[Store Team]

On July 12th, Smartphone Experts discovered suspicious activity on a system used to process credit card payments for orders made through our online stores. This system powers accessory stores for several websites, including ShopCrackBerry.

We immediately implemented measures to prevent any further unauthorized access, and engaged a leading computer security firm to investigate and provide recommendations for additional security measures.

The security firm completed its investigation on August 5th 2013 and found evidence that although credit card information is encrypted when it is stored, the hacker may have had the technical ability to use a decryption feature of the system to view some customer’s credit card information.

Over the next few days we will be notifying all individuals via mail or email whose information may have been affected so they can take steps to protect their cards from any potential fraudulent charges. We have provided all relevant information about this incident to the credit card companies so they can take steps to protect their cardholders. We are also working with law enforcement.

We are committed to maintaining the security of any and all personal information in our system and are taking this matter seriously. We have implemented additional security measures in order to prevent an event like this from occurring in the future.

We will provide support via this forum thread, but for any individual concerns please don’t hesitate to email us at [email protected] or call us at ( 888 ) 599-8998, option 2.

[reeneebob]

As someone who multiple fraudulent transactions attempted a short time after a CB order on the card I used (for the first time in over a year ), I appreciate the follow up.

[eddy_berry]

Since I can't reply to the other thread, Thank you for the follow up. I read that thread a while back and checked my CC balance for discrepancies. There was nothing. On Friday my CC company told me my card was compromised. The last thing I used my card for a purchase was my Otterbox case through the CB store. The only thing I use that credit card for is to pay my cell phone bill and Netflix. Those are charged automatically. So the last thing I used it to pay for was the case in June. People may not get hit until a while later.

[Azensun]

Thank you for following up on this issue.

[Astro_Man]

Anyone get his email yet? I haven't. The other topic is closed, so everyone who experienced the fraud please report here for accountability reasons, so we can see if anyone actually got contacted.

[reeneebob]

Anyone get his email yet? I haven't. The other topic is closed, so everyone who experienced the fraud please report here for accountability reasons, so we can see if anyone actually got contacted.

Not me.

[Store Team]

Anyone get his email yet? I haven't. The other topic is closed, so everyone who experienced the fraud please report here for accountability reasons, so we can see if anyone actually got contacted.

Affected US customers will receive a physical letter as per most state regulations. Those letters were printed on Tuesday and dropped off to USPS on Wednesday. International customers will receive the emails on Friday, to align up with the estimated delivery of the physical letters.

[drrobert_Taco]

Does this apply to payments through the Canadian side of shopcrackberry as well?

[Store Team]

Does this apply to payments through the Canadian side of shopcrackberry as well?

Yes as both stores use a shared billing system.

[steph.iosso]

I didn't receive an email. My card info was stolen, and was used to buy season passes to Canada's Wonderland for $300! I am now battling MasterCard to have the charge reversed, as it is not mine! Last purchase was a battery from the crackberry store. Very disappointed, won't be shopping here anymore.

[Store Team]

I didn't receive an email. My card info was stolen, and was used to buy season passes to Canada's Wonderland for $300! I am now battling MasterCard to have the charge reversed, as it is not mine! Last purchase was a battery from the crackberry store. Very disappointed, won't be shopping here anymore.

The letters have been mailed already and the emails are scheduled to be sent out today. Those receiving emails will get it within the next few hours. If you have any questions, please feel free to contact our Support Team at 888-599-8998.

Thank you,
Smartphone Experts Store Team

[saabaero]

I received the email a few minutes ago. ca.crackberry.com is on the list.
Koodos to at least admitting it happened.

SBA

[fpanther88]

Does this apply to payments through the Canadian side of shopcrackberry as well?

Oh yes it does - see below (looks like they got everyone's CC info):

August 9, 2013

Dear :

You are receiving this letter because you have made a purchase on one of the following three websites: www.blueshop.ca; ca.crackberry.com; or ca.shopandroid.com. These websites are jointly operated by Tibo Distribution Inc. (TDI) and Smartphone Experts (SPE). We recognize the importance of the privacy and confidentiality of the personal information provided to us by our customers and we have always been committed to protecting this information. Regrettably, we are writing to inform you of an incident with the American partner, Smartphone Experts (SPE), that has exposed some of your information to unlawful access by a third party.

On July 12, 2013, SPE suspected that a very sophisticated foreign hacker had gained access to their order billing system. SPE immediately took steps to verify if we had been victimized and hired a forensic investigator. The hacker had used tactics to specifically mask their actions that made discovering the fraud difficult. Nonetheless, once discovered, SPE immediately took the necessary steps to stop the fraudsters and also notified law enforcement, including the American Secret Service; however, the information collected through payments completed on our websites between April 25, 2012 and July 12, 2013 may have been accessed by the fraudsters.

This incident does not affect customers who made payments by credit card through our PayPal Express Checkout.

Although credit card information is encrypted when it is stored in the SPE system, the investigation revealed that the hacker may have had the technical ability to use a decryption feature of the system to view the name, address, credit card account number, CVV code, and the card’s expiration date associated with orders in the system. We are working with credit card companies to protect the cardholders that may have been affected.

Out of an abundance of caution, we are notifying you of the incident so you can take steps to protect your card from any attempted misuse. We recommend that you remain vigilant to the possibility of unauthorized charges on your card by reviewing your account statements. You should immediately report any unauthorized charges on your card to your financial institution because the major credit card companies have rules that typically guarantee cardholders will not be responsible for fraudulent charges.

We want to assure you that we are committed to maintaining the security of your personal information and are taking this matter seriously. SPE immediately undertook measures to prevent any further unauthorized access and engaged a leading data security firm to complete an investigation. In addition, SPE has implemented additional technical safeguards and has conducted a comprehensive internal review of their practices and procedures in order to prevent an incident like this from occurring in the future.

If you have questions or concerns regarding this matter, please do not hesitate to contact us at +1-877-218-0049, Monday through Friday, 9:00 a.m. to 7:00 p.m. Eastern Time. (Closed on U.S. observed holidays.) Please be prepared to provide the following ten digit reference number when calling: *REDACTED*

Sincerely,

Diana Kingree
Senior Vice President, Commerce

[BlueRocks]

I just got the email as well. Shopcrackberry in Canada !

Posted via CB10

[wushuguy]

Got my email. Went over my recent history and found nothing out of the ordinary. Hope that using PayPal made a big difference in protecting my information. Will keep monitoring it for a while to make sure nothing fraudulent comes out of it.

Have to say...this information is pretty troubling to me. I would have assumed using these methods and buying from such a big corporation makes it slightly more trustworthy.

[Cesare21]

Shouldn't this go up as a sticky?

[fpanther88]

The site owners probably don't want to bring attention to it - that's why they minimized it by calling it an "incident"

[jayemmbee]

I got this email like 5 mins ago, I don't know if any money was used though, it just said I was compromised

Posted via CB10

[jayemmbee]

OK I'm good nothing out of the ordinary. Although the acronyms for certain companies are confusing. I had to Google them.

I'll still shop here but PayPal all the way after this
Cuz the email said it wasn't affected

Posted via CB10

[r4wb]

I received an email today as well. Decided to check my cc activity and lo and behold there were multiply fraudulent transactions. Called the cc company and an investigation is under way.

Posted via CB10

[wayoung]

Storeteam:

In the past I have been very pleased with the customer service from shop crackberry however your handling of this matter has me very disappointed and angry. Ignoring the fact that you took a month to post an announcement regarding this hack, you did so in a barely visible message forum in an unsticked thread, with no mention on the main pages of these websites yet you still advertise your daily deals on the main pages as news. In addition, the threads posted in the news forums (the forums people can actually see and are about NEWS, which this incident clearly is) are moved into this hidden forum.

I do not hold your being hacked against you. I do hold this attempt to seemingly mitigate the knowledge of the hack against you.

[Astro_Man]

The site owners probably don't want to bring attention to it - that's why they minimized it by calling it an "incident"

Not to worry, we users will bump it. Also, to the poster who copied and pasted the letter, thanks. But you should probably redact the ten digit number near the end; it's probably specific to your account.

[wayoung]

Update: Storeteam has replied to my other thread saying it will be moved back to the news forum. Thank you for that.

EDIT:. HAHA, except they also closed it and there is still no sticky post so it will drop off that forum soon too.

[127.0.0.1]

two unauthorized transactions on mine as well. CC company said charges will be reversed in 2-3 business days and a new card w/ new number on its way.

[trsbbs]

Notice how fast they bury this in the forums compared to other concerning posts.

Both thus and the virus problem are moved ASAP to an obscure forum.

Too bad. It does not speak well of CB and it's operators.

I know longer visit CB via any PC due to the virus issues. I use CB10 instead. The company I work for (a large financial data service) has blacklisted CB.

Side note: anyone heard from Kevin lately?

Verizon Z10. Running 10.1.0.4651. Posted via CB10