Boomerang rentals possibly compromised

I'm still not sure how the initial problem is linked to Boomerang with certainty. All I've read is some guy signed up with them and sometime later had a fraudulent transaction on his card. How do we know he didn't sign up to bigboobsweekly.com or something.
 
ic1male said:
I'm still not sure how the initial problem is linked to Boomerang with certainty. All I've read is some guy signed up with them and sometime later had a fraudulent transaction on his card. How do we know he didn't sign up to bigboobsweekly.com or something.
Click to expand...

It isn't just one guy. If you have facebook, have a look at the Boomerang page. There are lots of people complaining.
 
JoeBoi said:
If you're only renting select games you may as well think about buying them mate.

You can always make some money back by selling them once you're done. Think about how much you'll pay in rental fees over months of dry periods or having one super long RPG :).
Click to expand...

Yeah that's true - I used to do that. I'm sticking with Boomerang for now because i'm 5 points from a free month - and I'm currently on a free month (although it's on holiday until 30th Jan anyway).

I find when renting I felt pressurised to make use of it - when in reality my preference for media based leisure time is watching Tv series and NHL and gaming was taking too much time from those.

So yeah - once next free month is over I'll go back to buying the odd game I actually want to play.
 
Situation Update: Boomerang Rentals 13th January 2015

What happened
On Friday we were contacted by a customer who was concerned that a fraudulent charge had been attempted on his credit card, and he was worried that our system had been compromised. He quoted another person who had made a comment on Twitter of a similar issue.

What we did
We began an investigation as soon as additional concerns were raised. Credit card data is stored in a strongly encrypted format and not viewable to any internal staff, however, at that stage, we felt we should take the concerns seriously.

Over the weekend, we noticed other people online reporting similar issues and we became increasingly concerned. So, based on the information available at the time and conscious of the concern, we made the decision on Sunday afternoon to take the site off line while we continued our investigations.

Where we are
By Monday morning, we had been contacted directly by a small number of additional customers. We contacted the fraud department of our merchant bank, but they knew of no issue. We also contacted our payment gateway provider and they also had no concerns. They are assisting us in a consultative capacity.

By this time we could see lots of people talking about this online, but only a few people had contacted us directly.

To date we have not found any evidence of a breach of our systems. We are continuing to investigate and continue to take this issue very seriously.

We have also made the decision to very quickly move over to a token method of payment which obviates the need to have encrypted data on our servers, to give our customers further reassurance.

We would not ever wish to be the source of customer card information being compromised, so are making this change urgently. This work will take about a week, and we have removed the card details in their encrypted form, from our on-line system, and are removing the facility to update or provide card details until the work is complete.

Subscriptions will be processed daily each weekday morning under further supervised controls. Once the new system is in place, we will be able to collect payments through the token system.

We will also investigate the possibility of introducing PayPal as a form of payment as well, to offer our customers further choice.

What next
First we will start to process incoming and outgoing rentals. Then, once we are satisfied that our investigations are complete, we will bring our website back on line so existing customers can see their rental lists. We apologise for the inconvenience caused to our customers while this work is undertaken. Once everything is running again, we will be back in touch and will include updates at that time.

Finally, we would like to re-emphasise that we have not found any evidence of a breach in our systems (our systems were regularly tested for vulnerabilities by a 3rd party specialising in this) but our Engineers and Technical Advisors continue to investigate.

We are aware of the interest and concern this situation has raised and care about our customers and our reputation greatly and are urging our customers to get in touch with us immediately if they have any concerns.

We will shortly be sending an email directly to each of our customers
Click to expand...
 
Last edited:
Nice of them to email their customers.

Guess they don't want this becoming too widely known....

Thanks for posting the update mate.
 
Sorry but I don't buy this at all, the poor comms and flat out denial is enough for me to never use them again. I suppose its a mere coincidence that so many of us got money taken in the same format and were also members on their website. :rolleyes:
 
well its been down since this all cracked off so... errr yeah!

I don't believe it either, too many coincidences and hardly any contact from them stinks.
 
I wrote a long letter to them, informing them as it seems like telling them via social media or reddit isn't enough. Yet they're only informing customer via social media and Reddit (irony!)

They'll probably not reply anyway.

Really bad PR and customer services for a service that isn't actually bad - just not my liking as I play a single game far too long to make rental worthy.
 
It would be interesting to know what other details were taken besides debit / credit card numbers etc.

The company have not handled this well at all.
 
Soulja said:
Hmm I was scammed yesterday for £397 and I know Wyrdo had the same issue. We both have used boomerang recently.
Click to expand...

Yep, had a £1 Ocado transaction and then two Western Union money transfers for just over £200 each.

All sorted by the bank but it's too much of a coincidence not to be a problem with Boomerang. Wanted to delete my account but I see their site is still down.

Article on it

http://www.databreaches.net/uk-boomerang-rentals-customers-report-fraudulent-card-charges/

A DataBreaches.net reader who contacted us to alert us to this incident, noted:

I had a look at it yesterday – everything appears to run on one web server (also email, FTP etc). For example, payment details are taken on same server with their WordPress blog, which has an exploitable theme on it (they only pulled this yesterday, 4 days after the apparent breach).
Click to expand...

Article found on the Reddit thread.
 
My account was blocked by my bank over this so another link to Boomerang - in fact Boomerang is the ONLY company that card has been registered with for 8 months!

On the 13th someone tried to spend £230 at House of Fraser and my bank blocked it and got in touch with me to confirm it was not a genuine transaction.
 
The company started going to pot as soon as a particular girl left. Her name was Rachel I think. Her replacement, Michael, seems to be nowhere near as efficient.
 
I would expect any reasonable size company to reply within 24 hours especially if the inquiry was regarding fraudulent transactions. Even a acknowledgement that they have received the email and will be dealing with it shortly.
 
You must log in or register to reply here.
Back
Top Bottom