Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information.
Vincent Lim, monoprice.com’s operations manager, said the company took the site offline around midnight on Friday, Mar. 5, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their cards that they had used on monoprice.com.
“A few of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused,” Lim said. “We promptly began an investigation with the help of expert computer forensic investigators to determine if any card data had been stolen from our computers.”
To date, he said, investigators have found no evidence that card information has been stolen from Monoprice’s computer network. The site is now allowing customers to browse products, but Monoprice won’t be taking any new orders until the investigation is completed, Lim said.
“We want to ensure that there is no security vulnerability in any part of our computer network system. We notified local and federal law enforcement agencies, our credit card processing business partners, and all credit card companies that some of our customers reported concerns regarding their card information to us,” the company said in a statement that now frames the top of its Web site. “We also advised these entities that we are working with outside security specialists to determine if there was breach of our computer system. We will post additional information when it is available.”
Monoprice’s corporate page on Facebook.com features a number of interesting comments from customers, some of whom attributed recent fraudulent charges to the incident, while others are praising the company for being so forthcoming and providing continuous updates via Facebook.
Let’s hope that Monoprice is able to recover from this. They provide great products at unrivaled prices. Customers can get fraudulent charges reversed, but Monoprice cannot get back days (or weeks) of not being able to take orders.
That’s mightly awesome of them. I don’t think I’ve seen a company do that before.
Which part is mightly awesome, the part where their servers were not secure or the part where I get free service that I shouldn’t need to protect my identity now? I still have to worry about it forever. The free service expires after 1 year. BS.
I just read on Facebook that Monoprice uses PayPal for their payment processor. If no compromise has been found on Monoprice’s servers, perhaps it’s a compromise at PayPal. At least one person now has reported fraudulent charges after using PayPal at Monoprice.
Their customer service is fraudulent. They shipped me a bracket without any hardware. Customer Service has been unresponsive. I am filing a dispute now.
I could tell their website security was very poor years ago based on one thing: they do not encrypt user passwords. If you request a password reset, they just email you your password back. That is very, very bad security. I emailed them about it over a year ago and got a typical canned response “we take security seriously and looking into it” blah blah.
Checked the password recovery feature again a few weeks ago and still returns the original password. If they can’t get the basic stuff right I’m not surprised if their whole system was compromised.
I love their products and their prices, but stopped recommending them to friends and family after that. Hopefully they’ll learn something about this thing called security.
I ordered some cables from Monoprice at the end of Feb. and a few days later my card was disabled for fraudulent activity. There were a couple of iTunes downloads I did not make, obviously to test the validity of the card. Coincidence? Fortunately, my bank caught it, although it was an inconvenience to wait for the new card.
Same thing happened to me. Ordered cables from monoprice in February, fraud charges for iTunes show up on my CC on 3/9/10 which the CC company detected.
Me too. I had 3 fraudulent Itunes charges and 4 separate charges for WoW. I had bought some Wii accessories last month from Monoprice. Thanks for the news on this.
ME TOO. Made a purchase on 2/24, then bogus charges started showing up on 3/9. One for Microsoft TechNet for 382 bucks, another to megaupload for 199.99. LAME. That’s a chunk of change. Who knows how long it will take to get reimbursed.
Co-worker had his CC with unauthorized charges, but did NOT use paypal to pay when he made his purchase from Monoprice…
Co-worker has not let me forget (jokingly) the fact I was the one who recommended the site to him…
I to had fraudulent charges on my cc, but I do not know if it was because of what happened at monoprice, my charges were caught by my cc fraud department and I was able to take care of it, I’m just waiting t access my account with them in order to review a canceled order.
Looks like I made a good choice to use Google Checkout when I made my purchase from these guys. I’ll warn the co-worker that I raved about them to that subsequently ordered from them.
I am wondering why more news outlets aren’t reporting anything on this issue?
I shop here all the time…..sometimes i do will call and i have NEVER had any problems. I buy fom them agian. I have and will continue to recommned them to all my friends. As big as they are and with only a hand full of complaints i think they are being beat up for no reason. This issue probably effects .01 % of the total customers they have. I think they are being great corproate citizens for coming forward with the problem and do not have anything to hide. I think they will learn from this and come back a stronger company. A lot of other companies in this boat would just hide the problem…..but not Monoprice. Thats speak alot about their upper management.
Thanks Monoprice …see you soon….
How could you say this probably only effects .01% of their customers? If someone stole their CC# database then it actually effects 100% of their customers. No less.
I just recently began to see bogus chargers this weekend. I advice anybody who’s ever bought anything from monoprice to cancel their cards.
Whether or not you buy from monoprice again is up to you. I sure as hell am not.
Can these be traced back to a certain date? If they only go back so far, I’m wondering if it’s the result of a trojan on their web servers which skims the details live.
Only asking because I’ve purchased stuff from them two years back and I’ve never had any fraudulent charges.
Just this week my CC was re-issued due to fraudulent activity. They would not provide details regarding the fraud so there’s no way for me to know where the card was stolen.
The last time I used monoprice was September of 2008.
I hope they survive this episode because their prices are phenomonal.
25+ years of purchasing onlines, never had a problem with fraud charges until I made couple of purchases on Monoprice last month. Though fraud charges were minimal, my CC company did great job alerting me. It was hassle having to change CC, but rather be safe than sorry.
BTW: Paypal is more than just “paypal”, they’re the top Payment processor for ALL credit cards electronically. They bought Verisign’s credit card processing a few years back. Therefore this could be a paypal issue, even if you thought you weren’t “using paypal”. Paypal works via an SSL stream to it’s servers… DNS poisoning along with a Man-in-the-middle type attack between website and Paypal could be what’s going on here…
Placed my first order ever with Monoprice on 3/3 with a card I’ve had for 12 years – discovered fraudulent charges on that card made just today 3/16 when checking my account online. Since I’d heard about this potential issue in the meantime, immediately cancelled the card to get it reissued.
Thief tried to use my card today (3/16) with my father’s name and address. Monoprice was the only place I use my card in early December and had the cables shipped to my father’s house.
Monoprice = good cables, great prices, BAD security
Wow,
Lots of reports all on this one tiny blog.
Looks like I have been fortunate as I have tried to order a cable and some wall plates for over a month and a half. One or the other item has been out of stock every time I tried to place the order. I wasn’t about to pay for shipping twice, so I waited for the auto-notification on the out-of-stock item, only to find out that the other itme is now out-of stock. This happened three times in the last month and a half.
I guess I will wait for this mess to be investigated before I place that order.
Sorry, Monoprice. Clean up your act, and I will continue to be a loyal customer.
I purchased from Monoprice late Feb. and was recently notified about 37 unauthorized transactions from March 15th to 18th to Blizzard.com. After contacting Blizzard’s Support Dept. I was notified that not only was a CC/Debit card number required to create/extend an account, but the security code and a valid zip code as well.
If anyone needs a World of Warcraft account, I’m certainly the one to contact.
Interestedly Monoprice had not contacted me to a potential breach. I also noticed that Monoprice has removed their telephone number in the “Contact Us” information. I am attempting to have my account deleted from their sites since more than just my CC information was compromised.
As an alternative to Monoprice you might want to check out our Site PCCABLES.COM online sine 1996. We take security Seriously both Internally and on the Web.
I was notified at the e d of March by my credit card company regarding an iTunes purchase of a dollar…..when the same thing happened Monday they called me to suggest I get a new card. They cancelled the card a d overnighted me a new one.
When I got home from work today there was a letter in my mailbox from monoprice letting me know about compromised security. A bit after the fact, don’t you think? Last time I used monoprice……..late February.
The EXACT thing happened to me! Got a letter from monoprice the same day my CC company canceled my card, kinda odd.
They also are letting me have a 1 year IDTheftSmart service, but not sure if i should yet?
My credit card/DEBIT card got hit as well. All kind of unauthorized purchases were showing up on my online statement. The weird thing though is, some of them got removed and didn’t get charged (posted). But one stayed there and posted for around 165.00.
Sucks cuz I had or have been without a credit/ATM card, so I have to get money from bank often.
The letter I received says the breach window was for purchases between Feb 23-Mar 5, 2010. I just happen to have fallen into it. The notification letter from Monoprice didn’t get to me until the week of April 12. I’ve cancelled my credit card and have not had any illegal charges. Still, this is garbage. Cheap cables are available elsewhere. I’ll take my chances with other cable companies and I will contact Monoprice and ask them to cancel my account and delete my info. I have NO faith in that happening correctly.
People need to stop bitching. This company has been and is reputable. Hackers will attempt and sometimes succeed at getting your information on any website you use. Monoprice has been transparent about everything going on and has FIXED the issue at hand. If you want to purchase items 20 times the price at your local Wal-M or Best-B, then by all means go ahead. I love this website and EVERY SINGLE item is of the highest quality and BEST price anywhere. This is the I N T E R N E T folks, your information is N E V E R 100% safe. You probably have a trojan on your computer right now and you don’t even know it.
-Love, Peace, and, Chicken Grease!
i recieved multiple charges after getting the letter from mono price. only days after i got 4 charges from ireland. hit me with exchange fees too.
4/19/2010 made purchases at monoprice
5/12/2010 noticed a $59.99 purchase from some video game company which i did not make.
i got reinbursed. whether they went after the kid who stole my number i don’t know. they could have found him very easily..
i had a very good experience from monoprice.com. shipping was a little late but other tham that i got quality cables and other quality stuff that would have costed 100s of dollars otherwise didnt even cost more than 70
Just use temp cc number good for ONLY the exact amt of your purchase. Let them steal that… it is dead anyway.
The 2009 financial reform CARD Act was meant to help safeguard consumers. One provision of the bill is that those that provide credit can’t issue credit unless the applicant can prove that they can repay it. One unintended consequence of these new rules is that stay-at-home parents may lose some financial freedom. I found this here: CARD Act could strip say-at-home partners of financial identity.