The text below went out to roughly 2,000 Hideout Theatre customers at 10pm on 9/7/2012. If you did not receive the email, it is because you were not potentially affected by the site security issue.
Dear Hideout Customer,
You are receiving this email because you purchased tickets or classes through The Hideout website between 1/1/2012 and 9/7/2012. It has been brought to our attention that our website was hacked, compromising the credit card information that you submitted to complete your purchase.
We have already put numerous security measures in place to prevent something like this from happening again, and there are more details about that further down in this email, if you care to read them.
Right now, the most important thing for you to do is to check your credit card statements for suspicious transactions and call your bank to cancel the credit card you used for your HideoutTheatre.com purchase. We have heard reports of fraudulent charges coming from World Wildlife Fund, Facebook, ClickInks.com, and Gamefly. This is probably not an exhaustive list, but it will give you a few charges to look out for in your statements.
As a precaution, we are taking the following steps to make our site more secure:
– We are moving our website to a more secure web-hosting company. From what we can tell, this problem originated from an incident that occurred in late January when our hosting provider, Dreamhost, was compromised. (http://wpgazette.com/2012/dreamhost-one-million-domains-hacked-wordpress-blogs-infected/) At the time they sent out a security alert. We changed our passwords and tightened our security, but didn’t notice anything out of the ordinary at the time.
– For the time being, all credit card processing on HideoutTheatre.com will be handled through Paypal. Paypal is a large, well-established company, and we are confident that Paypal is more secure than any stand-alone hosting company.
– We are currently evaluating third-party ticketing systems. Most ticketing sites will charge our customers high per-ticket fees, which is why we have avoided them in the past. In the absence of an acceptable and cost-effective third-party system, we will switch to Paypal as a permanent payment solution.
– Credit card numbers are not currently, nor have they ever been, stored on our servers in anyway, so there is no action we need to take to remove card numbers from our site.
Please accept our humble apology on this matter and know that we are doing everything we can to make sure this does not happen again. We are absolutely mortified that this happened, and while this particular security threat has passed, we will be moving to a new, more secure hosting company as soon as possible.
If you have any questions or concerns, please contact me at kareem@hideouttheatre.com or (512) 443-3688
Sincerely,
Kareem Badr
Owner & General Manager
The Hideout Theatre