31 October 2010

Hobby Search security breach

Last week Hobby Search online hobby store has announced that it has suffered a hacker (or cracker) attack. A notice has been posted on the website along with an FAQ.

According to Hobby Search the attackers have managed to find a security hole within the system and exploited it, having gained access to the the computer system and accessed customer data, including credit card informations. The attack was discovered early this month and authorities have been contacted regarding this issue.

The credit cards affected by this attack are "those used in unshipped orders and orders shipped within one year, prior to July 7, 2010".

To be more specfic it means those cards that are used on or after 7th July 2009 or used before 7th July 2009 but shipped on a later date (or did not ship) were affected. Cards whose last order & shipment were over a year ago have their information deleted from the database and therefore not affected.

Meanwhile payments by credit cards have been suspended indefinitely. Paypal is now the only viable way of payment as a result of this event.

Customers who are affected should have received an email from Hobby Search by now. I know some of the fellow bloggers I know have received one too. People who are affected or think they are affected should contact their credit card companies about it as mentioned by Hobby Search's FAQ. While I haven't received one since my one and only order was way back in 2007, I would keep my eyes peeled just in case.

The attack at Hobby Search sure comes as a nasty surprise for the company itself, as well as its customers. Even though they have contacted authorities and tried their best to rectify the problems, it would sure severe some trusts with a number of online customers.

I don't buy much things from online stores nowadays as I have access to local shops in Hong Kong for most of the things I want, and there is no shipments and shipping fees to worry about. Anyone got affected by this? If so what are your opinions about it?


  1. What the- That's shocking! I have only ordered once from Hobby Search, and that's what for my SIC KT Faiz and my bro's SIC KT Den-O sword from. I used paypal for it though...

  2. @.@ I purchased my brs there but they didn't send me anything... wierd...

  3. @ Marzz:
    When I placed my order for my figma Miku back in 2007 Hobby Search has not implemented Paypal yet. It's good that they have it available now (as it is now their only available method of payment), or else it can be troublesome for both the company itself and customers who want safe transactions.

    @ AstrayP03 (Zhe):
    When did you place your order? And did you pay with a credit card or Paypal? If it's Paypal then you should be safe afaik.

  4. I'm not sure... I can't rmb if I purchased it via credit card or paypal xD

  5. Oh thanks for this information Q! It should be important for those who frequent hobby search requirement.

    Actually I was shocked because I just ordered something from them last month and I went "NOOO! My credit card!" then I remembered I actually paid by paypal since I was too lazy to enter my CC # ^^;

    I just hope no one is actually harmed by this hack.

  6. @ AstrayP03 (Zhe):

    Well, assuming you haven't received an email yet, you probably have paid via Paypal, so you should be safe (I think).

    @ Z:
    It really must have been quite a shock especially since you've just ordered from them not long ago. Luckily you did pay by Paypal. Good thing that Hobby Search did decide to open up Paypal as an option as it's convenient and safe (I think).

    Just as you said, let's hope this attack doesn't cause so much harm than it could have.


Be sure to copy long comments to clipboard in case of Internet or server problems