deed just because some penny pincher in accounting made a bad call about releasing the information.

That guy should be held accountable, but Wideners as a whole is still A-ok in my book.

 

[Dave91]

holy crap, my buddy was just telling me about how someone tried to make a couple grand of purchases on his card, namely a whole bunch of cab rides and luxury goods in japan.

He orders from wideners all the time, we were just shooting some of his recently bought tin of 7.62x54r

Still though, I'm not ready to swear off Wideners for this. Just because there was a security breach is not necessarily their fault, now the keeping the information to themselves is kind of hinky, IF it turns out that this is true, but frankly I'm not going to screw over a company that has given me some of the best firearms I own at some of the best prices, and has leadership that parallel my own political interests in word and in deed just because some penny pincher in accounting made a bad call about releasing the information.

That guy should be held accountable, but Wideners as a whole is still A-ok in my book.

I agree, I will definitely continue to buy from them in the future- provided this does not happen again.

 

[kazan182]

CRAP! I just went back and reviewed my bank card statement:

3/11/2014 - Wideners Reloading &

No wonder I got hacked. Now I'm kinda pissed that Wideners hasn't said anything about it!

This is a bit disappointing about Wideners. I do like the company and they have great products and staff but I think they should have told people also. I am sure a post on their site would be bad for business but it would have been the responsible thing to do. Perhaps they are notifying people some how.

 

[Machodoc]

This is a bit disappointing about Wideners. I do like the company and they have great products and staff but I think they should have told people also. I am sure a post on their site would be bad for business but it would have been the responsible thing to do. Perhaps they are notifying people some how.

They didn't notify me. I pressed them for a response, and got that e-mail. I suspect that the filter feeders in the company were blowing off early reports, and upper management only recently heard about this.

I won't swear off Wideners, but I need to know that my transactions are safe, and that they are taking this VERY seriously. First impressions were that they were in deniable about it being on their end.

 

[Laddertowr]

Just got off the phone with the folks at Widenr's... I was told they are looking into this but I don't think they knew just how much info was taken... I was telling the rep there about all the post here and how we were able to trace the point of origin or why we thought it was from an on-line order with them...

 

[lawdog89]

I ran into a thread on Gun boards, and apparently ar15.com and other forums are reporting this too.

Apparently Wideners customers' credit card information has been hacked. Many people who ordered from Wideners in the last month have had fraudulent charges on their accounts and have had to cancel cards and start fraud reporting/investigation on their accounts.

This includes me. I ordered from Wideners in early march. Last week I noticed a $267 charge from a fashion store in Beijing on my account. Soon after, two random luxury hotels placed pending charges on my account from different states.

I had to cancel my card, but if you have pending charges that doesn't get you immediately out of the water. You usually have to wait until the final amounts come in. Luckily this was a secondary account I have set up just for online ordering. If this happens to your main, or only account, you can end up with no debit or credit card for up to a couple weeks (depending on your bank).

Apparently Wideners is aware but chose not to warn their customers. I'm not here to argue about that, I've had good luck with them in all my transactions. However, if they knew about this and didn't warn their customers, I will think twice about using them in the future.

This could all be a coincidence, who knows. But I want anyone who has used a credit or debit card with Wideners in the last month or two to be aware and double check their accounts.

Sent from my XT901 using Tapatalk

My card was compromised just after I ordered from Wideners too. Thanks for the heads up.

 

[toolness1]

Yeah I'll still order from them, if I can use a pretty paid debit card or something. Thy still should be contacting their customers about this. But they gave me a exchange on a defective product well past the stated return period, and I didn't even have to ask..

So I'll let this slide. This time

Sent from my XT901 using Tapatalk

 

[whistlersmother]

Wow, I'm glad I used the so-called "virtual" credit card number from my card provider. One use and its done.

I will continue to order from Widener's, but it will absolutely be with these "virtual" credit card numbers.

 

[Laddertowr]

Just got this from Wideners

Dear C L,

Thank you for your email regarding your credit card.

Our internet provider is currently investigating possible

unauthorized access to Widener’s payment card data.



We keep credit card numbers on file only for a short period

so any breach is extremely limited; however, we are taking this

very seriously and have already reviewed and strengthened our security procedures.



This is a great shock to us and believe me, we are working very hard to

understand how this happened and to make sure it can’t happen in the future.



It is takes time to fully investigate what happened, but we are continuously

working on it. The extra security features we have just installed will protect against future unauthorized activity.



We sincerely apologize for any inconvenience, and we will assist you in resolving this problem.



Sincerely,



Stan Widener, President

Widener’s Reloading & Shooting Supply, Inc.

 

[Harabec Weathers]

There's a message on their front page about the data breach now.

What a shame, though. I was just about to make a decent-sized ammo order. Now I'm not sure whether I should do it now or wait until things settle down.

 

[toolness1]

2AM central time and their site is down for maintenance at the moment. Hopefully getting some nice security upgrades...

Sent from my XT901 using Tapatalk

 

[Sticky]

Good to hear they are on it, they are one of my go to suppliers... hope they get things resolved soon!

 

[cantstop]

2AM central time and their site is down for maintenance at the moment. Hopefully getting some nice security upgrades...

Or, every hacker on the Internet is trying to jump Widener's. It's like money on a table waiting to be grabbed up.

 

[Machodoc]

There's a message on their front page about the data breach now.

I'm glad to see that. Here's a response that I sent to their form letter, finally acknowledging that there was an issue. I'm sure others sent similar messages. The only problem is that their February date for the breach doesn't match with what's been posted here (including my own date of processing). My card data wouldn't have been on file with them at that point unless they keep it for months.

Thank you for the response.

I belong to several different gun boards, and it's clear, from the number of participants who recently made Widener's purchases and whose cc accounts were subsequently hacked, that this is not a coincidence.

One data point that you should know is that one of your customers makes a habit of having a separate e-mail address that he uses ONLY with one given business. He had such an e-mail address set up for Wideners. Earlier this month, he got a spam message on that mail account, indicating that your database had been compromised. He called your company, reported this to you, and was told, "We'll look into it." He never heard a word of reply, but his credit card was hacked a couple of days later. This strongly suggests a vulnerability in your system, rather than somewhere like a credit card processor.

The silence from your company has been disturbing, and suggests that some sort of denial has been going on for days, rather than a prompt reaction to address the problem. People calling this issue to the attention of your staff have been given various replies--most saying that there's no problem at your end. There clearly is.

I urge your company to contact all customers who have made purchases with credit cards in the last 4-6 weeks and just be honest and up-front with them. So long as we feel safe, we'll continue to shop with you. But when there's no response, or a "not us!" response, it can cause a lot of mistrust. In this age where info spreads so quickly, that can be a kiss of death to a small business.

 

[Onwrd Farm]

This is posted on Wideners front page;

To all our customers.

Data breaches are all too common in these times, and unfortunately, we have become a victim of one. We have been hard at work determining what happened and doing everything we can to make sure it doesn’t happen again. Here’s a summary of what we have discovered and what we have done about it:

Just prior to February 16th, there was a brute force attack on the site that we now believe allowed access to some customer credit card information. Fortunately, we keep very few customer records in our on-line database. Since there is very little information on the site, exposure is minimized just in case something like this ever happens. We were alerted to this potential breach by a few customers, and we are fortunate that it was so small.

When our internet provider later discovered the attack, we immediately took action to prevent unauthorized access. Since that time, we have further tightened security. We have also performed internal audits to insure all our in-house systems are free of problems.

At this point, we believe we have identified only a few customers who were affected by the incident, and we have done everything possible to prevent recurrence of this activity. If you suspect you have had a problem due to doing business with us, please let us know immediately. We sincerely apologize for any difficulty this has caused.

Sincerely,
Stan Widener
President, Widener’s Reloading & Shooting Supply, Inc.Seems to be minimizing it by saying its only a "few" customers. Based on posts just on this board, I would think this happened to a lot more then a "few" people.

 

[toolness1]

I placed an order with them over the phone today. Will be keeping an eye on the card and won't be using it for anything else in the meantime. Its a brand new card too.
Fingers crossed!

Sent from my XT901 using Tapatalk

 

[Gbh]

I got hit today for a couple of charges to Kohl's online site.

My bank had stopped the charges (debit card) and already had a new card ordered for me by the time I called the which was only an hour after the pre-auth's appeared on my account. I get texts from my bank for various things including balance dips which alerted me.

I called Kohl's and the fraud department told me it was a "Jones" from Baltimore who placed the online order. They also had flagged the order for fraud review.

Things worked as well as can be expected but it blows that merchants, banks and customers are out time and money over a f'd up system

 

[toolness1]

Their timeline stated on their page for when this happened isn't right I don't think. My order in question was placed in early March.... its almost like someone had full access to ALL their accounts SINCE mid Feb. That seems more likely than it being a one time deal back in Feb.

We will see if their updates work with my new order. I'll be the guinea pig

Sent from my XT901 using Tapatalk