‹ Back to Help Community

Security Breach from EETSAC.COM

1208 replies Sort by

By Sharon Schluttenhofer, 26-May-2015 13:00 PDT Permalink Report abuse

In reply to Juanita Gaines

11-Dec-2013 20:54 PST

FYI, I had a fraudulent charge from EETsac.com today on 12/10/13. I did some investigating. Folks, you need to cancel your credit card and have a new one reissued. Had it investigated and found that this was a bogus company overseas. I had to contact my bank to shut it down and reissue me another card. Check with the Better Business Bureau and they had no record. In checking with my job's security office it appears that this company may have link/hacked into Amazon and got ahold of my personal information and made a charge of $9.84. It appears they are fishing around to get info from active accounts.

EETsac.com is also affiliated with PremiumInsiderEducation.com, PremiumInsiderEducationPro.com and Lekra Ltd. It looks like they might have a virtual address at 47-49 Park Royal Road, London. If you look on PremiumInsiderEducation.com they have a link to Credorax.com. Credorax is a financial institute and a Principal Member of Visa Europe and MasterCard.

Just wanted to let Amazon know this is happening and your company appears to be comprised. Please let folks know. I have been a long time buyer and never had a problem until now.

Has anyone else had this problem?

May 2015: I had had two charges on the debit card that I used to fund my Amazon Prime account and to purchase my Amazon tablet.

At least one time the tablet was used to access the internet. The first time may have been from my laptop. Both instances I went to a link that appeared to be a news article but was an advertisement. Within two days I had a charge on my card for merchandise purchased relating to the site.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By Don, 10-Apr-2014 16:41 PDT Permalink Report abuse

In reply to David M. Britton

09-Apr-2014 10:54 PDT

The Heartbleed still wouldn't explain all the issues that have happened in the 48 pages of this thread before you posted. :) Which had nothing to do with the Heartbleed, since it's a new issue, and the thread is about issues long before Heartbleed even happened.
Unless you have evidence Heartbleed affected stuff six months ago.

https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

This is the only valid website you can get information from about anything affected at Amazon.

"Any so called "security" expert that does not know "Heartbleed" is a fraud, BTW. "
What does this even mean at all?

Seriously, Bruce even explained that it didn't affect Amazon, and he's in IT Security, I trust his understanding on it.

I don't think you meant me, because that would be a bit silly since I never claimed anywhere that I was a security expert. :)
Could you explain why you mentioned it in the first place, to me, of all people?

All I understand is the limitations of computer software, and how hacking is limited by the speed of the computer doing the hacking.

Please disregard my previous message. I obviously was too lazy to scroll down a couple posts. Thank you for the information and the link.
Don

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Don, 10-Apr-2014 16:40 PDT Permalink Report abuse

In reply to Bruce *Kindle Kurmudgeon*

09-Apr-2014 09:19 PDT

Five words: Heartbleed did not affect Amazon. They do not use the affected software.

Thanks for the information. However, I searched for some kind of assurance directly from Amazon regarding any risk with the Heartbleed virus. How do you know Amazon is unaffected?
I appreciate any information you can offer.
Don

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Cheri VH, 09-Apr-2014 17:06 PDT Permalink Report abuse

In reply to David M. Britton

09-Apr-2014 16:38 PDT

CBS must have gotten the news wrong.
Or did they say that the Amazon Web Services were hit by it?

Because people seem to confuse the two, but I can understand that perfectly.

Also, I don't work for Amazon. This is a customer to Customer forum.
Don't worry about it though.

Very rarely you'll see someone post from Amazon, with a tag under their name, or badge, and it says Amazon Official.
Those are the people who work for Amazon.

If I worked for Amazon I would have to pay taxes. :)

I may have replied to the wrong one I don't know now; sorry about that. In any event I have been following this thread for a very long time so I know the difference between Amazon and the other site. The news said Amazon. And when that is said people do think Amazon. com because the news doesn't usually clarify the .com. Hopefully someone from Amazon.com follows this thread because I'm not going to do any more responses. Thanks.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 16:38 PDT Permalink Report abuse

In reply to Cheri VH

09-Apr-2014 16:34 PDT

I understand you have stated Amazon has not had a breach and yet CBS News reported tonight you have had. ??????

CBS must have gotten the news wrong.
Or did they say that the Amazon Web Services were hit by it?

Because people seem to confuse the two, but I can understand that perfectly.

Also, I don't work for Amazon. This is a customer to Customer forum.
Don't worry about it though.

Very rarely you'll see someone post from Amazon, with a tag under their name, or badge, and it says Amazon Official.
Those are the people who work for Amazon.

If I worked for Amazon I would have to pay taxes. :)

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By Cheri VH, 09-Apr-2014 16:34 PDT Permalink Report abuse

I understand you have stated Amazon has not had a breach and yet CBS News reported tonight you have had. ??????

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 12:26 PDT Permalink Report abuse

In reply to Bruce *Kindle Kurmudgeon*

09-Apr-2014 12:18 PDT

"Amazon was affected. They closed the hole fast."

Amazon Web Services were affected - that's not Amazon.com. Amazon.com was never affected and so did not have to "close the hole".

Oh, okay, I see his confusion then, he thought that Amazon was the Amazon Web Services.

I guess he thought I was wrong based on that faulty assumption.

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Bruce *Kindle Kurmudgeon*, 09-Apr-2014 12:18 PDT Permalink Report abuse

In reply to James M. Dearras

09-Apr-2014 10:21 PDT

You are mistaken, Amazon was affected. They closed the hole fast.

Any so called "security" expert that does not know "Heartbleed" is a fraud, BTW.

"Amazon was affected. They closed the hole fast."

Amazon Web Services were affected - that's not Amazon.com. Amazon.com was never affected and so did not have to "close the hole".

Reply

2 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 11:41 PDT Permalink Report abuse

In reply to James M. Dearras

09-Apr-2014 11:13 PDT

I am responding to your continued claims that Amazon security baffles the NSA. And like many sites, Amazon cannot state with certainty they were not affected at all. They are lying if they do claim that. Or that they are not vulnerable to the next NSA backdoor when it is publicly discovered.

:)

I don't think you have actually read anything in this topic. Please do so before you say things that are rather silly. :)

First, even on this page, I mentioned the article that stated that a leaked document by Edward Snowden, seriously, you think he made it up?, proved that the NSA wants to build a super hacking Quantum Computer because they currently don't have the technology to hack through certain systems.
Amazon is using a 2048 bit encryption, I believe. OR 1024.

You want to prove they can hack 2048-bit, prove it.
IF you actually think the NSA can hack a 2048-bit system with their current technology, please let me have their TARDIS. :) Because that would be the only way.

Can you honestly expect me to take you serious here? The NSA is not perfect. They can't do everything. Why are people so shocked to hear that the NSA can't do something? I just don't get it. It's common sense, really, that the NSA can't do everything people think they can. :)

CPU backdoors don't exist, according to any search I could find, and how would that even work? Seriously, it's not going to tell you the password on a system if you remotely access the CPU.

I'm not sure why you think Amazon would be lying to state they are not affected. That would make zero sense. If you actually looked at what I wrote, above, the link is the only source that could be non-biased and therefor valid 100%. If you can't take that link as proof, I'd like to know why.

Unless you can find me some evidence to prove otherwise, it's a nonsensical statement.
And the Heartbleed was not a NSA backdoor.

None of this still has anything to do with the actual point of this thread, so you basically bumped this thread for no reason.

Also, the news reports on the Heartbleed also state Amazon was not affected. :)
How many sources do you need to prove that Amazon wasn't affected.
And even if they were, it had nothing to do with all the events in this thread, which was a result of a significantly different outbreak.
Which you would have learned if you read this thread.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By James M. Dearras, 09-Apr-2014 11:13 PDT Permalink Report abuse

I am responding to your continued claims that Amazon security baffles the NSA. And like many sites, Amazon cannot state with certainty they were not affected at all. They are lying if they do claim that. Or that they are not vulnerable to the next NSA backdoor when it is publicly discovered.

:)

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 10:54 PDT Permalink Report abuse

In reply to James M. Dearras

09-Apr-2014 10:21 PDT

You are mistaken, Amazon was affected. They closed the hole fast.

Any so called "security" expert that does not know "Heartbleed" is a fraud, BTW.

The Heartbleed still wouldn't explain all the issues that have happened in the 48 pages of this thread before you posted. :) Which had nothing to do with the Heartbleed, since it's a new issue, and the thread is about issues long before Heartbleed even happened.
Unless you have evidence Heartbleed affected stuff six months ago.

https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

This is the only valid website you can get information from about anything affected at Amazon.

"Any so called "security" expert that does not know "Heartbleed" is a fraud, BTW. "
What does this even mean at all?

Seriously, Bruce even explained that it didn't affect Amazon, and he's in IT Security, I trust his understanding on it.

I don't think you meant me, because that would be a bit silly since I never claimed anywhere that I was a security expert. :)
Could you explain why you mentioned it in the first place, to me, of all people?

All I understand is the limitations of computer software, and how hacking is limited by the speed of the computer doing the hacking.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By James M. Dearras, 09-Apr-2014 10:21 PDT Permalink Report abuse

You are mistaken, Amazon was affected. They closed the hole fast.

Any so called "security" expert that does not know "Heartbleed" is a fraud, BTW.

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 10:17 PDT Permalink Report abuse

In reply to Bruce *Kindle Kurmudgeon*

09-Apr-2014 09:19 PDT

Five words: Heartbleed did not affect Amazon. They do not use the affected software.

I wish he explained what that was.
I looked it up, though.
I didn't even know about it.

I'm also not sure why he replied to my post with that.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By Bruce *Kindle Kurmudgeon*, 09-Apr-2014 09:19 PDT Permalink Report abuse

In reply to James M. Dearras

09-Apr-2014 07:33 PDT

One word: Heartbleed

Five words: Heartbleed did not affect Amazon. They do not use the affected software.

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 09-Apr-2014 09:13 PDT Permalink Report abuse

In reply to James M. Dearras

09-Apr-2014 07:33 PDT

One word: Heartbleed

I don't understand what that means.
Could you explain.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By James M. Dearras, 09-Apr-2014 07:33 PDT Permalink Report abuse

In reply to David M. Britton

01-Apr-2014 11:28 PDT

Bruce, nor I, nor anyone who disagrees with you is an Amazon employee.

Bill Gates is more of an employee than either of us. :P

Only if you see someone with Amazon Official under their name are they an employee.

Also, Rick, the points on this website are like the points on Who's Line is it Anyways, they don't matter.

One word: Heartbleed

Reply

0 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By R. Hutchins, 01-Apr-2014 18:31 PDT Permalink Report abuse

I got hit in December, replaced my cards, and got hit by the WebLearn scam last week. Each one was processed in Malta. Both hits were on my Bank of America Visa. In between I used my debit card online at all the same stores and it was never stolen.

The only coincidence I can find is that I stored the card number on my iPad and used the auto fill feature when shopping. I'm not using it anymore.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 01-Apr-2014 11:28 PDT Permalink Report abuse

In reply to Rick Diefenderfer

01-Apr-2014 11:25 PDT

Bruce, "always the end user" fault? Are you an Amazon employee?

Bruce, nor I, nor anyone who disagrees with you is an Amazon employee.

Bill Gates is more of an employee than either of us. :P

Only if you see someone with Amazon Official under their name are they an employee.

Also, Rick, the points on this website are like the points on Who's Line is it Anyways, they don't matter.

Reply

Did this help answer the question? Please try again.

Thank you.

Thank you.

Reply


By Bruce *Kindle Kurmudgeon*, 01-Apr-2014 11:28 PDT Permalink Report abuse

In reply to Rick Diefenderfer

01-Apr-2014 11:25 PDT

Bruce, "always the end user" fault? Are you an Amazon employee?

No, I'm in IT Security though.

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By David M. Britton, 01-Apr-2014 11:26 PDT Permalink Report abuse

In reply to Rick Diefenderfer

01-Apr-2014 11:12 PDT

WHAA? Not following your logic(?)... ask Target what happened to their business after reporting a breech!

Amazon was not breached, if it was, they'd have to say they were.
They'd be destroying their business if they didn't reveal they were breached. That's why Target revealed that they were breached. You don't hide this, it's suicide.

Also, for what it's worth, Amazon's storage they hold all your important stuff on is far more secure than anything Target has.
OR anything the Pentagon has. :)

In a leaked document by Edward Snowden? Whatever his last name is, the NSA wanted to go build themselves a super Quantum computer so they can actually hack Amazon and other secure places like it.
Yes, they basically said, "We're mad there's things we can't hack into with our current technology."

So, no, Amazon is secure, and not the source of this breach.

Reply

1 person thinks this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Rick Diefenderfer, 01-Apr-2014 11:25 PDT Permalink Report abuse

In reply to Bruce *Kindle Kurmudgeon*

01-Apr-2014 11:19 PDT

The weak point is always the end user. All these people who never used their card anywhere but Amazon forget that they typed it in on their own PC, using whatever network it was connected to at the time. Those are the most vulnerable points in any transaction. 99% of these thefts are due to keyloggers on the end-users' PCs, almost all the rest due to insecure Wi-Fi networks.

Bruce, "always the end user" fault? Are you an Amazon employee?

Reply

0 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Bruce *Kindle Kurmudgeon*, 01-Apr-2014 11:19 PDT Permalink Report abuse

In reply to TStock

01-Apr-2014 11:13 PDT

There are some who claimed their compromised card was never used ANYWHERE. This might indicate a breach at the card issuer itself.

There are many, many weaker links in the chain than Amazon.

The weak point is always the end user. All these people who never used their card anywhere but Amazon forget that they typed it in on their own PC, using whatever network it was connected to at the time. Those are the most vulnerable points in any transaction. 99% of these thefts are due to keyloggers on the end-users' PCs, almost all the rest due to insecure Wi-Fi networks.

Reply

4 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By TStock, 01-Apr-2014 11:15 PDT Permalink Report abuse

In reply to Rick Diefenderfer

01-Apr-2014 11:12 PDT

WHAA? Not following your logic(?)... ask Target what happened to their business after reporting a breech!

Ask Target what would have happened to them had they not reported it...

Reply

2 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By TStock, 01-Apr-2014 11:13 PDT Permalink Report abuse

In reply to Rick Diefenderfer

01-Apr-2014 11:07 PDT

I'm thinking, Amazon was breached and is refusing to go public about it because the debit card that was fraudulently used is a card that I very seldom use for anything other than Kindle purchases.

There are some who claimed their compromised card was never used ANYWHERE. This might indicate a breach at the card issuer itself.

There are many, many weaker links in the chain than Amazon.

Reply

3 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply


By Rick Diefenderfer, 01-Apr-2014 11:12 PDT Permalink Report abuse

In reply to Bruce *Kindle Kurmudgeon*

01-Apr-2014 11:08 PDT

"Amazon was breached and is refusing to go public"

Sure, Amazon is going to risk their entire business because they don't want to report a breech. It doesn't work that way.

WHAA? Not following your logic(?)... ask Target what happened to their business after reporting a breech!

Reply

0 people think this reply helps answer the question. Do you? Please try again.

Thank you.

Thank you.

Reply

If you find this content inappropriate and think it should be removed from the Amazon.com site, let us know by clicking the button below. This will be sent to Amazon.com, and we will take appropriate action.
Thank you for your feedback.
There was an error with your request. Please try again.
Answer this question





This question

Total replies 1208
Initial question 11-Dec-2013 20:54 PST
Latest reply 26-May-2015 13:00 PDT
Please try again.