About | Buy | News | Products | Rants | Search | Security
Home » Security


They're back up!

Get It

Try It

RANCHO CUCAMONGA (Rixstep) — Monoprice are back online. They went offline on 5 March. They suspected something might be wrong with their network. Customers noticed funky iTunes charges after visiting the Monoprice website.

Monoprice headquarters in Rancho Cucamonga CA. For those who don't get it: purchases at iTunes are the virtual equivalent of tanking a few litres of petrol once you have a stolen credit card. That's how you determine if the card's any good. Before you start running up the really big purchases and maxing the card out.

Monoprice posted this on their website.

Note that:

  • Their initial security audit turned up nothing.
    'To date, the investigators have found no evidence that card information has been stolen.'

  • Their 'outside investigators' couldn't find anything either.
    'They have not found evidence of any successful attempts to penetrate our computer system.'

  • But there was one 'minor' blip on the radar.
    'Our internal IT staff found some suspicious files on one of our quarantined web servers.'

That should be enough to piece the puzzle together. But just in case:

I could tell their website security was very poor years ago based on one thing: they do not encrypt user passwords.

I ordered some cables from Monoprice at the end of Feb. and a few days later my card was disabled for fraudulent activity. There were a couple of iTunes downloads I did not make, obviously to test the validity of the card.

Same thing happened to me. Ordered cables from monoprice in February, fraud charges for iTunes show up on my CC on 3/9/10 which the CC company detected.

Me too. I had 3 fraudulent Itunes charges and 4 separate charges for WoW. I had bought some Wii accessories last month from Monoprice.

Co-worker had his CC with unauthorized charges, but did NOT use paypal to pay when he made his purchase from Monoprice.

I to had fraudulent charges on my cc, but I do not know if it was because of what happened at monoprice

25+ years of purchasing onlines, never had a problem with fraud charges until I made couple of purchases on Monoprice last month. Though fraud charges were minimal, my CC company did great job alerting me. It was hassle having to change CC, but rather be safe than sorry.

Placed my first order ever with Monoprice on 3/3 with a card I've had for 12 years - discovered fraudulent charges on that card made just today 3/16 when checking my account online. Since I'd heard about this potential issue in the meantime, immediately cancelled the card to get it reissued.

Thief tried to use my card today (3/16) with my father's name and address. Monoprice was the only place I use my card in early December and had the cables shipped to my father's house.

Still not enough? Try poking around at the website.

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Connection: close
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 160
Content-Type: text/html
Location: http://www.monoprice.com/home/index.asp
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Connection: close
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 179281
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Connection: close

That should definitely be enough.

Monoprice are not returning calls or talking to security journalists at time of writing.

There are no simple answers.
 - Marc Quince

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.