Tuesday, February 21, 2006

StudioPay Confirms it was Hacked! Customer data stolen!

A new email from StudioTraffic's payment processor, StudioPay, reveals that the recent hack that was disputed by members and staff is in fact, true, and it is highly probable that members information was stolen.

Return-Path:
Delivered-To: spamcop-net-xxxxxxx@spamcop.net
Received: (qmail 3116 invoked from network); 21 Feb 2006 18:52:52 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on blade1
X-Spam-Level: ***
X-Spam-Status: hits=3.8 tests=HTML_10_20,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,NO_REAL_NAME,SUB_HELLO version=3.1.0
Received: from unknown (192.168.1.103)
by blade1.cesmail.net with QMQP; 21 Feb 2006 18:52:52 -0000
Received: from unknown (HELO studio.specialservers.com) (147.202.48.27)
by mx53.cesmail.net with SMTP; 21 Feb 2006 18:52:52 -0000
Received: from nobody by studio.specialservers.com with local (Exim 4.52)
id 1FBccx-0006hX-QV
for xxxxxxx@spamcop.net; Tue, 21 Feb 2006 12:52:47 -0600
To: xxxxxxx@spamcop.net
Subject: Hello
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From:service@studiopay.com
Message-Id:
Date: Tue, 21 Feb 2006 12:52:47 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - studio.specialservers.com
X-AntiAbuse: Original Domain - spamcop.net
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - studio.specialservers.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-SpamCop-Checked: 192.168.1.103 147.202.48.27


Dear Member



Security issues have been our priority recently following claims

from an individual that he/she hacked the StudioPay information on some

members accounts.



At this point in time we are investigating this issue and

working closely with authorities worldwide to trace this person.



In the following link you will find some advice about identity theft,

how to discover it, who to contact and also some preventative measures.



http://www.fightidentitytheft.com/identity_theft_learn.html



This information is specific to USA, but any member can enter "identity

theft" into a search engine and get information specific to their

own country.



Until our investigations are complete we feel that we should treat these

allegations seriously. To this end we recommend that you take any

steps you feel necessary to protect yourself.



Our recommendations are:



Report to your local police station the possibility that your

identity information has been compromised. In the event that this

does arise then there will be a record for you to refer to.



Make a report to your credit card company if you used your credit card

statement to verify your account. By doing this your credit card

account will be noted and both you and the credit card company can w

be vigilant and watch for unusual or suspicious transactions.



If you used your bank account statement to verify your account submit a

report to your bank, again this will ensure that your accounts

are noted.



Please follow any advice that your bank or other companies you contact

give you.



At this point in time we are unable to determine how much, if any,

informaton this person has obtained. As stated earlier, we are

working closely with authorities in different countries try and track

this individual.



We are introducing some new security features. You may recall that you

were asked to change your StudioTraffic password recently. The same

security feature, planned for StudioPay, has now been introduced ahead

of schedule and we would ask that all members change their StudioPay

password immediately. You will be prompted to change it every

three months (every 6 months in StudioTraffic). In doing so please

ensure that you use a strong password that cannot be easily worked

out.



Any steps you take now may be of huge importance in the future. The

security and safety of our members is our utmost priority and we

urge you to err on the side of caution and follow our recommendations.



Should any of our members experience fraudulent use of their personal

information into the future please contact us and we will work with

you and the authorities to resolve the situation.



For now we will continue to investigate the situation and should we

be able to pinpoint any members that may be targetted we will

contact those members directly.



Regards



StudioPrograms Admin Team



For those who had validated accounts with StudioPay you will need to do the following:

  • Contact your local bank and let them know that your data might have been compromised.
  • Contact your credit card and let them know the same.
  • Fill out a complaint with the FTC and fill out their ID theft affidavit.
  • Place a fraud alert on your credit reports.
  • Access a free copy of your credit report from AnnualCreditReport.com
I will contact StudioTraffic and StudioPay later to find out more and determine what else needs to be done. If you are like me and faxed in a blank check and your drivers license you might have to go through a lot of trouble to resolve this situation. This is one of the worst offenses committed by StudioTraffic so far and will lead to many complaints and problems. The fact that they took so long to report it is even worse.

Stay tuned...

2 comments:

Anonymous said...

Idiot.

What do you mean this is one of the worst offences by Studiopay????

Obvioulsy your target is broken because you should have it aimed squarely on the hacker that hacked SP.

You naysayers will say anything wont you? Unbelieveable.

pogue said...

StudioPay was hacked and did not report that they were hacked, they denied it for almost a month now. To have a major financial payment processor like that have such lax security policies to allow it to be hacked is absolutely inexcusable. They kept all their members scanned IDs online and provided no protection for their members, now we have to reap the consequences of for their lack of diligence to maintain a proper server.

Secondly I find it very funny you call me a naysayer as I spent most of my time defending and promoting StudioTraffic. However, having my identity stolen is above and beyond anything that is defendable by ST or any of it's members or staff.

Related Posts with Thumbnails

Addthis