Did my website get hacked????

Rotalihinna

Rotalihinna

New member
Apr 15, 2011
332
5
0
Dear dudez,

I'm selling some jewelry on my website. Today I got a call from a customer that they had been double charged on their order. When I checked the reports on my gateway it was true - she was really charged two times (3 secs apart). In fact, the customer before her was also double charged.

Up to now it's not that weird. Probably a network glitch of some sort. Especially since I've made other sales since then and they haven't been double charged. Right?

Here's where it gets weird. The customer who called me insists that in addition to the two time charging of $200 (her original order), with each order she was charged an additional $2500 something. So all in all she was charged $5000, plus $400.

WTF is this?

She says she can see this in her bank account and the $5000 charges are originating from my store. I can't see this in my gateway however. It's only showing two transactions of $200.

Is it possible that I got somehow hacked?

What do?
 


Rotalihinna said:
Dear dudez,

I'm selling some jewelry on my website. Today I got a call from a customer that they had been double charged on their order. When I checked the reports on my gateway it was true - she was really charged two times (3 secs apart). In fact, the customer before her was also double charged.

Up to now it's not that weird. Probably a network glitch of some sort. Especially since I've made other sales since then and they haven't been double charged. Right?

Here's where it gets weird. The customer who called me insists that in addition to the two time charging of $200 (her original order), with each order she was charged an additional $2500 something. So all in all she was charged $5000, plus $400.

WTF is this?

She says she can see this in her bank account and the $5000 charges are originating from my store. I can't see this in my gateway however. It's only showing two transactions of $200.

Is it possible that I got somehow hacked?

What do?
Click to expand...

Unfortunately , there are chances that 4chan or similar guy is playing with your site .Also , if she is the only customer that's reporting this issue , ask her to send scan copy of her bank statement to make sure what she's saying is right .pm me if you'd like to discuss .This sounds horrible .
 
Sani Marketing said:
Unfortunately , there are chances that 4chan or similar guy is playing with your site .Also , if she is the only customer that's reporting this issue , ask her to send scan copy of her bank statement to make sure what she's saying is right .pm me if you'd like to discuss .This sounds horrible .
Click to expand...

HcgIjP2.gif
 
the dates on the file changes and the payment gateway code. trust me, im a professional
Devon Auerswald | LinkedIn

i really just want to see what they did, on what platform and how they did it. im that nerdy. i once pulled 10,000 credit card numbers out of a commercial ecommerce platforms cache only to learn the developers - computer science grad was one of them, both security+linux buffs - were to blame and not only did this 1 client record these 10k credit card numbers over the course of a year but thousands of other people did as well.
 
Thanks so much but dude you have to understand right now I'm feeling the exact opposite of safe and I don't think I can trust anyone with anything about my site. Plus it's on the Bigcommerce platform and BC doesn't have FTP access (retarded, I know)

What is it exactly that could have happened? The customer said that it looked like the $2000 something charges were coming from my store but I can't find anything like that on my gateway. So is the possibility that the CC number got stolen and immediately got used somewhere else for a $2000 purchase?
 
Rotalihinna said:
Thanks so much but dude you have to understand right now I'm feeling the exact opposite of safe and I don't think I can trust anyone with anything about my site. Plus it's on the Bigcommerce platform and BC doesn't have FTP access (retarded, I know)

What is it exactly that could have happened? The customer said that it looked like the $2000 something charges were coming from my store but I can't find anything like that on my gateway. So is the possibility that the CC number got stolen and immediately got used somewhere else for a $2000 purchase?
Click to expand...
what does BiGCommerce say about this problem?
 
lincolndsp said:
what does BiGCommerce say about this problem?
Click to expand...

Can't get to them. Choosing them was a mistake.

Anyway I just talked to the customer. Apparently those $2000 things were her balance, not charges. So on the statement, after every charge, it was showing their balance, and they mistook it for another charge. Top lel.
 
^looks like you misunderestimatered my leet hacking skillz.

Anyway I talked to BigCommerce and they were very helpful with their "I DONT KNOW LOL?!" 's. They told me to go talk to my gateway which told me to go talk to the merchant bank which told me that today was Saturday and they was just chillin' so I'd have to wait until Monday.

WTF is this bullshit? This specific problem didn't turn out to be something of an emergency but what if it were? Shit bro.
 
I've seen the double charge thing happen especially on sites that use AJAX for the checkout process and bugs in the code will fire off the "order submit" method twice under some circumstances.

I guess the takeaway from this is to be VERY hesitant when choosing a service provider for eCommerce. It might just be me but I won't work where I can't get to the source code and server logs. Fuck all that finger pointing shit from support.

Maybe the cool part is you now know how much balance your customer has in their account. Time for an upsell :)
 
Sani Marketing said:
Unfortunately , there are chances that 4chan or similar guy is playing with your site .Also , if she is the only customer that's reporting this issue , ask her to send scan copy of her bank statement to make sure what she's saying is right .pm me if you'd like to discuss .This sounds horrible .
Click to expand...


In b 4 fake fucking back accounts....or is that not a thing since yesterday.
 
SmokeTree said:
I've seen the double charge thing happen especially on sites that use AJAX for the checkout process and bugs in the code will fire off the "order submit" method twice under some circumstances.

I guess the takeaway from this is to be VERY hesitant when choosing a service provider for eCommerce. It might just be me but I won't work where I can't get to the source code and server logs. Fuck all that finger pointing shit from support.

Maybe the cool part is you now know how much balance your customer has in their account. Time for an upsell :)
Click to expand...

Yeah, you're right. BigCommerce has been a big headache to work with since I started the website. They lack some basic functionality, and some other basic functions are there but are a HUGE headache to implement, like product options etc.

And people keep telling me BC has the best out of the box set of features compared to Volusion and Shopify. I can't imagine how bad the others must be.
 
You must log in or register to reply here.
Top Bottom