Apparently Monoprice.com, a great place to get discount goods to fulfill your geekiness requirements, has gotten into a bit of a fix. Something happened that made people give notice to Monoprice. A ripple in the force I suppose. Some people were wondering about odd charges on their credit cards, and somehow linked it to Monoprice.com. The result is a real-time disclosure of what is going on behind the scenes at the shop.
Posted at the top of the front page is a notice. The original notice read:
3/9/2010 3:00PM PT – A few of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused. We promptly began an investigation with the help of expert computer forensic investigators to determine if any card data had been stolen from our computers.To date, the investigators have found no evidence that card information has been stolen from Monoprice’s computer network. As a precaution to ensure that our customers’ information is not at risk, we have taken our website offline temporarily while we and our investigators complete the audit of our computer network.We want to ensure that there is no security vulnerability in any part of our computer network system. We notified local and federal law enforcement agencies, our credit card processing business partners, and all credit card companies that some of our customers reported concerns regarding their card information to us.We also advised these entities that we are working with outside security specialists to determine if there was breach of our computer system. We will post additional information when it is available. We regret any inconvenience that our investigation and the temporary suspension of the Monoprice website may have caused you. Thank you so much for your great support.
And a subsequent notice on the front page says:
Incident Background: Some of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused.
Our outside investigators have continued to review log files from our Internet-facing servers. They have not found evidence of any successful attempts to penetrate our computer system. Our internal IT staff found some suspicious files on one of our quarantined Web servers while they were reviewing files to build replacement servers.
We have identified the suspicious files to our outside investigators so that they can extract the files from the image of our servers that they made earlier. We asked them to let us know if the suspicious files are significant. We will post more information here about the investigation when we have it.
We are taking steps to re-launch our site early next week. We will not take credit card payments on the site initially but will take payments through PayPal Express and Google Checkout. We will let you know when the site is available. Thank you for your continued support.
For more update, please check our Facebook out.
I don’t like Facebook, but I suppose with its 400 million people, it isn’t bad press even to announce a possible breach of security. It certainly helps to disclose the lengths to which you are pursuing the individuals who might have breached that security though.
Good luck.
UPDATE:
Apparently me wishing Monoprice.com a little luck didn’t work. They have completely shuttered the site as of this evening. That is too bad, I need a couple DisplayPort to HDMI connectors that don’t cost $40. Anyway, here is their current front page:
Incident Background: Some of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused.
Our outside investigators have continued to review log files from our Internet-facing servers. They have not found evidence of any successful attempts to penetrate our computer system. Our internal IT staff found some suspicious files on one of our quarantined Web servers while they were reviewing files to build replacement servers.
We have identified the suspicious files to our outside investigators so that they can extract the files from the image of our servers that they made earlier. We asked them to let us know if the suspicious files are significant. We will post more information here about the investigation when we have it.
We are taking steps to re-launch our site early next week. We will not take credit card payments on the site initially but will take payments through PayPal Express and Google Checkout. We will let you know when the site is available. Thank you for your continued support.
For more update, please check our Facebook out.
It is hard to go back to a company that has been breached. Even though they were upfront about the issue and notified the entire population of the internet as updates were possible. This is probably the reason why people at banks and other companies are so reluctant to disclose when they have a security breach. I know that when it has happened in the past, it has taken years for disclosure to be made, if any is made at all. I’d like to visit the site again, but ouch. This really can hurt a business.