Jump to content

Moss related secuirty leak


Recommended Posts

Hi all

Had a call from Barclays Bank today re. unusual acitivity on my debit card.

Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards.

So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts.

Moss say they are working to resolve the issue.

I thought it best to share this just in case anyone does not access e.mails that often.

Ernest

Link to post
Share on other sites
1 hour ago, Ernest said:

Hi all

Had a call from Barclays Bank today re. unusual acitivity on my debit card.

Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards.

So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts.

Moss say they are working to resolve the issue.

I thought it best to share this just in case anyone does not access e.mails that often.

Ernest

I had similar email from Moss this evening, looks like someone has well & truly hacked their website & have all the details they need to use your card. Really worth checking your account & informing your bank looks like a major data breach

Link to post
Share on other sites

Is there any info on whether they have lost data held on accounts? I’m assuming a lot of folks will have accounts with Moss. 

Link to post
Share on other sites
2 hours ago, RobH said:

That is a real drop-off by Moss. Any details they have should be encrypted, not stored as plain text. 

From the Moss Europe web site.

Transactional Security


Moss Europe Ltd understands how important the security of your personal information is, our website https://www.moss-europe.co.uk maintains the highest levels of security. This site uses secure server software SSL encryption technology, the most advanced security software currently available for online transactions. SSL encrypts all the information you input before it is sent to us.

Every page on our website will start with ‘https’ in front of the web address which is www.moss-europe.co.uk. A small locked padlock will also appear in the bottom bar of your browser window.

Some of our web pages may contain links to other websites; we recommend that you review their own privacy policy. Moss Europe Ltd is not responsible for the content or the privacy policies of websites to which it may provide links or the websites of its advertisers.

Paying using a Credit or Debit card
When you select to pay using a Credit or Debit card you will be directed to the Barclaycard EPDQ secure website until the transaction has been placed. Once the order has been successfully placed you will be re-directed back to our website. Our checkout process also uses Verified by Visa, this service enhances the security of your payment card account against unauthorised use when you shop on our website.

Paying using PayPal
When you select to pay using PayPal you will be directed to PayPal’s secure website until the transaction has been placed. Once the order has been successfully placed you will be re-directed back to our website. Our checkout process also uses Verified by Visa, this service enhances the security of your payment card account against unauthorised use when you shop on our website.

Link to post
Share on other sites
14 hours ago, Ernest said:

Hi all

Had a call from Barclays Bank today re. unusual acitivity on my debit card.

Then an e.mail from Moss to say that their web-site had been harvested of about one week's worth of transaction detials - all detials of credit and debit cards.

So, if you bought anything from Moss over the past week then best to check your debit card or credit card accounts.

Moss say they are working to resolve the issue.

I thought it best to share this just in case anyone does not access e.mails that often.

Ernest

Thanks for doing that.

Bruce.

Link to post
Share on other sites
10 hours ago, BlueTR3A-5EKT said:

This site uses secure server software SSL encryption technology, the most advanced security software currently available for online transactions. SSL encrypts all the information you input before it is sent to us.

Yes the internet transaction between the customer and the company is encrypted by the use of SSL (https). That is what nearly all on-line companies do  and you shouldn't deal with any that do not use https - but that only secures the transmission of the data across the internet. Once it reaches the company it is decrypted so they can read it.  It's what happens to the plain data once they have received it that counts just as much.

 

Link to post
Share on other sites
7 minutes ago, RobH said:

Yes the internet transaction between the customer and the company is encrypted by the use of SSL (https). That is what nearly all on-line companies do  and you shouldn't deal with any that do not use https - but that only secures the transmission of the data across the internet. Once it reaches the company it is decrypted so they can read it.  It's what happens to the plain data once they have received it that counts just as much.

 

Thanks Rob just learned something as to what https is and means.

Andy

Link to post
Share on other sites

 

See Moss e.mail received yesterday 

Enest

Dear Sir/Madam,

Private and Confidential

I am writing regarding a security incident which may have affected our website between 24 November 2021 and 29 November 2021.

 

What has happened

On 29 November 2021 we identified that an unauthorised third party had installed unauthorised software on our website. It is unclear how long this software was active for and we are looking into this as a priority. However, the software might have enabled the unauthorised third party to collect the payment card details of customers using their cards to purchase items through the website between 24 November 2021 and 29 November 2021. 

Our records show that you made a purchase through the website using a payment card during this period.  On that basis, there is a risk that your card details could have been compromised.  We are working hard to confirm which specific customers have been affected by this incident.  However, we did not want to delay informing you so that you can take steps to protect your payment card.  

The information potentially involved would have included the following:

·         first name

·         last name

·         credit card number

·         credit card security code (CSC)

·         credit card expiry date

What you should do

Given the nature of this information, we wanted to let you know about the incident as soon as possible. In the wrong hands, there is the risk that the information could be used to attempt credit card fraud. As a result, we recommend that you exercise increased vigilance in all matters relating to your personal and payment details.

In particular, you should consider contacting your bank regarding the card mentioned above and make arrangements for a replacement to be issued if they advise that is appropriate. In addition to this, it is also good practice in general to:

·         Check that all details for direct debits are up to date and delete any that are no longer needed.

·         Check bank accounts regularly, and contact the bank if you see any transactions you do not recognise.

·         Be suspicious if anyone contacts you by email, phone call or text message asking you to confirm your personal details; and

·         Enable two-step authentication on all your online services.

What we have done

Following discovery of the incident, we have already taken some initial steps, including:

·         Removing the malware and adding to the security of our systems.

·         Appointing a specialist data security provider to investigate the incident; and

·         Notifying relevant regulatory authorities

Please accept our apologies for any worry and inconvenience this incident may have caused. We take our data responsibilities and protection of your data very seriously. We are taking all necessary steps to strengthen our security to reduce the risk of a similar incident happening in the future.

If you have any questions, please contact us at customer-support@moss-europe.co.uk

Yours faithfully,

Alex Chaperlin

Managing Director

Moss Europe Ltd

 

Link to post
Share on other sites

Hi Ernest (and others that have dealt with Moss recently),

Maybe it is prudent to lower your credit limit to say 1 pound while this gets sorted?
In that case only one pound can disappear.

Waldi

Link to post
Share on other sites
18 minutes ago, Waldi said:

Maybe it is prudent to lower your credit limit to say 1 pound while this gets sorted?

Unfortunately if the information has been 'scraped' by criminals it doesn't end when the original problem is fixed.  Credit card and personal information is bought-and-sold between criminals on the dark web so even if nothing happens to your account right now, it could at any time in the future if someone buys your details.

 The only safe thing to do if you are one of those affected is request a new card with a different security code and expiry date and have them cancel the old one. 

 

( This happened to me some years back when I bought a camera on the 'net. Some months later some odd transactions appeared in the US, using my card.  The transactions were cancelled by my provider and I got a new card. )

Edited by RobH
Link to post
Share on other sites

So happens on the 24th I went into Moss to collect some parts ordered on the phone but no payment was made until I collected them on my debit card. Can anyone advise if this would be included in the situation as nothing was done via the web site.

Thanks

Andy

Link to post
Share on other sites

You are in the clear Andy if no card data went over the internet.

If you used a normal card payment terminal on the desk, that will have a direct connection to the bank so the card data shouldn't have been processed by Moss and anyway they won't have had either the security number or expiry dates which a hacker would need. 

 

 

Edited by RobH
typo
Link to post
Share on other sites
7 hours ago, RobH said:

You are in the clear Andy if no card data went over the internet.

If you used a normal card payment terminal on the desk, that will have a direct connection to the bank so the card data shouldn't have been processed by Moss and anyway they won't have had either the security number or expiry dates which a hacker would need. 

 

 

And exactly because of that i have a credit card with a lowish limit that i use for internet purchases only.

This means day to day physical transactions are kept separate from internet spending and if the card gets compromised the other one is still ok and of course that applies both ways.

Maybe i'm being over cautious but hey what the heck, hacks can happen.

Cheers   Keith

 

Edited by Keith66
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Please familiarise yourself with our Terms and Conditions. By using this site, you agree to the following: Terms of Use.