Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Infected All Eddie Bauer Stores In US, Canada (krebsonsecurity.com)

Posted by BeauHD on from the malware-with-good-taste dept.

New submitter alir1272 quotes a report from Krebs On Security: Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after Krebs On Security first notified the clothier about a possible intrusion at stores nationwide. "The company emphasized that this breach did not impact purchases made at the company's online store eddiebauer.com," reports Krebs On Security.

50 comments

  1. Good thing I don't shop there... by Anonymous Coward · · Score: 1, Informative

    Overpriced, snooty-assed brand...

    1. Re:Good thing I don't shop there... by Anonymous Coward · · Score: 1, Funny

      We get it. You're poor. That doesn't mean the rest of us aren't looking for quality merchandise that will get us laid.

    2. Re:Good thing I don't shop there... by thesupraman · · Score: 4, Funny

      We get it, You're ugly, That doesnt mean the rest of us need overpriced junk that will get us laid. ;)

    3. Re:Good thing I don't shop there... by guyniraxn · · Score: 1

      They have sales about every other month and the clothes are pretty decent in terms of quality. I don't think "snooty" is accurate either, in modern parlance they'd be considered "basic."

  2. Wait, what about Mouse? by Impy+the+Impiuos+Imp · · Score: 0

    Thank god for Slashdotters they aren't a big and tall store!

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  3. Really? by drew_92123 · · Score: 1

    Is Eddie Bauer still a thing? I remember checking that place out years ago and never went back, nothing but a bunch of overpriced garbage.

    1. Re:Really? by Nidi62 · · Score: 1

      Is Eddie Bauer still a thing? I remember checking that place out years ago and never went back, nothing but a bunch of overpriced garbage.

      Eh, I buy Eddie Bauer t-shirts at Sam's for about $8 each. They aren't too bad. Not sure what they would cost at an actual Eddie Bauer store though.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    2. Re:Really? by ITRambo · · Score: 1

      Apparently with no competent IT department either.

    3. Re:Really? by cdrudge · · Score: 1

      Not sure what they would cost at an actual Eddie Bauer store though.

      Judging from their website, at least $25.

    4. Re:Really? by parkinglot777 · · Score: 1

      Eh, I buy Eddie Bauer t-shirts at Sam's for about $8 each. They aren't too bad. Not sure what they would cost at an actual Eddie Bauer store though.

      Cheapest T-shirt costs $20~$23 on their web site. I am sure they are made-in-China which would cost them a couple dollars including shipping. $8 is still more expensive than other T-shirts (no name brand) I could find in Walmart. :p

    5. Re:Really? by JustAnotherOldGuy · · Score: 1

      I go to SE Asia once or twice a year and buy 10 or 20 t-shirts at $2 to $3 apiece. Same exact shirts you'll find in any major stores in the US, but bought locally a few kilometers from the source factory.

      I give some away (they have logos and stuff) but the rest I keep, so I now have a lifetime supply of t-shirts, lol.

      On another note, it's an incredible sight to see a couple thousand of the young Asian lady workers all exiting the factory en masse at the end of the day and riding back home on near-identical bikes.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    6. Re:Really? by Anonymous Coward · · Score: 0

      Eh, about $8 at the store if you buy when they are on sale. I only go to the mall a couple of times each year and usually swing by EB to see if the t-shirts are on sale. They are good quality and decent looking.

  4. during the first six months of 2016 by ddtmm · · Score: 3, Interesting

    ...credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.

    How is it that it went undetected by credit card companies and banks for so long? Surely they should have detected a pattern. I've always wondered why credit card companies don’t seem to care about fraud. It's like they have no interest in getting to the bottom of it.

    1. Re:during the first six months of 2016 by HungryMonkey · · Score: 4, Interesting

      Six months is probably from the oldest infected file date. Given that it was at every location, there is a good chance they didn't do anything with the information obtained until it has spread across the network. And even then, they may have let it sit and gather data for a while before they sold anything on the assumption that once they started to act it wouldn't take long to be shut down.

    2. Re:during the first six months of 2016 by tomhath · · Score: 5, Insightful
      FTFA

      On July 5, 2016, KrebsOnSecurity reached out to Bellevue, Wash., based Eddie Bauer after hearing from several sources who work in fighting fraud at U.S. financial institutions. All of those sources said they’d identified a pattern of fraud on customer cards that had just one thing in common: They were all recently used at some of Eddie Bauer’s 350+ locations the U.S. The sources said the fraud appeared to stretch back to at least January 2016.

      How is it that the article says they did detect a pattern but you didn't notice it? Surely you read the article before posting a question like that.

    3. Re:during the first six months of 2016 by Anonymous Coward · · Score: 1

      I've always wondered why credit card companies don’t seem to care about fraud. It's like they have no interest in getting to the bottom of it.

      That's because credit card companies HAVE NO INTEREST in getting to the bottom of it. When cards are used fraudulently, the bank is only liable for the cost of a replacement card and some postage. The cost of fraud is largely on merchants who accepted the cards and had chargebacks from the real customers.

    4. Re:during the first six months of 2016 by Anonymous Coward · · Score: 0

      GP obviously lives in a basement and has never had a girlfriend.

      When women shop they don't go to just one store and buy what they need. They go to dozens of stores, buy stuff, then return most of it. Then they go to more stores and buy more stuff. Chances are the cards that were used fraudulently had been used all over town; it took a while to spot the pattern.

    5. Re:during the first six months of 2016 by JustAnotherOldGuy · · Score: 1

      GP obviously lives in a basement and has never had a girlfriend.

      When women shop they don't go to just one store and buy what they need. They go to dozens of stores, buy stuff, then return most of it. Then they go to more stores and buy more stuff.

      This is soooooooooo true. Painfully true.

      I have heard that in the US that ~70% of all returned merchandise is returned by women. Don't know if it's an accurate number but it sure sounds about right.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    6. Re:during the first six months of 2016 by PPH · · Score: 1

      Surely you read the article before posting ...

      I'm beginning to detect a pattern here.

      --
      Have gnu, will travel.
    7. Re: during the first six months of 2016 by bestweasel · · Score: 1

      My question is why was it KrebsOnSecurity who told Eddie Bauer they had a problem and not the banks and cc companies?

      On July 5, 2016, KrebsOnSecurity reached out to Bellevue, Wash., based Eddie Bauer after hearing from several sources who work in fighting fraud at U.S. financial institutions. All of those sources said theyâ(TM)d identified a pattern of fraud on customer cards that had just one thing in common: They were all recently used at some of Eddie Bauerâ(TM)s 350+ locations in the U.S. The sources said the fraud appeared to stretch back to at least January 2016.

      A spokesperson for Eddie Bauer at the time said the company was grateful for the outreach but that it hadnâ(TM)t heard any fraud complaints from banks or from the credit card associations.

  5. And right away by Ol+Olsoc · · Score: 0
    I though of:

    Eddie? Keees me goodnight!

    Let's see who gets that reference....

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    1. Re:And right away by Anonymous Coward · · Score: 0

      dear god, why.

    2. Re:And right away by Ol+Olsoc · · Score: 0

      Is that what your boyfriend says after he pulls out and the santorum starts leaking from your anus?

      There is a certain amusement when a person with some severe psychosexual projections makes a fool of themselves.

      That would be you.

      Anyhow, you completely failed at getting the reference. Thanks for playing, and remember not too many people care about your secret desires, so its better to get them out in the open. People who repress their proclivities tend to end up going a mild form of insane, but sometimes worse.

      Thanks for playing though.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:And right away by JustAnotherOldGuy · · Score: 1

      Topo Gigio!

      Oy, I'm old. :(

      --
      Just cruising through this digital world at 33 1/3 rpm...
    4. Re:And right away by Ol+Olsoc · · Score: 1

      Topo Gigio!

      Oy, I'm old. :(

      TaDAH!!!! You win. I was just a kid at the time, but I remember old Topo.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    5. Re:And right away by Anonymous Coward · · Score: 0

      Right, because old, closeted Republicans getting blowjobs in the mens' room have ever so insightful conversations.

  6. Another failure of big government. by Anonymous Coward · · Score: 0, Funny

    Another day, another government department with shitty security paid for with STOLEN tax dollars.

    1. Re: Another failure of big government. by Anonymous Coward · · Score: 0

      What government department? What stolen dollars? (A) Taxes are set by elected legislators who covet their income just as much as you (but who have special dispensation to avoid taxes not available to you). (B) You didn't earn that money, God did.

  7. I'd be willing to bet that they were running XP. by Anonymous Coward · · Score: 0

    I'd be willing to bet any amout of money that they were running XP.

  8. malware, malware, everywhere malware... by Anonymous Coward · · Score: 2, Interesting

    these sorts of things simply didn't happen when the credit card machines were hooked directly up to a phone line. swipe, authorize, print, sign, done.

    the same thing COULD still be done with the "new" chip cards (chip and sign, chip and pin, or debit or gift card for that matter), if merchants and credit card companies weren't so fucking clueless.

    yes, they still make those devices, and yes, the new ones do the new cards and some can even still do dial-up.

    merchants should be 100% accountable for every single bit of stolen credit card details, because it is they who choose the less-secure pc-based credit card processing. and i'd even go one farther to say they may even be *criminally negligent* because a more secure method that does not require their own handling of credit card information has existed for *decades*

    1. Re:malware, malware, everywhere malware... by Anonymous Coward · · Score: 0

      Nope, but thanks for playing. The entire field of returns fraud utterly destroys you on that.

  9. Re: I'd be willing to bet that they were running X by s3cr3to · · Score: 0

    or any version of Winbugs.

  10. cash by Anonymous Coward · · Score: 0

    Just use cash and not worry about it

    1. Re:cash by bill_mcgonigle · · Score: 1

      Just use cash and not worry about it

      I've reverted to using cash for most things for precisely this reason. IT sucks everywhere.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  11. A great disturbance by JustAnotherOldGuy · · Score: 2

    And ten million hipsters cried out in terror, as if there had been a great disturbance in the supply of flannel lunberjack shirts.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:A great disturbance by Anonymous Coward · · Score: 0

      Dude, hipsters don't buy clothes at Eddie Bauer. Hipsters don't even go in to Eddie Bauer. Eddie Bauer is a store for whatever we call yuppies these days: generally wholesome, moderate quality, and overpriced. Any good hipster buys flannel shirts at the consignment or thrift store, once the yuppies have discarded them.

  12. "may have been" lol by JustAnotherOldGuy · · Score: 1

    "...credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach"

    I set fire to your house and burned it to the ground. There may have been some smoke damage.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  13. Odd thing to say. by Anonymous Coward · · Score: 0

    "Overpriced, snooty-assed brand..."

    What a strange thing to say. Their stuff is pretty normal, middle-of-the-road, plain vanilla.

  14. I can add something fun to this story by slashmydots · · Score: 1

    I personally know some of the IT workers at Eddie Bauer and they're incompetent morons that have no business working in IT. They have impressive resumes and absolutely no practical, real-world IT skills whatsoever. I was going to pursue a job there but after looking into it, I didn't even bother applying.

    1. Re:I can add something fun to this story by Anonymous Coward · · Score: 0

      So by "something fun" you mean "a dull and pointless story that I made up as sour grapes after Eddie Bauer tossed my resume in the garbage where it belongs".

  15. They still have stores? by Sir+Holo · · Score: 1

    I thought that Sears bought the Eddie Bauer Brand about 7 years ago, and were going to integrate those products into their regular stores.

    News for Nerds: Eddie Bauer still has over 350 brick-and-mortar stores in North America.

    Who knew? Where should we go for our khakis now?

  16. SO THE FBI ARE ALL OVER THIS OBVIOUSLY by Anonymous Coward · · Score: 0

    or it wouldn't be here. But did they do it?

  17. windows and offshoring. by WindBourne · · Score: 1

    yes, Eddie, like nearly all those that have been cracked, runs windows and outsourced to India, some parts. I'm not certain, where, but I will put money down, that India has access to the POS and handle the Sys. Ad.
    Some of you will scream that this is racists. You are right, but not on my part, but on yours.
    The fact is, that when you pay somebody 1/10 of what you pay normally, and you have enemies that have easy access to these employees, well, all they have to do is offer 10-20x what you were paying. IOW, these companies are paying Indians below $10,000 due to India manipulating their money downwards.
    Now, Russians who have easy access to India, come along and offer various indians $100,000 to leave a back door, at which point, the Russians will put in a NEW backdoor and remove the old one.
    What is crazy is that fact that so many ignore this situation. And it is easy to spot. Just got to get over your racists attitude and simply copy the VPN streams from India.

    --
    I prefer the "u" in honour as it seems to be missing these days.