Hacker News new | comments | ask | show | jobs | submit login
Woothemes.com Credit Card Leak
57 points by GiantTitan on May 8, 2014 | hide | past | web | favorite | 9 comments
WooThemes.com -- 3 days ago there was a leak of credit card data, and they didn't tell anyone. I've had over 10k in charges on the two cards I have on file with them. They haven't told their customers to warn them. This news needs to be made public so people can protect themselves and I just want to prevent this from happening to anyone else.

Here was my correspondence with support.

Thomas * May 08 18:54 Two credit cards that I have used on your system has ended up with credit card fraud. One card was only used on this website. It was a brand new card. I have read online that your checkout is not secure. You have cost my business thousands of dollars and time I can never recover. I will be reporting your company to the credit companies for further investigation.

Hi Thomas, I'm very sorry to hear that your card has been used fraudulently! We have had a few reports today of similar issues from other customers. You should contact your CC company and cancel the cards and report the fraudulent transactions if you haven't already done so. The common practice is that they will not charge you for the fraudulent transactions, and issue you a new card. We take this very seriously and we are investigating this with our hosting provider and security experts, along with our current payment gateway. We will let you know once we have more information on this issue. Sorry for the inconvenience! Regards, Magnus Jepson Co-Founder

The scammers who used my credit card information decided to book hotel rooms in Paris under their real names and use their personal email addresses. The hotel was nice enough to disclosed the booking information to me. facebook/ajibola.moshood.10 facebook/ademosu.akintundemoses

Hi Thomas (and all affected WooThemes customers). We are really sorry about this inconvenience. We are trying everything we can to get to the bottom of this as fast as humanly possible.

We have an official statement on our blog on this matter - http://www.woothemes.com/2014/05/important-info-for-wootheme... that we have also sent out to all our customers.

Mark Forrester (WooThemes Co-Founder)

File a charge back with your credit card provider / bank. It should be common knowledge to all credit card holders but, I have found that many people don't know about it.

You can file a charge back against any item on your statement. The bank will immediately return the money to you. No questions asked. They will then go back to the merchant to reclaim the money.

The merchant must then prove that the charges on your credit card were legitimate. The merchant does this by sending the bank any documents they have. The bank will send these back to you asking you to verify. If you verify that it is a legitimate transaction, you pay for it. Otherwise, you can continue with your dispute and will walk away with all your money back. The merchant will have to pay the bank back plus a penalty ($15-30).

I use my credit card more than any other payment method because I know that I can file a charge back on anything on my statement that I don't recognize.

Here's a rundown of the whole thing, including some discussion with and a response from WooThemes: http://www.poststat.us/woothemes-investigating-alleged-websi...

Same here. I have a business debit card (bad idea, I know) that I wasn't actually able to complete a purchase with due to Woo being a UK company. That didn't stop the card number theft, though, I had over $3k of fraudulent charges before the bank shut the card down. Spent all morning filling out dispute forms. Good news is I shouldn't be liable for any of it. Charges were from all over the US.

Bad news for Woo, issues like this cost a LOT of money to resolve. They better own up to it soon, this will be a major blow to their reputation if they don't.

I just received 2 fraudulent charges on the 12th.

These guys claimed they emailed their customers on the 9th:

I didn't receive that email. Wish they could have done more.

As far as the charges. These days it's easy enough to file a claim, a chargeback, and have your money credited back to your account.

Yup, this also explains why my new (2 month old) credit card was compromised. My bank already flagged the transactions as suspicious and I even have my replacement card waiting for pickup. My purchase was made over 10 days ago, how freaking long has this been going on for?

This explains why I had a fraudulent charge about 3 days ago...

so you're trying to say that you didn't care about it for 3 whole days, awesome!

Look like their payment gateway has terminated or suspended their account and they now only accept PayPal.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact