Attitude Email Addressing Breach. They are Working on it

[Bad Karma]

This is the same rhetoric that Attitude used last year when everybody's credit card info got "stolen" and then used to buy high priced electronics (like iPads).
I was one of the folks who got their info stolen, all Attitude gave me was one of those stupid apology letters.
Well surprise, surprise that something similar happens in less then a year after the "theft" fiasco.
I received one of these emails with all my info in it too from the "other" seedbank.
I am done with the Attitude, I don't care how many freebies they give away each month or how good the promo is, I'm out.
They are selling off peoples personal/financial info, then saying "whoops, sorry" after they do.
The Attitude can not be trusted, you have been warned.

 

[Serapis]

thanks Illumination for staying on top of this and sharing replies....

 

[Serapis]

Not a lot of people even remember or discuss that hack anymore.... Attitude cannot keep getting away with lackluster security measures.... I refuse to do anymore business with them at this point.

This is the same rhetoric that Attitude used last year when everybody's credit card info got "stolen" and then used to buy high priced electronics (like iPads).
I was one of the folks who got their info stolen, all Attitude gave me was one of those stupid apology letters.
Well surprise, surprise that something similar happens in less then a year after the "theft" fiasco.
I received one of these emails with all my info in it too from the "other" seedbank.
I am done with the Attitude, I don't care how many freebies they give away each month or how good the promo is, I'm out.
They are selling off peoples personal/financial info, then saying "whoops, sorry" after they do.
The Attitude can not be trusted, you have been warned.

 

[napa23]

I didn't even know about the first Attitude hack. I had stopped growing for a while and stopped checking this forum. Thank goodness none of my money was stolen. I used to be a fan of the 'tude, however I think they have shown us that they aren't as secure as they want us to believe. For this, I will not use them again, no matter how many nice emails they send out now. It's not even about worrying about the cops; I'm not growing currently. It's about the security of sensitive information that others might use to steal my money; it's about trust being broken. That's only my position though.

 

[Illumination]

Props to Lumi, he doesn't even use Attitude for his own personal reasons and he's still working hard to get this worked out.

Well thank you baja...Actually my distaste for the 'Tude began for the bd-promo, and it seems it was well warranted as I am of the the belief that this was when the hacker/thief made it into the data to steal it. See Attitude pushed their bd-promo really hard and gave away some really decent free beans as well as gifts so anyone with half a brain could forsee that they would be inundated with hits and orders. From the sheer volume of sales they make they have the resources available to prepare for the flood. But no, rather than be Noah and well prepared for the flood, they instead were the "third animal" that never makes it to the boat. When their systems crashed from the volume, the window of opportunity was opened...get in before dns is in place, so to speak. Now the conundrum of the investigation is that since it occurred during a time of such high traffic volume it is nearly impossible to select the perp plus during the crash proper logs were probably not properly maintained by the system further complicating investigation of the breach.

Now not only was their system overloaded, so was their manpower and that was utterly ridiculous. They should of been training pickers at least a month before the promo to be ready for the flood.

So basically they are guilty of "Ostrich Syndrome" and growing pains and I just feel they need to use the volume of capital they have to make a system that is safe and secure as well as preparation to insure that they are not robbed of our info and able to accommodate safely and efficiently the large volume of sales they know are coming.

Now to their credit, they do offer awesome customer service, reliability in getting what it is you ordered and paid for, and in my experience stand behind the products they offer as long as the breeder does as well . I had two seeds, one that withered before breaking ground and one which did nothing at all. Sent one email to the 'Tude and one email to the breeder, Positronics. A day later rec'd an email from the 'Tude that the replacement were on their way. 6 days later I had more than the replacements in my hand. They sent me a 5 pack when all I had ordered was a 3, totally free of any charges. And for this I applaud them.

Now as to this current situation plain and simple the info was stolen and thieves are the lowest form of humanity next to pedophiles in my book. My info was STOLEN and I want the thief to pay!!! So I am doing all I am able to accomplish this, which entails working with the 'Tude and the members of RIU. From what I have seen and learned RIU is involved and a victim as well, but are totally mum as usual. RIU admin I am speaking of. The paranoia induced in the members here displayed by the atrocious actions on the closed thread of this topic, are what the thief is hoping to achieve to the detriment of Attitude and RIU. This is the reason why it is paramount to not react this way. Though our info was compromised we are not the targets of this operation but trying to use us as their weapon to damage The Attitude and RIU.

This is what I see, my opinion and the why I am doing this.

Thanx for the thanx everyone, and now,LET'S CATCH A THIEF!!

Namaste'

 

[hempstead]

This is the same rhetoric that Attitude used last year when everybody's credit card info got "stolen" and then used to buy high priced electronics (like iPads).
I was one of the folks who got their info stolen, all Attitude gave me was one of those stupid apology letters.
Well surprise, surprise that something similar happens in less then a year after the "theft" fiasco.
I received one of these emails with all my info in it too from the "other" seedbank.
I am done with the Attitude, I don't care how many freebies they give away each month or how good the promo is, I'm out.
They are selling off peoples personal/financial info, then saying "whoops, sorry" after they do.
The Attitude can not be trusted, you have been warned.

Not a lot of people even remember or discuss that hack anymore.... Attitude cannot keep getting away with lackluster security measures.... I refuse to do anymore business with them at this point.

Well thank you baja...Actually my distaste for the 'Tude began for the bd-promo, and it seems it was well warranted as I am of the the belief that this was when the hacker/thief made it into the data to steal it. See Attitude pushed their bd-promo really hard and gave away some really decent free beans as well as gifts so anyone with half a brain could forsee that they would be inundated with hits and orders. From the sheer volume of sales they make they have the resources available to prepare for the flood. But no, rather than be Noah and well prepared for the flood, they instead were the "third animal" that never makes it to the boat. When their systems crashed from the volume, the window of opportunity was opened...get in before dns is in place, so to speak. Now the conundrum of the investigation is that since it occurred during a time of such high traffic volume it is nearly impossible to select the perp plus during the crash proper logs were probably not properly maintained by the system further complicating investigation of the breach.

Now not only was their system overloaded, so was their manpower and that was utterly ridiculous. They should of been training pickers at least a month before the promo to be ready for the flood.

So basically they are guilty of "Ostrich Syndrome" and growing pains and I just feel they need to use the volume of capital they have to make a system that is safe and secure as well as preparation to insure that they are not robbed of our info and able to accommodate safely and efficiently the large volume of sales they know are coming.

Now to their credit, they do offer awesome customer service, reliability in getting what it is you ordered and paid for, and in my experience stand behind the products they offer as long as the breeder does as well . I had two seeds, one that withered before breaking ground and one which did nothing at all. Sent one email to the 'Tude and one email to the breeder, Positronics. A day later rec'd an email from the 'Tude that the replacement were on their way. 6 days later I had more than the replacements in my hand. They sent me a 5 pack when all I had ordered was a 3, totally free of any charges. And for this I applaud them.

Now as to this current situation plain and simple the info was stolen and thieves are the lowest form of humanity next to pedophiles in my book. My info was STOLEN and I want the thief to pay!!! So I am doing all I am able to accomplish this, which entails working with the 'Tude and the members of RIU. From what I have seen and learned RIU is involved and a victim as well, but are totally mum as usual. RIU admin I am speaking of. The paranoia induced in the members here displayed by the atrocious actions on the closed thread of this topic, are what the thief is hoping to achieve to the detriment of Attitude and RIU. This is the reason why it is paramount to not react this way. Though our info was compromised we are not the targets of this operation but trying to use us as their weapon to damage The Attitude and RIU.

This is what I see, my opinion and the why I am doing this.

Thanx for the thanx everyone, and now,LET'S CATCH A THIEF!!

Namaste'

I feel violated and will not use them again.

Get em Hobbes. heh

 

[ThirstyRoss]

My email/info was stolen as well, kinda annoying to be sure. I also have the unfortunate luck of having my CC compromised when all that went down last year - though that I care less about because you just tell the CC company and they cancel the card and refund the dodgey transactions.

I love Attitude, like everyone has said so far, excellent service, great selection - but I do wish they could get their ship tightened up a bit in this regard. Regardless I will no doubt order from them again when the time is right...

 

[Brick Top]

I love Attitude, like everyone has said so far, excellent service, great selection - but I do wish they could get their ship tightened up a bit in this regard. Regardless I will no doubt order from them again when the time is right...

The bigger you are the more targeted you will be because there will be more for a thief to steal. Small seedbanks and breeder direct sales are to small to be worth going after.

Remember what recently happened to Sony?

It’s bad news piled on top of bad news for Sony.
Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, the company said on Monday. More than 20,000 credit card and bank account numbers were also put at risk. This is in addition to the recent leak of over 70 million accounts from Sony’s PlayStation Network and Qriocity services.

Thieves will go after the biggest and the best because the rewards to risk factor make it the logical choice. If Sony can be hacked what makes anyone think that Attitude could or would be more secure?

If someone has the skills and wants to badly enough they will eventually find a way in and that is not any businesses fault. That is intelligence and persistence on the part of a criminal.

 

[ThirstyRoss]

Actually, thieves didn't go after Sony because they are the biggest and best, that was just some opportunistic bullshit that happened while Sony was being retaliated against for basically being dicks to that dude George Hotz.

It's not as though Sony got targeted by thieves, it's that thieves just happened to take advantage of them when someone else had already knocked them down

 

[tingpoon]

i've been ordering from tude pretty much since they opened. from what i know about their privacy practices based on my experiences with them (cuz i've asked) and my perusal of attitude's emails to ppl posted here as well as the actions they've taken to fix the issue...this is my take:

nobodys personal information was stolen because they dont keep address records long term like that. plus this was only the newsletter list that was compromised, meaning whoever did it only had ONE email address... not too big of a deal as most smart people have multiple email accounts.
of course it sux that this happened but there r so many sophisticated ways to compromise a website, so the level of the connection between the perpz and tude isnt as consequential.
you can be "hacked" by using facebook on public computers so i mean really, that is your whole life on there. so having one email released on a list that was then disbanded isnt a life-breaker. seriously put it in perspective.
now if you had more bad things done to you because your email u use for attitude is the same as the one u use for facebook, and ppl were able to put a name and more info to your email...well im sorry but maybe you should have been thinkin a little harder and covered your butt.

 

[Illumination]

i've been ordering from tude pretty much since they opened. from what i know about their privacy practices based on my experiences with them (cuz i've asked) and my perusal of attitude's emails to ppl posted here as well as the actions they've taken to fix the issue...this is my take:

nobodys personal information was stolen because they dont keep address records long term like that. plus this was only the newsletter list that was compromised, meaning whoever did it only had ONE email address... not too big of a deal as most smart people have multiple email accounts.
of course it sux that this happened but there r so many sophisticated ways to compromise a website, so the level of the connection between the perpz and tude isnt as consequential.
you can be "hacked" by using facebook on public computers so i mean really, that is your whole life on there. so having one email released on a list that was then disbanded isnt a life-breaker. seriously put it in perspective.
now if you had more bad things done to you because your email u use for attitude is the same as the one u use for facebook, and ppl were able to put a name and more info to your email...well im sorry but maybe you should have been thinkin a little harder and covered your butt.

Sorry but it was confirmed by Jodie at the Attitude that it is NOT just the newsletter email addy's and that PERSONAL INFO WAS STOLEN. Refer to the first post.....

Namaste'

 

[Hotwired]

this is my take:

nobodys personal information was stolen because they dont keep address records long term like that.

I have sent you an award for "Stupid post of the Week"

 

[vogel]

People actually use their personal email addresses, names and personal credit cards to order from seedbanks!?

I just assumed that they used giftcards, fake names and a trusted person's shipping address for the delivery. Hopefully trusted enough and adept enough to not even ask what is in the package.

I can understand someone using their credentials if they were licensed by their respective government (ie: medical use), and being upset that their information has been stolen; Its not a wise thing to do and it ignores the fact that seedbanks sell far more volume than there is demand for all of the medical licensed recipients.

Somebody is buying it. Those somebodys should know by now that they need to think before they act; Plan before you buy, if you will.

Having browsed seedbank sites out of curiosity I have noticed how dodgy they seem.
Caveat Emptor indeed.

All the more reason to use the aforementioned measures to protect oneself.

I have no pony in this race. I don't grow, I don't partake, and I have never ordered from Attitude or any seedbank.

I'll wrap this up,

Security is a process, not a silver bullet. There is no magic solution other than vigilance. Vigilance requires preparation and determination; You must be determined and prepared to protect your own information.

No entity will do that for you, and whole industries (ie: facebook et al.) have sprung up specifically for the purpose of selling that information and relying on you to either be ignorant or to simply not care.

...now if you had more bad things done to you because your email u use for attitude is the same as the one u use for facebook, and ppl were able to put a name and more info to your email...well im sorry but maybe you should have been thinkin a little harder and covered your butt.

 

[LuniLumi]

As well as my last post here ever!! Join me at http://riddlem3.com

Here's the latest from the tude:


show details 2:06 AM (10 hours ago)

Hi Lumi,
No new news as we are still investigating. This is taking a little longer than we thought, which is extremely frustrating for both you and us. We have not found any solid proof of who did this, and where it was taken from but we are getting there – albeit a little slower than we are happy with, but this investigation needs to be thorough as you can imagine.

We have no proof that anything (names, addresses etc.) has been taken from our system. The information we are taking into consideration is that of what the customers have informed us so we cannot confirm anything until we trace any third party that seems to have infiltrated the system.

When we have some more news we will certainly alert you as promised. The Attitude would like to apologise for any inconvenience caused, and we appreciate all your cooperation and help during this time.

Many Thanks,
Have a great day,
Jodie @ The Attitude

Last words I will ever post here...please come to http://riddlem3.com ... thank you all and good bye shithole riu

 

[Serapis]

TY Lumi for keeping us updated to this point. I'll miss you fer sure..... fuck the asshats and know nothing nay-sayers

 

[Dirty Harry]

Just received this from the 'Tude:

...
We are asking all the customers who this email was sent to, to contact us so our I.T Team is aware who has received the bogus email as not everyone has. As soon as we find out the culprit, immediate action will be taken and a lawsuit will be filed.

So let us see what develops.....

Namaste'


And please don't be an ass and get this one closed by stupidity

Um, no. My translation...please respond if you got the e-mail so someone can tell that your e-mail is current and active with a current IP status..

They may be legit, but I am not following that path.

 

[Maximus cannabis]

Hah. I've we away for a while. That's funny, I thought it never happened, me and all of us were full of shit and worked for other seed banks, blah blah blah.

Redemption tastes so sweet. I'm glad they finally fessed up and admitted that something has happened and are trying to figure out what exactly. Once they have it fixed, my boycott is over.

For all you haters, bite it.

 

[Gmz]

Why did i get what might be a melon/cucumber seed, or just a mutated marijuana seedling.... But it really doesn't look like that at all. I didn't spend 15$ for a melon seed .

Not very good first intentions for attitude..... Gonna try out nirvana next .

I mean.... Look at this fuckin thing!
View attachment 1611584

 

[bangkok101]

Why did i get what might be a melon/cucumber seed, or just a mutated marijuana seedling.... But it really doesn't look like that at all. I didn't spend 15$ for a melon seed .

Not very good first intentions for attitude..... Gonna try out nirvana next .

I mean.... Look at this fuckin thing!
View attachment 1611584

looks cool though

 

[luckydog82]

Who was this bogus email suppose to come from ? I received an email from a Globalseedbank last week stating free delivery to my area but I never was on such a website and I did wonder how they got my email.