Posted by William Charles on June 17, 2019
Manufactured Spending

Published on June 17th, 2019 | by William Charles

108

Giftcardmall Confirms Data Breach

Update 6/17/19: Giftcardmall has confirmed a data breach has occurred. If you used the site between April 24th and May 21st, 2019 then your information is likely to have been accessed. Full letter sent out below.

They are also stating that there is no evidence your personal information was actually accessed, but lots of readers originally reported fraudulent transactions on their credit cards so I’m not sure how that’s remotely accurate. I’ve said it before but I’ll say it again, until the penalties for data breaches increase they will continue to occur at an alarming rate. Hat tip to lobonomnom

[Reposting on 5/28/19 as an additional reminder since it appears that many/most cards used on Giftcardmall are affected; tons of people reporting unauthorized charges. Keep a sharp eye on your cards, or even just ask the bank to replace your card.]

A number of users on reddit are reporting that cards that were only used to make purchases at giftcardmall have had  fraudulent purchases made at other stores. Reddit user lobonomnom also reports that Norton detected a formjacker on the checkout page, but I was unable to replicate that result. Has anybody else noticed something similar?



108
Leave a Reply

avatar
 

  Subscribe  
newest oldest most voted
Notify of
Mike
Mike

Yes, that happened to me with a WF business card. I used it last May/June only at GCM to meet the MSR, then sockdrawed. Fraudulent charge from airbnb showed up in January!

Adam L
Adam L

I think the title is pretty clear.

Avi
Avi

“Reports of Fraud on Cards Used to Make Purchases at Giftcardmall.com”

Daniel
Daniel

Reports of Fraud On Cards Used At GiftCardMall

Reports of Fraud Due to GiftCardMall purchases

Ryan thompson
Ryan thompson

Happened on my WF business card that I got when setting up WF checking. Only ever used on GCM. Had fraud in March.

Joe
Joe

Zero liability for fraud transactions, so if they’re able to get away with it, hey more power to them.

Jags
Jags

Yes, let’s have more fraud so the banks have another reason to AA you for completely legitimate behavior.

Debit
Debit

Yeah. The credit card company will come back and say it is not fraud and then how will you prove it is fraud?

If it is an online transaction how will you prove that it wasn’t you that put that make it? How much energy will you put in for a couple of hundred dollars?

Sevillada
Sevillada

We need to be diligent. All consumers end up paying for those fraudulent charges one way or another. The only winners are the thiefs

Lei
Lei

Yes just had my card compromised yesterday for a $3k charge from B&H, days after I made purchases from GCM

Ric
Ric

Same here, $1 charged to AMEX for AIRBNB and $697 charged to my Sears Shop your way for Tailopez.com

Fathiss
Fathiss

Just got a fraud alert today. Hyatt card fraudulently used one week after GCM purchase.
Glad to know what the origin is.

Lisa
Lisa

William, does anyone know if Giftcard Mall is aware of this?

Paul
Paul

I would guess the hijacking is on the user’s device. The incoming payment page is intercepted, and the user is sent to a page that the scammer controls.

Ann
Ann

Seems pretty unlikely that bad guys would bother infecting people only to monitor for cards used on GCM, instead of all cards used on any website from that device. All these DPs sound to me like it is on GCM’s end.

Sam
Sam

this is just what we need, all our GCM purchases getting hyper-scrutinized

potatoslayer
potatoslayer

I just had my card this past week get used in Canada. The most recent transaction was two weeks ago at GCM. I am affected by this .

Ann
Ann

In other news, a new development in the drained physical GCs saga: https://milestomemories.boardingarea.com/kroger-vgc-fraud-scam-is-worse-than-we-thought/

qmc
qmc

yeowch!

Jay
Jay

Thanks for this link. Very informative…

MoreSun
MoreSun

Woah. A commenter there reported the same thing happened to them at Walgreens. I had no idea about that sort of tampering.

Mimi
Mimi

At most WAG, their GC rack is near the front end registers so thieves who may try to tamper with cards can easily be seen UNLESS they disguise themselves as the ones who replenish cards on the rack.

Vanillas and AGCs do NOT have the pull out tab, they are swiped by cashier to activate them so it is best to compare the barcodes on the activated card on the numbers that print on the small activation receipt and main receipt. If they don’t match, that is sure sign of tampering even if card is pristine.

Ann
Ann

Reading that post/comments the other day, I get the feeling that this latest level of fraud especially, if not some of the less sophisticated previous versions too, is more likely to be happening at the manufacturer/distributor than at the end-retailer. Very fiddly and relatively time-intensive to be trying to pull off in person on multiple cards, especially with some having been found at Walgreens. Even at Kroger, at least at mine, the big GCs endcap faces the front of the store.

missjenniferd1
missjenniferd1

my kroger actually has a big rack of giftcards right at the first entrance where the carts are, you could snag a bunch as you’re coming in, or leaving, and no one would have any idea, or even care, because you cant activate them till you pay for them, so like if i had seen someone take a stack of them off the rack, i wouldve just thought they were dumb since they cant be used until activated. nobody ever thought about tampering with them and bringing them back the next day… just goes to show, if there’s a will, there’s a way… there’s also jail… soooo hopefully they get caught soon… however, i will not be buying gc’s ever again.

RM
RM

Scary. Fortunately, easy to spot now that we have been warned. Before letting the cashier ring up the card, feel the bar code with your finger. Real ones feel ribbed; the fake ones on paper would not.

Gerald
Gerald

It’s probably only a matter of time before the scammers figure out a way to make the fake bar codes feel like real ones.

RM
RM

Yes, you are right. Safest thing to do is to open each package completely at the register, take out the card and carefully inspect it, front and back.

86
86

The image shows the card is a prepaidgiftbalance.com card that was issued by US Bank. I wouldn’t touch those for anything.

All the Safeway stores in my area have replaced those with Blackhawk Network cards issued by Metabank.

Eric
Eric

Safeways are not any safer. They’re also suffering from fraud. The good thing is safeway fraud is less sophisticated and the buyer will hold the real card, and deal with blackhawk, which, in my experience is superior to any other issuer by far. They resolved the problem within 29 days last time I was scammed.

86
86

.

RM
RM

Here’s a video from someone in Canada who was a victim of this scam: https://www.youtube.com/watch?v=hhUl-CKMzE0.

The video shows what the fake UPC codes look like, and how they are inserted into the packaging.

USam
USam

“Reports of fraud on payment type used for Giftcardmall.”

Chris
Chris

This might mean GCM’s checkout process was hacked by something like Magecart. The attacker gets access to the merchant shopping cart software and adds in their own code that steals credit card details when you type them in.

This has happened to a couple other sites like Newegg, British Airways, Ticketmaster, etc.
https://arstechnica.com/information-technology/2018/09/british-airways-site-had-credit-card-skimming-code-injected/

Back to Top ↑