system 4-50 Posted September 29, 2018 Report Share Posted September 29, 2018 I've had malware problems with my Mac over the last week & now I have an email purporting to come from ASAP reporting a data breach, including payment details. Link to comment Share on other sites More sharing options...
WotEver Posted September 29, 2018 Report Share Posted September 29, 2018 It’s change passwords time then. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 I'd be dubious that the email was a scam in the first instance. Once the email is confirmed as legit THEN I'd be a bit more concerned. But if ASAP (whoever they may be) are even half decent then any payment info stored on their servers should be encrypted, and safe. Link to comment Share on other sites More sharing options...
Sir Nibble Posted September 29, 2018 Report Share Posted September 29, 2018 Boating? Link to comment Share on other sites More sharing options...
Guest Posted September 29, 2018 Report Share Posted September 29, 2018 14 minutes ago, system 4-50 said: I've had malware problems with my Mac over the last week & now I have an email purporting to come from ASAP reporting a data breach, including payment details. Malware? On a Mac? Surely this is a mistake.......?? Link to comment Share on other sites More sharing options...
Dav and Pen Posted September 29, 2018 Report Share Posted September 29, 2018 I have had this e.mail from ASAP who I use occasionally for parts. Now got to check credit card statements but I never leave my credit details with anybody always enter them fresh every time. I would hope that this lessens the chance of the details being stored. i must say that in the past the service from this company has been first class Link to comment Share on other sites More sharing options...
alan_fincher Posted September 29, 2018 Report Share Posted September 29, 2018 I've also had the email. I'm in no doubt it is from ASAP. It is admitting to the problem. and in no way phishing for any other information from those it has been sent to. The one issue I have is that it gives no idea of a timeframe over which the problem may have existed on their web-site. I buy stuff from ASAP, but haven't for some time. However my credit card company recently detected suspicious activity on my account, and there was a largish transaction that was not mine. As a result my card was cancelled and re-issued with all new details, (very inconvenient as I only have the one). I'm now wondering if the person(s) attempting to use my card could have got details via the malware on the ASAP site. I guess probably not, because of the longish period since I last placed an order with ASAP. Link to comment Share on other sites More sharing options...
Alan de Enfield Posted September 29, 2018 Report Share Posted September 29, 2018 (edited) I've got the email (purchased a rev-counter from them about 3 weeks ago) Now got to monitor my bank account, cancel my cards. wait for new cards, all because some 'person' couldn't keep our details safe. Miffed !!!!!!!!!!!!!!!!! Edit : just checked at no unknown transaction on my bank account since the ASAP purchase. Edited September 29, 2018 by Alan de Enfield 1 Link to comment Share on other sites More sharing options...
Stewart Kirby Posted September 29, 2018 Report Share Posted September 29, 2018 There is nothing about this supposed data breach on the ASAP website. My first acting n would be to phone the company to check if the email really is from them Second, download Malwarebytes for the Mac and run a scan to see if you do have malware and get rid of it. Malwarebytes is free. Check the email headers to see where the email originated. Link to comment Share on other sites More sharing options...
Athy Posted September 29, 2018 Report Share Posted September 29, 2018 1 hour ago, Sir Nibble said: Boating? As in, "relevance of topic thereto"? Well, it may be that S4-50 has a Mac computer on his boat, so it's part of his everyday boating life, hence it's relevant to General Boating. I too have a mac on the boat. It comes in jolly useful when it's raining. Link to comment Share on other sites More sharing options...
alan_fincher Posted September 29, 2018 Report Share Posted September 29, 2018 11 minutes ago, Stewart Kirby said: Check the email headers to see where the email originated. The enail checks out as being genuinely from ASAP supplies. Why wouldn't it be? If it were a scam of some kind, it would be asking you to divulge some information, click on a link, or in some other way do something dodgy. It isn't. Their website has been infected with malware. They are owning up to it, and asking you to be aware that your details may have been compromised. As a customer I'm certainly taking it seriously, as it says..... Quote The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details Link to comment Share on other sites More sharing options...
ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 11 minutes ago, alan_fincher said: The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details I'd reply to their email asking them whether the payment details were encrypted at either/both ends and on their server. If not then it's seriously serious. If it is encrypted then it's not so serious as all the hackers would get is encrypted gibberish that, by rights, can't be unencrypted. Yes, they'll still have your other details (name, address, etc.) but they're not as important as unencrypted credit card details. Link to comment Share on other sites More sharing options...
Chewbacka Posted September 29, 2018 Report Share Posted September 29, 2018 If this is the same that was reported recently on Apple news, then the hackers put some additional code onto the merchants web site which reported back to it’s ‘owners’ all data as it is typed into the site form, so your data is being ‘stolen’ before any encryption takes place. Link to comment Share on other sites More sharing options...
blackrose Posted September 29, 2018 Report Share Posted September 29, 2018 (edited) I've also had the email. Why do these suppliers keep hold of payment details after the transaction has been processed? Isn't that asking for trouble? I'm in East Africa at the moment so I can't do much from here. I think i last used ASAP about 3 months ago. Edit: Just checked my statement online and I bought some bits from ASAP at the beginning of July. I can't see any suspicious activity but I'm not sure if I should send a message to my bank or not? Edited September 29, 2018 by blackrose Link to comment Share on other sites More sharing options...
bizzard Posted September 29, 2018 Report Share Posted September 29, 2018 1 hour ago, Athy said: As in, "relevance of topic thereto"? Well, it may be that S4-50 has a Mac computer on his boat, so it's part of his everyday boating life, hence it's relevant to General Boating. I too have a mac on the boat. It comes in jolly useful when it's raining. What a load of muck intosh. Link to comment Share on other sites More sharing options...
peterboat Posted September 29, 2018 Report Share Posted September 29, 2018 I used them about 18 months ago and have the same email its a pain and I have no idea why they have kept my payment details either Link to comment Share on other sites More sharing options...
Robbo Posted September 29, 2018 Report Share Posted September 29, 2018 (edited) Got the same email, very limited information in the email in the malware. Basically saying they had malware on their web servers. It’s sounds like this malware could of been sending your inputted information to a naughty third party. Doesn’t say if this malware infected your machine, was at a browser level or was at a server level, or what dates they were infected. Edited, they do save cards, just checked... Edited September 29, 2018 by Robbo Link to comment Share on other sites More sharing options...
Alway Swilby Posted September 29, 2018 Report Share Posted September 29, 2018 I've used them twice in the last six months and haven't had the email. Mind you I always tick the box saying not to store my card details. Link to comment Share on other sites More sharing options...
Robbo Posted September 29, 2018 Report Share Posted September 29, 2018 1 minute ago, Alway Swilby said: I've used them twice in the last six months and haven't had the email. Mind you I always tick the box saying not to store my card details. I last used in January. Even if you don’t store your card details if your personal details are on the system (ie. you have a account and login) you should really have had the email. Link to comment Share on other sites More sharing options...
Mike Todd Posted September 29, 2018 Report Share Posted September 29, 2018 4 hours ago, Alan de Enfield said: I've got the email (purchased a rev-counter from them about 3 weeks ago) Now got to monitor my bank account, cancel my cards. wait for new cards, all because some 'person' couldn't keep our details safe. Miffed !!!!!!!!!!!!!!!!! Edit : just checked at no unknown transaction on my bank account since the ASAP purchase. Plenty of very much larger organisations have been compromised so don't be too critical. It is not a case of whether a site will be compromised but when. It is possible to mitigate the risk but it is impossible to prevent it. 1 Link to comment Share on other sites More sharing options...
system 4-50 Posted September 29, 2018 Author Report Share Posted September 29, 2018 As OP I posted in boating to get to the maximum audience quickly. I get lots of boat stuff from ASAP so I assume other people do too. I went to Apple and they hadn't heard of Mac Mechanic which was the name the malware on my machine called itself. They used Malwarebytes on my machine & assured me that it was now clean and also that it was malware concerning advertising, not a virus, and I was not at risk of my payment details having been taken. I went home & the stuff was still active on my machine. I then rebuilt it from backup. I have never got a good result from an Apple "genius". But this might be quite distinct from the ASAP malware. Link to comment Share on other sites More sharing options...
ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 1 hour ago, system 4-50 said: They used Malwarebytes on my machine & assured me that it was now clean Sounds a bit sketchy. I never use Apple stuff, but a quick Google tells me it's not as easy to remove as the Apple 'genius' says: https://www.precisesecurity.com/hijacker/remove-mac-mechanic 1 hour ago, system 4-50 said: it was malware concerning advertising, not a virus Well, it seems like they got that right. A quick Google tells me it's adware that keeps flashing up ads and probably slowing your machine down. 1 hour ago, system 4-50 said: I was not at risk of my payment details having been taken Also true. Some folks on the thread here seem to have mixed up malware on their machine and malware on the website. It's the malware on the website that seems to have caused the data leakage. 1 hour ago, system 4-50 said: But this might be quite distinct from the ASAP malware. Indeed it is. the ASAP malware was on their website: https://www.asap-supplies.com/security-incident 2 hours ago, Robbo said: Edited, they do save cards, just checked As do most online retailers, but my question to ASAP is: was the stored payment details encrypted? (If not, why the hell not?!) If it was, did the hackers also have access to any keys/data that might help them unencrypt the data? Either way, if anyone (like a lot of people now do) uses one password on several sites, change them ASAP (pun intended). That password you used on ASAP might also be your password for email/other. Link to comment Share on other sites More sharing options...
Chewbacka Posted September 29, 2018 Report Share Posted September 29, 2018 I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored Link to comment Share on other sites More sharing options...
ronnietucker Posted September 29, 2018 Report Share Posted September 29, 2018 1 minute ago, Chewbacka said: I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored Do you have any source links for that? Sounds like the malware was diverting people to a compromised payment page. Link to comment Share on other sites More sharing options...
Alan de Enfield Posted September 29, 2018 Report Share Posted September 29, 2018 4 minutes ago, Chewbacka said: I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored Phew - I'm glad I did it over the phone (but I guess ASAP could still have stored my card data) and not filling in the 'boxes' on the website. Should I be safe ? Link to comment Share on other sites More sharing options...
Featured Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now