Smartphone Experts Store Advisory (Incident Notification)

[Store Team]

On July 12th, Smartphone Experts discovered suspicious activity on a system used to process credit card payments for orders made through our online stores. This system powers accessory stores for several websites, including ShopAndroid.

We immediately implemented measures to prevent any further unauthorized access, and engaged a leading computer security firm to investigate and provide recommendations for additional security measures.

The security firm completed its investigation on August 5th 2013 and found evidence that although credit card information is encrypted when it is stored, the hacker may have had the technical ability to use a decryption feature of the system to view some customer?s credit card information.

Over the next few days we will be notifying all individuals via mail or email whose information may have been affected so they can take steps to protect their cards from any potential fraudulent charges. We have provided all relevant information about this incident to the credit card companies so they can take steps to protect their cardholders. We are also working with law enforcement.

We are committed to maintaining the security of any and all personal information in our system and are taking this matter seriously. We have implemented additional security measures in order to prevent an event like this from occurring in the future.

We will provide support via this forum thread, but for any individual concerns please don?t hesitate to email us at support @ smartphoneexperts.com or call us at ( 888 ) 599-8998, option 2.

 

[kaediil]

Well, you can change your letter from all your maybe the hacker could have obtained the credit info to he did because my info was misused. Here I was trying to help out a website that has provided me a lot of info by buying through their site and getting a fraudulent charge is my payment. Awesome. Although I expect this reply to be removed quickly by the admins, I feel like I need to try and let others know.

 

[credo]

I received a letter today. I would like to know why my credit card information from a purchase in September 2012 was still being stored? Also, why is there no offer for a free credit monitoring service?

 

[Store Team]

Well, you can change your letter from all your maybe the hacker could have obtained the credit info to he did because my info was misused. Here I was trying to help out a website that has provided me a lot of info by buying through their site and getting a fraudulent charge is my payment. Awesome. Although I expect this reply to be removed quickly by the admins, I feel like I need to try and let others know.

Thank you for letting us know about your experience with this unfortunate incident.

The financial institution that issued your card should reverse any fraudulent charges on your account upon request. Please let us know if we can assist, including sending them direct copies of the notification letter. We have notified our card processor about the at-risk cards, which in turn notifies the card brands and individual banks.

We are also working with law enforcement to find the criminals behind the hack.

Again, we are sorry for any inconvenience this incident might have caused. We are committed to maintaining the security of any and all personal information in our system and are taking this matter seriously.

 

[Store Team]

I received a letter today. I would like to know why my credit card information from a purchase in September 2012 was still being stored? Also, why is there no offer for a free credit monitoring service?

Post-authorization card data was retained for a period of time to facilitate order changes, returns and exchanges, which are fairly common occurrences. This policy has changed and card data is now immediately purged after authorization.

Stolen credit card information is generally used to make fraudulent charges, not for true identity theft. Information that is typically used in identify theft, such as social security number, was not compromised in this incident. We recommend that you either continue to monitor your account statements (if you see any fraudulent activity call your financial institution that issued your card and they will reverse any fraudulent charges on your account upon request), or call the issuer and ask the card used to be replaced. The phone number to call is usually on the back of the card.

 

[SlimJ87D]

This is absolute BS. Smartphone experts have compromised my card and along with others and they're not even compensating us in any kind of way. A %50 off coupon code at the LEAST. I expect a lot more though. Very unprofessional.

 

[Jude526]

I received the letter too and thank you for it. I had previously to this had issues and my bank caught it. I did call my bank and I am safe. Chase Bank works diligently to protect their customers. And thanks to Android Central too.
And to those who think this is unprofessional ...this isn't their fault. Unfortunately in today's technologies this can happen. We have to be careful.
Android Central has acted in our best interests to inform us. When fraud happens your bank will reimburse. Don't be harsh on AC. Their sites are victims too.

sent from my amazing Note2

 

[Store Team]

This is absolute BS. Smartphone experts have compromised my card and along with others and they're not even compensating us in any kind of way. A %50 off coupon code at the LEAST. I expect a lot more though. Very unprofessional.

Please email escalations@smartphoneexperts.com with a contact number and a good time to contact you next week to discuss your concerns related to this security incident.

 

[SlimJ87D]

I received the letter too and thank you for it. I had previously to this had issues and my bank caught it. I did call my bank and I am safe. Chase Bank works diligently to protect their customers. And thanks to Android Central too.
And to those who think this is unprofessional ...this isn't their fault. Unfortunately in today's technologies this can happen. We have to be careful.
Android Central has acted in our best interests to inform us. When fraud happens your bank will reimburse. Don't be harsh on AC. Their sites are victims too.

sent from my amazing Note2

If they followed procedures like other companies, they're not supposed to store all that information.

 

[morami]

Android Central did NOT inform us at all..
The incident happened almost a month ago yet I got the letter yesterday.If my bank would have not alerted me I would have lost a lot of money.
I think they should have let us know earlier.I just hope nobody lost money over this or worse(their identity).

 

[kaediil]

My problem is why do they have this info still online in their system? This is their fault because they retained the information in the first place and even worse, they left the decryption keys out for the hackers! If they took my information security seriously they would not have retained the info.

Possibly the most ridiculous thing is the completely useless Secured by McAfee Secure certificate the site has. Apparently their certification is also worthless.

Glad they sent a letter that also was false since it said maybe and possibly every place it could to try and cover their ****, but every other time this has happened to me I have been offered free credit monitoring (sad that I can say every other time since this has happened to me more than once).

-frank

Sent from my SGH-M919 using Tapatalk 2

 

[kaediil]

And to those who think this is unprofessional ...this isn't their fault. Unfortunately in today's technologies this can happen. We have to be careful.
Android Central has acted in our best interests to inform us. When fraud happens your bank will reimburse. Don't be harsh on AC. Their sites are victims too.

sent from my amazing Note2

OK it is their fault because they kept the info. Also, "we have to be careful" ? How can I be careful when they retain info they should not? It is not in my power to be any more careful.

Sent from my SGH-M919 using Tapatalk 2

 

[SlimJ87D]

I like how they disabled comments on their "DEAL OF THE DAY" now. I would really like to express to others about thinking twice before you give your business to this company.

 

[Phil Nickinson]

I like how they disabled comments on their "DEAL OF THE DAY" now. I would really like to express to others about thinking twice before you give your business to this company.

Those posts have never had comments. That's not new.

 

[DS1331]

I received this same letter in the mail yesterday but I don't think I've ever bought anything from smartphone experts before, I did however recently have a fraudulent charge on my checking account in the past 3 weeks. I wonder what's going on.

Sent from my HTC One

 

[Chex313]

I got the letter today..So it was good to know where my Amex was compromised...It was the usual PITA to change all passwords, on all accounts I have,then renew my new info. Happened last week.

Never even occurred to me that this site would save the CVV code... So it took me about 3 hours to go through everything. At $55 an hour for my time, I'll settle for a $165 store credit or a G2....whichever is easier.. Phil c'mon send me you Moto X when your tired of it!

2nd time this year...

Now having complained..I do want to thank the site for coming forward with this info it gives me some Peace of Mind about it(Plus frankly I've never had to pay for fraud) Its not easy to post this up since its always embarrassing and its got to be a lot more work to straighten out for you folks then us.

and I'll still support the site...as long as the guy with the beard stands diligent guard over it!

 

[DS1331]

Who is this company though?? Smartphone experts because I looked them up I don't think I've ever ordered anything from them so idk how they would even have my Cc info

Sent from my HTC One

 

[Store Team]

Never even occurred to me that this site would save the CVV code...

Just a clarification on the CVV issue. CVV was always purged after billing, as per processing requirements. However, because the hackers may have been able to access some data from orders in pre-authorization stage it was prudent to include that in the notification.

 

[Store Team]

Who is this company though?? Smartphone experts because I looked them up I don't think I've ever ordered anything from them so idk how they would even have my Cc info

Will send you a PM.

 

[DS1331]

Will send you a PM.

Thanks guys I appreciate it.

Sent from my HTC One