'Hacker Safe' Geeks.com Hacked

January 7, 2008

Thomas Claburn


Attrition Staff Note: This was posted in the Company section, however do to the irony of a 'Hacker Safe' site being hacked, it's included here as well.

[Update, Jan. 9, 10:45 am: The story has been updated to include a comment from a ScanAlert spokesman, at bottom.]

Geeks.com, a Web site that still displays a banner from McAfee's ScanAlert certifying that it is "Hacker Safe," on Friday sent a letter to customers saying that it was hacked last month.

"Genica dba Geeks.com ('Genica') recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised," said a letter posted on The Consumerist from Jerry L. Harken, Genica's chief of security, to an undisclosed number Geeks.com customers. "In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, e-mail address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our e-commerce Web site."

Geeks.com has reported the incident to federal authorities and Visa, and is encouraging customers to review their credit card statements for unauthorized charges. The company has set up two help numbers -- 1-888-529-6261 or 1-212-560-5108 for non-US customers -- that will be active starting on Tuesday for those with questions about the incident. It is also providing contact information for the major credit agencies to make it easier to report any identity theft fraud arising from the incident.

Geeks.com describes itself as a direct-to-consumer e-commerce site that specializes in computer-related excess inventory, manufacturer closeouts, and popular and esoteric products for the tech-savvy.

A customer sales representative for Geeks.com confirmed that such a letter had been sent out but declined to offer further comment.

McAfee acquired ScanAlert in October and describes it as the world's leading provider of e-commerce Web site security services. The Hacker Safe certification, McAfee explains on its Web site, lets "shoppers of ScanAlert customer sites instantly know that they are a secure Web site and respond by buying more from them."

The ScanAlert Web site explains that the Hacker Safe certification doesn't mean 100% safe. "Research indicates sites remotely scanned for known vulnerabilities on a daily basis, such as those earning 'Hacker Safe' certification, can prevent over 99% of hacker crime," the site says.

ScanAlert spokesman Nigel Ravenhill e-mailed InformationWeek the following statement: "So far, no one knows exactly what happened, or whether this breach occurred on the web site or somewhere else. There is no evidence that this web site was hacked while it was certified Hacker Safe. In fact, all of the information that ScanAlert has gathered so far indicates that this breach did not happen while Geeks.com was certified Hacker Safe."

main page ATTRITION feedback