Greetings,
I encountered a serious security issue while trying to order things from the www.misterkit.com website in Italy--I realized that as I was ordering, there were already about $2,500 USD worth of items already in my cart, apparently from someone else's order, that did not want to go away no matter how many times I tried to delete them--then I realized that I was actually, through no effort of my own, logged into someone else's account! Someone with an Italian address...their name, birthdate, and phone number also were displayed when I went into "my account". I had to log out and register under my own name, but then I did not feel safe completing the order, entering my financial information, which could end up on the computer of god-knows-who. I've emailed the website about this problem, and meanwhile placed my order elsewhere, but I wonder how many other people out there have encountered this glitch--so I would advise avoiding the MisterKit website for the time being, until the problem is fixed.
Early Aviation
Discuss World War I and the early years of aviation thru 1934.
Discuss World War I and the early years of aviation thru 1934.
Hosted by Jim Starkweather
Beware MisterKit (Italy)site (Security Issue)
uproar
Nebraska, United States
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Posted: Sunday, December 02, 2007 - 06:34 AM UTC
JackFlash
Colorado, United States
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Posted: Sunday, December 02, 2007 - 10:12 AM UTC
Great heads up! Thanks!
uproar
Nebraska, United States
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Posted: Sunday, December 02, 2007 - 11:33 AM UTC
What is even stranger is that if I go back to the site, even though I am not logged in, new items keep appearing in the "Shopping Cart" all by themselves (which is visible on the Homepage for the website). Does this happen to anyone else with this site? I wonder if someone hasn't hacked my computer.
Bizarre.
Bizarre.
JackFlash
Colorado, United States
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Posted: Sunday, December 02, 2007 - 04:12 PM UTC
Start by dumping / deleteing your cookies and temp internet files. Every few weeks its a good thing to do. Keep track of your passwords and usernames by keeping a written log nearby. I have a shopping cart template for my site and I check its function everyday. If they don't know about the problem after you contacted them, they will. I know the American site owner.
JackFlash
Colorado, United States
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Posted: Monday, December 03, 2007 - 08:56 AM UTC
Here is a bit from Mike Taylor in Orlando FLA.
" Thanks Stephen, I got the message. Someone from was ordering directly from MisterKit's ITALIAN Homepage and to his dismay it sounds as if his account info and password had been hacked and someone was ordering/stealing up a storm on his behalf.
Sounds to me as something which can happen to ANY USN/PWd Prtotected account. In a way while it takes me a little longer to clear orders thru emails and Process thru PAYPAL I do not have to worry about holding anyone's personal info or losing it thru a secuirty breech.
Paypal's bread and butter as a Internet "Cash Clearing Service Provider" is up to date on all the lateset security and encryption neccessary to keep everyones info safe.
MY Italian brothers should be forwarding this customers order to me IF it were any WWI related but Sa' La Vie most likely this does NOT Happen.
I do not have an advertising budget so I do not have the Exposure they do otherwise I would not be able to offer the lowest prices I could.
As an amatuer modeler myself I understand hobby budgeting and spending your hobby dollar. I try to do my best to bring you the best International WWI hobby products I can and offer them a near cost as I can.
Yours Mike. http://www.misterkitusa.com/ "
Just to be clear my site uses Paypal as well (owned by Wells Fargo) they take security issues very seriously and I haven't had any issues from them since starting my site. See below.
" Thanks Stephen, I got the message. Someone from was ordering directly from MisterKit's ITALIAN Homepage and to his dismay it sounds as if his account info and password had been hacked and someone was ordering/stealing up a storm on his behalf.
Sounds to me as something which can happen to ANY USN/PWd Prtotected account. In a way while it takes me a little longer to clear orders thru emails and Process thru PAYPAL I do not have to worry about holding anyone's personal info or losing it thru a secuirty breech.
Paypal's bread and butter as a Internet "Cash Clearing Service Provider" is up to date on all the lateset security and encryption neccessary to keep everyones info safe.
MY Italian brothers should be forwarding this customers order to me IF it were any WWI related but Sa' La Vie most likely this does NOT Happen.
I do not have an advertising budget so I do not have the Exposure they do otherwise I would not be able to offer the lowest prices I could.
As an amatuer modeler myself I understand hobby budgeting and spending your hobby dollar. I try to do my best to bring you the best International WWI hobby products I can and offer them a near cost as I can.
Yours Mike. http://www.misterkitusa.com/ "
Just to be clear my site uses Paypal as well (owned by Wells Fargo) they take security issues very seriously and I haven't had any issues from them since starting my site. See below.
uproar
Nebraska, United States
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Posted: Monday, December 03, 2007 - 12:38 PM UTC
Here was my response to Mike Taylor--
"Well the strange part is that when I noticed the problem, I had not yet even registered with the website--I noticed the problem, fortunately, before I tried to "check out". The information that I found when I clicked on "my account" was somebody in Italy with a decidedly Italian name (unfortunately, I did not make note of it). So I saw that person's personal information (which wasn't much other than an email address, phone number, and birthdate) displayed. So I deleted everything in the cart and logged out, and then registered myself (probably not wise at that point), but did not submit any account or financial information. Subsequently I decided not to order anything, so I logged out....but things still keep showing up in the basket, all by themselves, even though I am not logged in. So I'm not so sure my account has been hacked into, since I didn't have an account before the problem arose. So...what do you think is happening?"
The really strange part is that I have submitted no financial information whatsoever to this website, no PayPal information or anything. I noticed the strange things in my cart before I checked out, even before I had an account to hack into. thought it might have just been a glitch, and did register with the site--but when I saw that the problem kept happening, I determined that something very wrong was going on, and didn't go any further, or attempt to complete the order. I think someone in Italy's account was hacked into, and for some reason, I was receiving the information.....and even if it was, there is no financial information with which to make a purchase.
So, I am confused. What do you think? When I get home from work, I will check the site to see if things are still appearing in the shopping cart.
"Well the strange part is that when I noticed the problem, I had not yet even registered with the website--I noticed the problem, fortunately, before I tried to "check out". The information that I found when I clicked on "my account" was somebody in Italy with a decidedly Italian name (unfortunately, I did not make note of it). So I saw that person's personal information (which wasn't much other than an email address, phone number, and birthdate) displayed. So I deleted everything in the cart and logged out, and then registered myself (probably not wise at that point), but did not submit any account or financial information. Subsequently I decided not to order anything, so I logged out....but things still keep showing up in the basket, all by themselves, even though I am not logged in. So I'm not so sure my account has been hacked into, since I didn't have an account before the problem arose. So...what do you think is happening?"
The really strange part is that I have submitted no financial information whatsoever to this website, no PayPal information or anything. I noticed the strange things in my cart before I checked out, even before I had an account to hack into. thought it might have just been a glitch, and did register with the site--but when I saw that the problem kept happening, I determined that something very wrong was going on, and didn't go any further, or attempt to complete the order. I think someone in Italy's account was hacked into, and for some reason, I was receiving the information.....and even if it was, there is no financial information with which to make a purchase.
So, I am confused. What do you think? When I get home from work, I will check the site to see if things are still appearing in the shopping cart.
JackFlash
Colorado, United States
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Joined: January 25, 2004
KitMaker: 11,669 posts
AeroScale: 11,011 posts
Posted: Monday, December 03, 2007 - 03:24 PM UTC
A. Clean your computer of all the cookies and temp internet files as mentioned earlier. Try ordering from the Misterkit USA site.
B. If you have contacted the Italian site by e-mail thats about all you can do. You are not responsible for purchases you did not authorize. Your e-mail to to the Italian site should cut your account off until the problem is fixed.
C. If you used a credit card for the account, notifiy the card company that any charges from this Italian site are not authorized by you because of the problem. Or simply close the card and get a new one.
There are bad guys out there folks be smart , be cautious.
B. If you have contacted the Italian site by e-mail thats about all you can do. You are not responsible for purchases you did not authorize. Your e-mail to to the Italian site should cut your account off until the problem is fixed.
C. If you used a credit card for the account, notifiy the card company that any charges from this Italian site are not authorized by you because of the problem. Or simply close the card and get a new one.
There are bad guys out there folks be smart , be cautious.
uproar
Nebraska, United States
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Joined: April 09, 2005
KitMaker: 99 posts
AeroScale: 25 posts
Posted: Monday, December 03, 2007 - 03:43 PM UTC
Greetings, and thanks...since I never actually submitted credit card information, I don't anticipate a problem...perhaps someone was trying to put purchases into my account, but without success since no financial info was submitted...I don't know. I did order from the MisterkitUSA site, and have communicated with Mr. Taylor on the issue. Still wondering who else's account info it was that I was looking at--I wish I'd written the info down. I've purged the cookies, temp internet files, etc., several times (I do so several times per day as a matter of routine). Things still keep popping up in the Misterkit website shopping cart, even though I am not signed in, although it is slowing down. Nothing has shown up in PayPal at this time.