ShopRuger.com - HACKED

[DM47]

Just received a letter from Ruger that their on-line store hosting vendor (Freestyle Solutions) "experienced a data breach". Ruger says say they were notified by FS on 8/2/22 about a malware issues on their server, and apparently captured info between 9/18/20 through 2/3/22.

I'm guessing there are others here that have probably also received this letter.
Isn't convenient technology great?

 

[Abbey]

Did they say what info was compromised? Most systems use separate payment processors so if you don't tell them to save your credit card, all they would have is your name/address and that you bought some accessories.

I recommend using a password manager with unique passwords for each site in order to limit the blast radius of breaches like this. And use multi-factor auth when available, and never store your payment info with these rinky-dink businesses "for convenience".

 

[BloodNGuts]

9/18/20 through 2/3/22.

:shock:

 

[DM47]

Did they say what info was compromised? Most systems use separate payment processors so if you don't tell them to save your credit card, all they would have is your name/address and that you bought some accessories.

I recommend using a password manager with unique passwords for each site in order to limit the blast radius of breaches like this. And use multi-factor auth when available, and never store your payment info with these rinky-dink businesses "for convenience".

Yes, info definitely compromised.

In one paragraph,
" Freestyle Solutions, ... experienced a data breach in which your payment card information was captured and potentially accessed ..."

Another,
"Freestyle notified us that the malware captured information entered bu customers on the ShopRuger checkout page. The only items collected on the ShopRuger checkout page are: first and last name, shipping address, email address, payment card number, expiration date, security code, billing address, gift certificate number (if applicable), description of the product purchased, price, and quantity. No other information whatsoever was involved in this data breach. According to Freestyle, this data was captured when a customer clicked the "submission" button on the checkout form, immediately before the data was encrypted and stored in Freestyle's database."

(emphasis: mine)

In a separate paragraph the letter also mentions,
"According to Freestyle, this malware was also identified on Freestyle servers hosting other of its customers' stores and is not unique to ShopRuger. The data breach did not involve any system or application managed by ShopRuger."

 

[Abbey]

Yeah, if the payment processor was popped, that sucks. If you're paranoid, contact the CC and ask for a new card. But for something that's been going on for years already, I'd just keep an eye on my statements for bogus transactions (which we should be doing anyway) and go about my business.

Data breaches are so frequent anymore, that I just consider it part of the broader landscape. I usually end up getting a new card every year or so due to fraudulent activity. The banks are so good at detecting fraud that they usually block a transaction before it happens and lock the card down. "We detected fraudulent activity. If this wasn't you, do nothing. A new card is already in the mail"