nick
AGA Bounty
Posts: 555
|
Post by nick on Apr 9, 2019 21:38:15 GMT -5
I didn’t envision a day where my actual job and my favorite hobby would overlap, but apparently today is that day. AeroGrow has mailed letters to customers informing them that their website was hacked between October of 2018 and March of 2019. Payment card information stored and used on the AeroGarden.com website was stolen by the attackers during this time. If you have a credit card stored on their website or if you purchased anything during that time I *HIGHLY* recommend calling your credit card company and reporting the card as stolen. It’s a huge pain in the rear, but better than dealing with fraudulent charges after the fact. More info here: securityaffairs.co/wordpress/83522/data-breach/aerogrow-payment-card-breach.html |
|
Shawn
Administrator
Posts: 16,265 
|
Post by Shawn on Apr 10, 2019 5:21:00 GMT -5
Thanks nick . I appreciate you posting this to alert our members!
I have my new ones arriving today as I called when I saw this at midnight. While some, many or even all of us may not be affected, we do not want to chance it happening so again Thank You!
|
|
|
|
Post by serri588 on Apr 10, 2019 7:32:15 GMT -5
Oops. No. 1 reason why working in tech is sometimes terrifying- knowing that this kind of thing is fairly easy to do because companies don't invest in proper security.
|
|
Shawn
Administrator
Posts: 16,265
|
Post by Shawn on Apr 10, 2019 8:24:05 GMT -5
Oops. No. 1 reason why working in tech is sometimes terrifying- knowing that this kind of thing is fairly easy to do because companies don't invest in proper security.
My husband is a SVP for a Telecom and I know their company is always updating and installing new things to prevent any of this from happening to their systems and their clients.
|
|
|
|
Post by Deleted on Apr 10, 2019 10:06:05 GMT -5
Thanks for the heads-up, nick. I did make purchases during that time period but have ordered a new card. No fraudulent purchases, but playing it safe. Thanks.
|
|
Shawn
Administrator
Posts: 16,265
|
Post by Shawn on Apr 10, 2019 12:27:07 GMT -5
I did call AG and they gave me a number to call. I did that and asked how do we know if we are affected. While they can not give you that info on the phone, affected customers will get a letter in the mail. They were mailed on the 4th or 5th. Letters should arrive but the 15th. I had already requested new cards before I made the call but wanted to get into the our members. I had this typed out early this morning but forgot to hit send  |
|
ruth
AGA Sprout
Posts: 32
|
Post by ruth on Apr 10, 2019 16:23:09 GMT -5
Thank you for the info! I will remove my card from there now.
|
|
|
|
Post by nightowl on Apr 11, 2019 0:35:17 GMT -5
I had 2 cards stolen last month. I knew it was them because one had only been used there. PITA.  |
|
Shawn
Administrator
Posts: 16,265
|
Post by Shawn on Apr 11, 2019 3:41:21 GMT -5
Unfortunately in this day and age and as time goes on it's only going to get worse.
while we should not have to deal with these types of things, we will just need to be vigilant in keeping track of things.
Yes we get very upset with the vendors we purchase from but we really need to be more ticked off at the hackers and predators doing this. But again the vendors need to be very vigilant in securing their systems as well.
|
|
nick
AGA Bounty
Posts: 555
|
Post by nick on Apr 11, 2019 9:54:39 GMT -5
Yeah, there's plenty of blame to go around. A lot of companies aren't doing due diligence when it comes to information security, but I can tell you that even at the ones that are, it's more of a question of when than if. At this point the work is more about minimizing the damage and making sure you'll know ASAP when it happens.
However, I'd put the largest amount of blame on the Payment Card Industry. Visa, MasterCard, Discover and American Express are almost entirely responsible for these problems. Credit cards are inherently insecure by design. There are far better ways to move money around these days, but they don't want to change because it'll threaten their massive revenue stream. Chips on cards could have been better, but when they opted not to do require PINs on chip cards in the U.S. they really cut the security in a big way.
The best systems out there right now are Apple Pay and Google Pay. The way they're doing tokenized transactions is a far better model than just handing out credit cards. I encourage everyone to use them when they're an option.
Sorry for the rant. Information security is my day job and credit cards are one of my biggest gripes.
|
|
|
|
Post by cheddachasa on Apr 11, 2019 11:54:00 GMT -5
Haven’t received a letter yet but I did make a purchase in January and the same card was used in an attempted fraudulent transaction. I don’t use the card that much and was worried that I had a keylogger installed on my work computer as we had some email breaches.
|
|
|
|
Post by fizzle1979 on Apr 12, 2019 5:01:32 GMT -5
I got my letter yesterday. They are offering credit monitoring for a year from Experian I think. I had fraud on a card this year but can’t remember if it was the card I used with AG or not.  |
|
Shawn
Administrator
Posts: 16,265
|
Post by Shawn on Apr 12, 2019 5:45:35 GMT -5
I forgot to mention that when I spoke to AG the other day I did ask that they consider having a payment option of using PayPal or the like so that no credit card info is directly given to them.
I think I will also email my contact in the executive branch. I would not normally but under this circumstance I will.
So far no letter here but that is mute as my new cards arrived yesterday.
|
|
|
|
Post by serri588 on Apr 12, 2019 6:30:46 GMT -5
Ironically I was such a disorganized mess last year that many of my cards were replaced twice. I lost my wallet for I think 3 months at one point- it was in the side pocket of my purse.
|
|
Shawn
Administrator
Posts: 16,265
|
Post by Shawn on Apr 12, 2019 8:43:02 GMT -5
Well it appears I will be receiving my letter today. However thankfully there have been NO fraudulent charges made. As I posted earlier, I no long need to worry about the card used as it was closed and I received a new card.
|
|
|
|
Post by raynebc on Apr 12, 2019 12:37:59 GMT -5
I've ordered from AeroGrow a couple times during the affected period, and I did have to cancel my debit card and get a new one after there was a fraudulent charge attempt recently. This is the only applicable vendor that I use that reported a breach recently so it's the most likely culprit. Luckily, I'd put security controls on it that prevented the charge from succeeding so I didn't have to deal with having my bank reverse the charge or anything. When I placed my orders, I wanted to use the Amazon Pay option instead of supplying my debit card number, but the former option was not working on their website so I didn't have any better options. I do hope they fix their payment mechanisms or offer Paypal because this is why I don't like to expose my card number.
|
|
kinik
AGA Sprout
Posts: 11
|
Post by kinik on Apr 13, 2019 16:49:50 GMT -5
I’ve had 2 cards stolen on 3 separate occasions since December. Until I found out about this breech, I’ve been wracking my brain trying to figure out how someone was getting my card information! Each time the fraudulent activity was also accompanied by phone calls phishing for additional credit card information, posing as my credit card company.
|
|
