... and they make you spend money to use the credit (!).

richms:

 

If its session swapping then they know which sessions were accessed during the time that there was the issues happening. Simple log analysis will show all accessed profiles to know who to email.

 

And the irony is that people who jumped online to verify the breach were also compromising their own account in the process. 

MaxineN:

 

Everyone's account was potentially exposed, with card and address details. What kind of crap response is this? 

 

That is everything you can see from the payments page of MA. No CC details (that would allow the card to be re-used) was exposed. 

Addresses and other things yes, but not CC data.  Honestly, I'd be more worried about someone knowing my home address than CC, I can cancel my card pretty easily. I'd much rather someone use my CC than my home, uninvited. 

Mighty Ape boss fronts over glitch that saw some users logged into other users’ accounts

"Cache issues"

freitasm:

 

Mighty Ape boss fronts over glitch that saw some users logged into other users’ accounts

 

"Cache issues"

 

Their site traffic was being routed through the government filter at the time, felt kinda sus wonder whether that played any part in it?

Why you think this specific traffic was going though the filter? This is something that go from client to ISP to outside. Other companies aren't participating on this. 

freitasm:

 

Why you think this specific traffic was going though the filter? This is something that go from client to ISP to outside. Other companies aren't participating on this. 

 

I think those extra traceroute hops are well established to be associated with the DIA filtering infrastructure, somewhere in between is an additional middlebox where things could go wrong, requests being incorrectly routed etc. I would say the users on page 2 of this thread who were unable to access the Mighty Ape website due to time outs were experiencing the same issue as openmedia in the linked thread.

freitasm:

 

Mighty Ape boss fronts over glitch that saw some users logged into other users’ accounts

 

"Cache issues"

 

 

 

.... and ensures the article is tucked away behind a paywall so most people can't see what he said.  ;)

In this case it doesn't matter, as the video is not behind the paywall.

networkn:

 

That is everything you can see from the payments page of MA. No CC details (that would allow the card to be re-used) was exposed. 

 

Addresses and other things yes, but not CC data.  Honestly, I'd be more worried about someone knowing my home address than CC, I can cancel my card pretty easily. I'd much rather someone use my CC than my home, uninvited.

That’s not what you should be worried about. Somebody has got enough details to potentially act like you, or even phone you and pretend to be your bank. You never know. 

Im seriously not happy with Mighty Ape’s response to this. My actual details have been viewed an unknown amount of times by random people on the internet. 

Saying “your credit card information wasn’t visible” isn’t really true. Parts of my credit card were. Along with everything else. 

$50 doesn’t cover potential identity theft or fraud. 

I do wonder why partial credit card details are displayed on any website tbh. But it seems common practice.  

mattwnz:

 

I do wonder why partial credit card details are displayed on any website tbh. But it seems common practice.  

 

Usually just so you can check which of your cards you might have saved.

Probably a little safer than showing the whole thing - just the last couple of digits ought to be enough.

As you say - common practice.

The problem is that some companies ask for your last four digits to confirm an order or identity. If you have access to that because of a broken website... 

mattwnz:

 

I do wonder why partial credit card details are displayed on any website tbh. But it seems common practice.  

 

First 6, last 4 and the expiry are not regarded as private by the card vendors. When we save things in a payment gateway that is all that is shown back to us for the customers cards.