CRC security issues?

Paypal payment seems to have been safe for me

My other card was pwned by the chavscum fraudsters just a couple of weeks ago. It was a new replacement card (same no., new 3digit code). Had *only* been used to book 1 hotel, and make 1 payment thru Paypal. In my eyes, that’s a 50% chance that it was pwned c/o Paypal 😉

The card I used for CRC has no unexpected transactions, but there is a discrepancy of £259.49 between credit limit and available credit, after accounting for purchases and amount to pay from last statement. Watch this space… (I’ll be watching the online card thingy at least daily).

CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC…… Too many people visiting dodgy sites…

drldan – Member
CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC…… Too many people visiting dodgy sites…

Right, so everybody who’s CC’s been blagged has an infected computer?

Pass the joint around, sounds like you’ve had one drag too many… 😯

drldan – so you join and your first post is defending CRC?

Do you work for them or have a financial interest in them not lsoign customers from this issue?

I can’t believe that you think all of the above cases of fraud are coincidence or bad practice with peoples home pc’s [not to mention the number of people sat behind corporate firewalls buying stuff].

Given them amoutn people on here buy from CRC there woudl be continuous allegations of this sort if it was individuals pc’s being hacked at this rate.

Sorry, it’s just not credible that so many people are having so many similar cases of fraud against them when the only known common factor is shopping at CRC.

Too many people visiting dodgy sites…

Obviously…

Too many people visiting dodgy sites….

Like Wiggle, Rutland Cycles, Evans… 😉

Did anybody bring some food along for the troll tonight?

well, he’s given his real name and location in his profile so it shouldn’t be too difficult to find out where he works 😉

Nobody would be *that* stupid to put northen Ireland would they? Oh, wait…

Does looking at bike porn count as dodgy? Hurrah we have a link, it’s not CRC after all were just all dirty w…… 🙄

CRC know there is no hole in their security but am sure they look into all these things regardless. The biggest security hole is the PC used to order. Servers have dedicated firewalls, secured networks, teams of IT people looking after them knowing what they are going etc. PCs have people using computers with no knowledge of security, surfing round the net and downloading stuff. All speculation, but if its anything related to the net, its by far most likely an issue with peoples PC…… Too many people visiting dodgy sites…

Hhhmmm really?

It’s incredible as we sit here now to realise that 10 years ago, ChainReactionCycles.com didn’t exist. “Some of our rivals had started to get websites but most were difficult to use and did not seem up to the job.” says Michael. We joined forces with bothers Simon and Daniel Loughlin, some friends from the race scene who were starting out on a project to build an ecommerce platform

Taken from here

Co incidence?

Oh dear 🙄

I just found that ziggy, unblievable.

Daniel – I think you need to be aware that there is no such thing as ‘knowing’ your site is secure – only believing. In CRC’s case it’s obvious someone/group has gained access to site traffic and been able to extract card details from your data stream.

Coming on here with a lame insinuation that it’s all down to the peopel shopping being hacked just throws any credibility CRC has out the window.

Are you speaking officially for CRC on this occasion?

what percentage of the people who have had issues with CRC have also used STW? Maybe there is a correlation there.

it’s possible Quirrel but there are MAc users who’ve had problems and there isn’t a similar ‘I’ve got a virus’ string of complaints from people who’s cards have been done over?

its by far most likely an issue with peoples PC

And the Mac users?

EDIT – Yeah as above ^

The more I think about drldan’s post the more angry I get – if his view is really an indication of what CRC are thinking about this issue – that there is no chance it’s them – then it’s probably also true that they are doing nothing beyond ‘the norm’ to either identify or shut down any possible security issues.

It really beggars belief that they think they can put their heads in the sand and hope it goes away – they’ll just end up getting kicked in the arse.

wwaswas, I have been thinking exactly the same. I sincerely hope this isn’t a case of buck passing.

Didn’t stw get hacked and taken off the web a while back? Would think that every site is susceptable to hackers, though CRC do seem to be burying their heads in the sand (that said 2 friends of mine have bought recently with no problems from CRC)…the plot thickens.

sorry, that should be susceptible

Was going to order something earlier but not after seeing this thread, quick google reveals mtb, roadie and bmx forums all independently posting the same concerns, little bit too widespread to be chance I suspect.

Sorry, but I really can’t believe that the real Daniel Loughlin would come on here, write that post AND leave those details in his profile.

I think someone is pulling STWs collective leg.

Should be easy enough for the Mods to find out though – if they can be arsed.

Daniel’s post above is incredible… “I made it, therefore it is not the problem, therefore it must be your fault.” FO. Edited to add unless the conspiracy theorists (meant in the most positive way) prove correct, of course!

I’ve just been building up a nice wishlist at CRC too… ah well.

Echo what druidh says though did seem all too easy, I would have a thought a web guru would know better..maybe it’s somone from Wiggle kicking a wounded animal when down 😆

If that is really from Daniel Loughlin then he’s an idiot. Less than a minutes googling reveals who he is and what interest he has. Surely someone actually working in the field wouldn’t be that silly??

Didn’t stw get hacked and taken off the web a while back?

Yup, STW got pwnd. LOL

Just got done – 02 prepay and vodafone – £50 in total. Also used CRC in the last two weeks. Clearly not a coincidence.

‘Dan’ appears to have edited his public info to remove his surname in the last ten minutes, I had assumed it was a troll up until that point, oh dear.

Didn’t stw get hacked and taken off the web a while back?

evilzone[/url] are back up and running. Those names look familiar as well.

My memory bad – wwas below has it. Also, sorry for contributing to hijack.

stw was hacked by a scriptkiddy – not sure ‘evil zone’ was ever involved other than as collateral damage when some of the mroe technical stw members took it down in revenge.

‘funniest’ bit of the whole situation was when the evilzone moderators had to start posting on a cobbled together stw site as their’s was in pieces.

only positive thing to come out of it, from my perspective, was I got my name in the magazine…

Hmmm… This thread could be going AWOL soon.

What a complete T”””””R!!!

I got my card cloned. It was the only transaction on it. And was told by some rude women on CRC on the phone my internet security on my home PC was the reason i’d had my details obtained by a 3rd party.

When i advised i only use a PC from a multinational organisation with a multi million pound IT infastructure she ran out of things to say.

I would not even be annoyed about my card been cloned. The only thing that has annoyed me is her attitude towards me. It was plain rude. And now this arse treating his client base like monkeys.

CRC never getting a dime off me again,,,

I HOPE THEY FLOOD AGAIN!!

All this trouble with credit card fraud doesn’t help when Chain Reaction send out your items with somebody else’s invoice showing all their particulars!
I had to phone them direct today and tell them of the problem and explain that someone else has probably received their item with my invoice showing my particulars!
They apologised for the problem and blamed the warehouse staff, but that doesn’t really help us all! 🙁

Hi Folks

We do not condone or support any attempt to influence the cycle community in any underhand way and we hope to give you as much honest, clear and accurate information as we can.

As our earlier statement says, we are taking this matter very seriously.

While we are confident that our systems are robust, we are taking nothing for granted and we have engaged with industry leading experts to fully investigate.

We will post updates as soon as we have more factual information.

We appreciate your understanding and support while we continue to investigate this issue.

Michael Cowan
CRC Senior Management

I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago…apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn’t matter firewalls you have then

Twodogs – Member
I went to a talk by someone from SOCO (Serious Organised Crime something) a while ago…apparently, the majority of incidents like this are caused not by criminals intercepting site traffic, but simply by them buying the details from a disgruntled, or underpaid, or greedy employee who has access to that kind of stuff. doesn’t matter firewalls you have then

Or a hacker gets contracted to do the dirty work. As I said in a previous post, don’t assume their website was the entry point.

I’m coming in to this thread late, but had a letter from nationwide today. Called them up and someone has tried to spend £1 at an apple store. I used CRC Tuesday. ummm. Cancelled my card and luckily no money had been taken.

Lady at Nationwide said that CRC was the suspicious transaction. I think they know about a security breach… ? Perhaps.

Michael @ CRC

You have my sympathies at the position you as a company find yourselves in and I understand your stance but it has got to the point where people are starting to make their own conclusions. Above all I imagine that a lot of potential customers are not using your website until this matter is resolved.

The comments of drldan (AKA Daniel Loughlin before he changed his profile) are particularly unhelpful as he seems to be implying that all of the customers who have been victims of this fraud only have themselves to blame.

I hope you get to the bottom of this ‘breach’ and can issue a statement to set our minds at rest so that we can continue to spend money on shiny new bike bits.

It’s **** things up big time for me. Missed card payments to the likes of Sky due to card being cancelled. I’d rather pay with sheets at my LBS than risk this shite again just to save a few quid.

Then to top it off I never made the link with CRC so shopped with them again when my new card came, so I’m going to have to cancel that one to be safe FFS !!!

And then some wisecrack blames the integrity of my firewall / antivirus !

Sadly this is all too common these days. I reckon that people will eventually go back to cash shopping and ride penny farthings with handlebar moustaches 🙂

I used the £10 chain reactions voucher last week and have been stung for £3.5k at John Lewis. I used my credit card….seems like using paypal would have saved me the aggrevation.

£3.5k

😯 😯 😯 😯

The scammers must have clocked up £10,000 by now?