Jump to content

ASAP - Data Breach


system 4-50

Featured Posts

I'd be dubious that the email was a scam in the first instance. Once the email is confirmed as legit THEN I'd be a bit more concerned. But if ASAP (whoever they may be) are even half decent then any payment info stored on their servers should be encrypted, and safe.

Link to comment
Share on other sites

14 minutes ago, system 4-50 said:

I've had malware problems with my Mac over the last week & now I have an email purporting to come from ASAP reporting a data breach, including payment details. 

Malware? On a Mac? Surely this is a mistake.......??

Link to comment
Share on other sites

I have had this e.mail from ASAP who I use occasionally for parts. Now got to check credit card statements but I never leave my credit details with anybody always enter them fresh every time. I would hope that this lessens the chance of the details being stored.

i must say that in the past the service from this company has been first class

Link to comment
Share on other sites

I've also had the email.

I'm in no doubt it is from ASAP.  It is admitting to the problem. and in no way phishing for any other information from those it has been sent to.

 

The one issue I have is that it gives no idea of a timeframe over which the problem may have existed on their web-site.

 

I buy stuff from ASAP, but haven't for some time.

 

However my credit card company recently detected suspicious activity on my account, and there was a largish transaction that was not mine.  As a result my card was cancelled and re-issued with all new details, (very inconvenient as I only have the one).

 

I'm now wondering if the person(s) attempting to use my card could have got details via the malware on the ASAP site.  I guess probably not, because of the longish period since I last placed an order with ASAP.

Link to comment
Share on other sites

I've got the email (purchased a rev-counter from them about 3 weeks ago)

 

Now got to monitor my bank account, cancel my cards. wait for new cards, all because some 'person' couldn't keep our details safe.

 

Miffed !!!!!!!!!!!!!!!!!

 

Edit : just checked at no unknown transaction on my bank account since the ASAP purchase.

Edited by Alan de Enfield
  • Greenie 1
Link to comment
Share on other sites

There is nothing about this supposed data breach on the ASAP website. My first acting n would be to phone the company to check if the email really is from them Second, download Malwarebytes for the Mac and run a scan to see if you do have malware and get rid of it. Malwarebytes is free. Check the email headers to see where the email originated.

Link to comment
Share on other sites

1 hour ago, Sir Nibble said:

Boating?

As in, "relevance of topic thereto"? Well, it may be that S4-50 has a Mac computer on his boat, so it's part of his everyday boating life, hence it's relevant to General Boating.

 

I too have a mac on the boat. It comes in jolly useful when it's raining.

Link to comment
Share on other sites

11 minutes ago, Stewart Kirby said:

Check the email headers to see where the email originated.

The enail checks out as being genuinely from ASAP supplies.

Why wouldn't it be?

 

If it were a scam of some kind, it would be asking you to divulge some information, click on a link, or in some other way do something dodgy.
 

It isn't.
 

Their website has been infected with malware.  They are owning up to it, and asking you to be aware that your details may have been compromised.

 

As a customer I'm certainly taking it seriously, as it says.....

 

Quote

The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details


 

Link to comment
Share on other sites

11 minutes ago, alan_fincher said:

The information that may have been compromised includes customer name, address, shipping address, email address, telephone numbers and payment details

I'd reply to their email asking them whether the payment details were encrypted at either/both ends and on their server. If not then it's seriously serious. If it is encrypted then it's not so serious as all the hackers would get is encrypted gibberish that, by rights, can't be unencrypted. Yes, they'll still have your other details (name, address, etc.) but they're not as important as unencrypted credit card details.

Link to comment
Share on other sites

I've also had the email. Why do these suppliers keep hold of payment details after the transaction has been processed? Isn't that asking for trouble? 

 

I'm in East Africa at the moment so I can't do much from here. I think i last used ASAP about 3 months ago. 

 

Edit: Just checked my statement online and I bought some bits from ASAP at the beginning of July. I can't see any suspicious activity but I'm not sure if I should send a message to my bank or not?

Edited by blackrose
Link to comment
Share on other sites

1 hour ago, Athy said:

As in, "relevance of topic thereto"? Well, it may be that S4-50 has a Mac computer on his boat, so it's part of his everyday boating life, hence it's relevant to General Boating.

 

I too have a mac on the boat. It comes in jolly useful when it's raining.

What a load of muck intosh. :)

Link to comment
Share on other sites

Got the same email, very limited information in the email in the malware.  Basically saying they had malware on their web servers.   It’s sounds like this malware could of been sending your inputted information to a naughty third party.   Doesn’t say if this malware infected your machine, was at a browser level or was at a server level, or what dates they were infected.  

 

Edited, they do save cards, just checked...

Edited by Robbo
Link to comment
Share on other sites

1 minute ago, Alway Swilby said:

I've used them twice in the last six months and haven't had the email. Mind you I always tick the box saying not to store my card details.

I last used in January.  Even if you don’t store your card details if your personal details are on the system (ie. you have a account and login) you should really have had the email.

Link to comment
Share on other sites

4 hours ago, Alan de Enfield said:

I've got the email (purchased a rev-counter from them about 3 weeks ago)

 

Now got to monitor my bank account, cancel my cards. wait for new cards, all because some 'person' couldn't keep our details safe.

 

Miffed !!!!!!!!!!!!!!!!!

 

Edit : just checked at no unknown transaction on my bank account since the ASAP purchase.

Plenty of very much larger organisations have been compromised so don't be too critical. It is not a case of whether a site will be compromised but when. It is possible to mitigate the risk but it is impossible to prevent it.

  • Greenie 1
Link to comment
Share on other sites

As OP I posted in boating to get to the maximum audience quickly.  I get lots of boat stuff from ASAP so I assume other people do too.

I went to Apple and they hadn't heard of Mac Mechanic which was the name the malware on my machine called itself.  They used Malwarebytes on my machine & assured me that it was now clean and also that it was malware concerning advertising, not a virus, and I was not at risk of my payment details having been taken.  I went home & the stuff was still active on my machine.  I then rebuilt it from backup.  I have never got a good result from an Apple "genius".  But this might be quite distinct from the ASAP malware.

Link to comment
Share on other sites

1 hour ago, system 4-50 said:

They used Malwarebytes on my machine & assured me that it was now clean

Sounds a bit sketchy. I never use Apple stuff, but a quick Google tells me it's not as easy to remove as the Apple 'genius' says: https://www.precisesecurity.com/hijacker/remove-mac-mechanic

1 hour ago, system 4-50 said:

it was malware concerning advertising, not a virus

Well, it seems like they got that right. A quick Google tells me it's adware that keeps flashing up ads and probably slowing your machine down.

1 hour ago, system 4-50 said:

I was not at risk of my payment details having been taken

Also true. Some folks on the thread here seem to have mixed up malware on their machine and malware on the website. It's the malware on the website that seems to have caused the data leakage.

1 hour ago, system 4-50 said:

But this might be quite distinct from the ASAP malware.

Indeed it is. the ASAP malware was on their website: https://www.asap-supplies.com/security-incident

2 hours ago, Robbo said:

Edited, they do save cards, just checked

As do most online retailers, but my question to ASAP is: was the stored payment details encrypted? (If not, why the hell not?!) If it was, did the hackers also have access to any keys/data that might help them unencrypt the data?

 

Either way, if anyone (like a lot of people now do) uses one password on several sites, change them ASAP (pun intended). That password you used on ASAP might also be your password for email/other.

Link to comment
Share on other sites

I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored 

Link to comment
Share on other sites

1 minute ago, Chewbacka said:

I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored 

Do you have any source links for that?

Sounds like the malware was diverting people to a compromised payment page.

Link to comment
Share on other sites

4 minutes ago, Chewbacka said:

I think you will find that they did not access the data in the ASAP darabase (encrypted or otherwise), the malware on the web site read the data as you filled in the web site form in plain text and transferred the data to the hackers server leaving the merchant unaware that the data was monitored 

Phew - I'm glad I did it over the phone (but I guess ASAP could still have stored my card data) and not filling in the 'boxes' on the website.

Should I be safe ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.