Website Security Compromise – Site Now Secure
Post Updated September, 26th
It has come to our attention that InfiniteDiscs.com was likely hacked some time in August, and that some customer credit card information entered in our direct credit card checkout was intercepted and shared with a third party.
Our monthly Trustwave PCI Security scan notified us on September, 10th that our site needed a security patch upgrade due to a “Microsoft Internet Information Services (IIS) Cross-Site Scripting Vulnerability.”
At the time we received the notification of this vulnerability, we did not see any evidence that any customer card information had been compromised. However, it was brought to our attention today that several customers have found fraudulent charges on their accounts over the past few days. We suspect that customers who made orders in August and the beginning of September could have had their cards compromised. If you made an order during this time period, please check your credit card statements to make sure that you were not victim to any fraudulent charges.
Website Is Now Secure
This security patch was installed on Tuesday the 19th, and the vulnerability has been resolved. Our Trustwave Scan shows that our site is PCI compliant.
In addition, to ensure that everything is clean and no customer information is at risk, we also had our web hosting company scan to make sure that there are no malicious files on our server. This scan found no signs of malicious scripts.
Card Info Now Entered at Authorize.net
Since the breach, we have also changed our checkout process so that card information will never again be entered on our URL to eliminate the risk of a future cross site scripting hack. All credit card information is now entered directly on our Merchant processing domains Authorize.net or PayPal.com. Infinite Discs does not, and has never collected or stored any customer credit card information. You can be confident that your credit card purchases through InfiniteDiscs.com will be secure.