As you guys know - André Boulay here from YoYoExpert.com (owner and the yo-yo guy in all the yo-yo tutorial videos throughout our site). I personally apoligize for my delayed response to this sensitive issue... We had been on business travel last week leading to Nationals so things were chaotic but we gave this had been handled immediately - it is only writing the follow up that comes slightly delayed.
I should start this by saying we are extremely careful with our customers information. Our employees are as trustworthy as they come and our website hosting software is used by many professional online stores. All information going through our site is sent encrypted through a secure server and we personally do not handle or store the credit card numbers as they are processed by Authorize.net - the most widely used and respected credit card gateway online. We are also PCI (Payment Card Industry) compliant and get scanned regularly to ensure we are following procedure and remain secure. Further our main site including our forum is actually stored on a separate server from our store to help make things more secure. With that said a problem was brought to our attention when a customer called about his card being stolen. We immediately called our shopping cart software company (ModularMerchant.com) and they immediately did a scan and discovered someone had managed to create code that was 'intercepting' information for a very short period of time before they were immediately cut off.
- Within two hours of first becoming aware of the issue (brought to their attention by YoYoExpert) the unauthorized user's access was blocked permanently. Within ten hours of first becoming aware of the issue, every website on the server (and on all servers on our network) had been scanned both by automated systems and manually be server techs, and all malicious content removed and blocked.
- The "keys" (FTP passwords) for all websites on the server were changed, just in case the login credentials for another site on the server had been compromised.
- All information related to the unauthorized user (such as IP address, FTP access records, etc.) present in the server's logs have been made available to the server facility to be forwarded to the proper authorities.
- Not only were all security-related systems running on the webserver reviewed and updated when updates were available, but several new systems to monitor all areas of the website have been added.
Having had my personal credit card information stolen in the past I know this doesn't make this situation much better and I personally am very sorry for the frustration involved and know this is a difficult thing to regain your trust on. I have done everything humanly possible to ensure that we are as secure as possible. Our software company was very upset as they had not had any type of hacking problem since 2002 and obviously depend on being 100% secure - they have ensured us this type of thing will never happen again.Definitely take advantage of the consumer protection tools your credit card has available in order to limit your liability against any fraudulent charges made to your credit card. Hopefully they are already further assisting you with that.
Don't hesitate to let me know if you have anymore questions on anything. Contact@YoYoExpert.com
Our software developers as mentioned have already passed on all information they have to the proper authorities so hopefully these type of people are caught and handled appropriately.
Please let me know if you have anymore questions and I again apologize for the frustration here.