FYI- Nitro gear website breached Aug 2

Got this email from Nitro gears about website being breached on Aug 2:


"Recent Nitro Gear Malware Attack



Date: August 8, 2023

To our valued Nitro Gear customers and community,

We deeply regret to inform you that our website experienced a security incident on Wednesday, August 2nd, in which malware was detected. We take this situation seriously and want to provide you with the information and guidance you need.

What Happened: On the evening of August 2nd, our security team identified malicious software on our platform that may have compromised the security of customer credit card information entered into our website. Immediate steps were taken to isolate and eliminate the threat.

Who Is Affected: Customers who entered credit card information on our website between August 2nd and the time of the malware's removal could potentially have their data at risk. However, for our existing customers who had previously saved their details with us, please be assured there is no active data breach related to this incident.

Our Response: Our team is diligently working to investigate the matter fully and to rectify the situation. We are also collaborating with leading cyber-security experts to ensure that such incidents do not recur.

We’ve also received information that some orders information may be impacted including shipping addresses. We are reviewing all orders from the date the attack started and will be contacting individual customers to confirm billing and shipping addresses to insure properly delivery of products.

Upcoming Security Enhancements: To enhance the security and trustworthiness of our platform, we are exploring new opportunities to strengthen our payment processing. This includes the integration of a new 3rd party checkout system, renowned for its robust security measures, ensuring that our customer's information is safeguarded with the utmost priority.

What You Can Do: We recommend customers who entered credit card details during the aforementioned period to monitor their credit card statements closely for any unauthorized charges. If you notice any suspicious activity, please contact your credit card company immediately.

A Commitment to Transparency: We sincerely apologize for any stress or inconvenience this incident may have caused. The trust you place in us is paramount, and we are committed to upholding that trust. We pledge to keep you informed as our investigation continues and will share updates on the measures we are taking.

We truly value your continued support and patience during this time.



-Your Nitro Gear Team"

 

This stuff is becoming quite common lately.

 

It's been common for years. It's just that now there are laws on disclosing the compromise, so companies are being more "transparent" when it happens.

 

True.

 

My CC info was taken from Nitro and used to make a couple of $400 purchases. Nitro was the only purchase I made with that card in several weeks so they were definitely compromised. My purchase was made 7/20/23 and all of the fraudulent purchases made 8/1/23. That’s what I get for getting suckered in to buying discounted 4.88’s…

 

I was wondering if it was related to the flash sale

 

Odd timing, for sure...

 

Did you end up getting the gears? Or only pain?

 

Surprisingly, yes. Well, I got a heavy box from them at least. Guess I better double check…