PSA: Monoprice.com Possibly Hacked; Credit Card Data Stolen?

Although relatively new, Monoprice.com has quickly become a very popular place to buy cheap but high quality audio/video cables and adapters online. I recommended shopping there if you’re trying to connect your laptop to your TV (and maybe drop your cable subscription?). I’ve probably bought from them five times in the last year, and I don’t even shop online that much.

However, if you bought anything from them recently, I would check your credit cards for any fraudulent charges. Monoprice shut down their site today and placed this message up:

A few of our customers recently reported to us that information from credit cards they used on the Monoprice website had been misused. We promptly began an investigation with the help of expert computer forensic investigators to determine if any card data had been stolen from our computers.

To date, the investigators have found no evidence that card information has been stolen from Monoprice’s computer network. As a precaution to ensure that our customers’ information is not at risk, we have taken our website offline temporarily while we and our investigators complete the audit of our computer network.

Comments

  1. Thanks for the notice. They took it down for a couple of days but didn’t say why it was down during those days. Now the message is up but the site is also up.

    I’ll keep an eye on my credit card, but as usual, it’s not worth panic. Every credit card company I’ve worked with has been very quick to deal with fraudulent transactions and I’ve never had them try to get even the liability they are entitled to out of me. Usually it’s all smiles and cheers and even some rolling back of transactions I insist I made myself.

  2. I made a purchase there a couple of weeks ago using a card I rarely use. I also used it on another site. I just had to cancel the card because of fraud on it. It was either Monoprice or the other site. I was betting on the other site but I guess it was Monoprice.

  3. I’ve used them multiple times in the past and haven’t noticed anything unusual on my statements….

  4. I just ordered from them last week and got my cable last night. For payment to them I use Google Checkout. I tend to look for payment options of either Google or paypal. Feel safer that way. Should I? Will keep eye on credit card as usual.

  5. @Wayne: You lose much of your ability to dispute charges if needed. That having been said, I’ve made 3 purchases from monoprice over the past month, all using paypal. It does provide an added layer of anonymity, and they usually do a good job with disputes (though there are horror stories).

    Kudos to monoprice for their transparency so far on this; hopefully they figure out what happened.

  6. same thing happened to me after shopping on iherb.com (vitamin company). What was strange was how the thief only ordered things to be sent to me (not him), and it was hard to get the charges reversed because of it.
    What tipped me off was when I started getting “get rich quick” programs in the mail, and they even signed me up for AARP membership and stamps.com?? I wonder what the motive was? I thought maybe they were getting sales commissions out of it.

  7. I agree with Jon, kudos to monoprice for their transparency.
    On a personal level, this fortunately does not affect me since I always use either Citi “virtual credit card” numbers or Charles Schwab “shop safe” numbers.

  8. At this point I think you can remove the question mark in your post title Jonathan

  9. UncleBob says:

    I order from Monoprice on 3/1 and then starting on 3/3, I had a number of fraudulent purchase attempts made on the CC card I used at checkout. Fortunately my CC company rejected most of the purchase transactions and notified me of the activity. All the fraudulent purchase attempts were made at other online retailers. (iTunes, Symantec, Valve)

    I’ve order from them a couple of times before and this was the first time I fell vicitim to such activity afterwards. As someone noted above, props to them for being forthcoming about what happened (though I suppose it would’ve been nice if they had e-mailed me directly).

  10. This news makes me glad I’ve been using the ShopSafe option on my Bank of America card when I go online. Whatever number is created is only valid at a single merchant, only valid for an amount the cardholder determines ahead of time, and only valid for a # of months determined by the cardholder.
    At least the bank will notify the card holder when it detects a possible fraudulent activity.
    I personally would much prefer all my credit card companies to send me emails or SMS summarizing every single transaction so that I too could track what is going on. I don’t know of any that offer that feature.

  11. Ordered Cat 5 on 3-20. No unauthorized charges on my debit card. Whew, I just caught wind of this when I went to their site and it points to some odd domain

  12. Just had 2500$ racked up on my corporate card due to monoprice, thanks for the security breach.

  13. It’s back up. I will still buy all my cables from them but will use Google Checkout from now on.

  14. I was just contacted in regards to fraudulent activity on a very infrequently used account that was last used at Monoprice.

  15. My girlfriend bought some networking supplies from Monoprice a little more than a month ago and ended up getting about $1000 worth of charges racked up on her debit card. Me thinking, “What 2-bit site has this goofy broad used her card at” brought a small bit of humor after the charges were all reversed. I had a chuckle at her expense, but then I bought some cables and components from Monoprice 3 weeks ago, and just started to get my card hit by fraud. I caught it early, as they were just in the test phase of putting holds on the card via iTunes and setting up a Federal Express account with ALL OF MY INFORMATION. FedEx called me the morning I caught it on my bank account to thank me for choosing them to set-up my account.

    The only place we both used our cards was at Monoprice. I love the site and will use them again, but they definitely have to beef up their security because now my address, phone number, and old debit card number are in the hands of some turd that hacked their site.

    I will shop Monoprice again…just not real soon.

  16. Phew…glad I haven’t bought anything yet although I was about to.

  17. Working with the investigators, we have preliminarily determined that thieves may have copied approximately 28,500 sets of card information from customers who shopped on the Monoprice website from February 23 through March 5, 2010. The thieves may also have copied about 6,500 additional sets of card data regarding orders customers canceled after they gave us their card information. We provided the card numbers of the potentially affected accounts to our credit card processor, who will provide the card numbers to the credit card associations. We understand the card associations will notify the banks or other financial institutions that issued the cards about the potentially compromised accounts and the financial institutions will determine what actions to take regarding the accounts.

    We hired Kroll Fraud Solutions to send letters to each of the potentially affected customers about the apparent theft. Kroll will offer its ID TheftSmart™ fraud prevention services to those customers at our expense. If your credit card information may have been stolen by the thieves, you will receive a letter from Kroll within approximately one week to 10 days.

    http://www.monoprice.com/home/view_notice.asp

  18. I have my credit/debit card set to notify me via email immediately of each transaction made on my account. Damn goood thing I do, because 2 days ago I was notified of 2 seperate charges. Fortunately, they were small piddle amounts that I was able to immediately cance. The card should have been canceled but thru some error it wasn’t and today was fraudulently charged $150 for some microphones to be shipped overseas. I made sure that order was canceled and that the card is canceled as well. Tried to figure where the card was compromised, then received the Monoprice letter today. BINGO! I had used my card there. Fortunately, I keep very little in that account but it was still wiped clean and the feeling of violation is immense. I appreciate Monoprice coming to bat and admitting it was them and as much I will continue to use them for purchases and recommend them. Kudos to Monoprice and fuck you very much to the scum thieves that stole the info.

  19. I had fraudulent charges to my credit card. A bunch of $1 charges at “iTunes” (I think that it’s some fake company they set up that reports they’re iTunes, since iTunes does not have anything for exactly $1 after tax and they pool a bunch of small purchases together and don’t charge your credit card for every small song/app). And then a $1300 charge at Macy’s that the credit card company declined and at this point they stopped my card and called me and emailed me. All I had to do was go to the CC website and it showed me all transactions and I chose the ones that weren’t mine and they canceled the card and sent me a new one, so I didn’t lose a penny.

    It’s nice that Monoprice is being so open about this.

  20. I just got this letter in the mail from Monoprice, someone above mentioned “Kudos” to Monoprice, but in all honesty I was only notified as they were able to somehow know that I cancelled the credit card used at Monoprice due to fraudulent charges made against it, so I guess you won’t ever get such a letter if you never cancel a card used? In any case, I doubt it is there fault and there are just a lot of sleezy people around these days. Monoprice has great prices so I will probably continue using them.

  21. htgeist says:

    they got me today for a $500 charge. :(

  22. I was one of those that got the letter from monoprice, stupid me though didn’t actually take the time to cancel my card. Well I checked my statement yesterday and my card had about $1000 worth of fraud charges put on it between May 19th-22nd. Called my credit card company today and they are cancelling my card/investigating those charges.

  23. Another me too post. I received the letter from monoprice, and within a month we had fraudulent charges on the same card. CC company was good and dealt with it as expected (not liable for anything, quickly canceled the card, etc).

  24. There is a possibility of another security breach at monoprice. I made a purchase in mid-July, and was notified 3 days ago that my card was being used (swiped) in Ontario, CA. This just happens to be near monoprice. I don’t normally use this card online, so I feel very strongly that the fraudulent use was related to my order placed with monoprice. I have my card in my possession, so someone either hacked their network, or a dishonest employee stole customer cc info and is making counterfeit cards. I would use extreme caution if ordering from them.

Speak Your Mind

*