Collective2 hacked

Discussion in 'Educational Resources' started by spinn, Dec 30, 2009.

  1. spinn

    spinn

    Apparently collective2 has been hacked and they got all, I mean all of my information. Luckily my credit card has expired but they got everything else.
     
  2. How do you know they got it all?
     
  3. Sure hope brokers have much better
    security...

    -----------------------------------
    Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.

    That e-mail, from Collective2 LLC founder Matthew Klein, stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information.

    In addition, the e-mail went on to state: “We have contacted federal and state law enforcement authorities, who we hope will track down and prosecute the person responsible. More important: we have changed our database security, locked down our servers and altered our website in order to prevent similar attacks. We are also notifying the three credit bureaus — Equifax, Experian and TransUnion — of the breach.”

    Read more on Investment News.

    A notice on collective2.com’s web site at the time of this posting reads:

    Security Notice to Our Customers

    We are sending out emails to all of our customers explaining that a hacking attempt has potentially compromised customers’ personal data. The email you may have received is real, as are these unfortunate circumstances. We believe we have eliminated the security flaw the hacker exploited. If you have an account with us, it is important you change your account password.

    http://www.databreaches.net/?p=9230
     
  4. Thank goodness my credit card account was expired AND was an old account hackers had gotten from another online merchant.
     
  5. lynx

    lynx

    What does Collective2 do that they need to keep your credit card numbers on file? That in itself is bad practice. You're not supposed to keep that information if you don't absolutely have to.
     
  6. They charge you a monthly fee if you subscribe to any systems via their site. Nobody would want to submit their credit card info every month....
     

  7. CC numbers are supposed to be encrypted when store in databases which will make them harder to steal.

    Most sites dont do this.
     
  8. lynx

    lynx

    As it happens I am a responsible for a website that provides billing services so I know a little bit about this topic.

    They don't need to keep the credit card numbers; their gateway will do that for them and facilitate the monthly billing.
     
  9. MGB

    MGB

    It depends on the gateway.