Bowker’s ISBN SIte Has Been Hacked, and Credit Card Numbers Have Been Stolen

Bowker's ISBN SIte Has Been Hacked, and Credit Card Numbers Have Been Stolen Uncategorized

When I reported 3 days ago about MyIdentifiers.com's extended downtime, I made an offhand reference to a report about credit cards being stolen on the site. I didn't really trust that unconfirmed story, but it was later confirmed by another author, and now Bowker admitted that due to their sloppy website security, they were indeed hacked.

From Bowker:

Bowker was recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Bowker’s website, www.myidentifiers.com. We immediately launched an investigation and engaged a leading forensic firm to assist. Our investigation has identified unauthorized code that was added to the checkout page on our website. Based on currently available evidence, our investigation is focused on determining if the code was active from May 1, 2018 through October 23, 2018. However, because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and orders that may have been affected.

Bowker has not said when their site will be online again, but they did say that you can still buy a single ISBN through a different site. You can also buy a block of ISBNs by downloading an order form and faxing it in.

BTW, did anyone else notice they didn't tell anyone about the hack until two days after I first reported it? Does anyone else think they would never have said anything publicly if I hadn't already posted my scoop? (I do)

P.S. This is why I continue to blog; I love being two days ahead of the official announcement.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader. He has been blogging about indie authors since 2010 while learning new tech skills weekly. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

17 Comments

  1. Angela Korra'ti2 November, 2018

    Well, damn. I had a credit card get compromised a few weeks ago. AND I did buy a new block of ISBNs for my work. I think this may be the vector through which the compromise happened. :[

    Reply
    1. Nate Hoffelder2 November, 2018

      So you still haven’t gotten an email? Wow. They are really trying hard to avoid telling people.

      Reply
      1. Angela Korra'ti3 November, 2018

        Yeah, your post is the first I’ve heard of this. This does not make me inclined to want to do business with these people in the future. >:|

        Reply
        1. Nate Hoffelder3 November, 2018

          The IBPA also covered it, but yeah, there has been a lack of notice from Bowker.

          Reply
      2. Lori Shandle-Fox22 November, 2018

        Hi Nate, any updates with this bowker fiasco? incredibly frustrating. I’ve called, faxed, and emailed over the past 2 1/2 weeks. no info. no isbns.

        Reply
        1. Nate Hoffelder22 November, 2018

          Nothing yet, sorry.

          Reply
  2. Will Entrekin2 November, 2018

    “you can still buy a single ISBN through a different site. You can also buy a block of ISBNs by downloading an order form and faxing it in.”

    Or you can still just avoid them altogether for ebooks, because as far as I know there’s still not a single major digital retailer (Amazon, Apple, Kobo, B&N) who requires them.

    Reply
    1. Lori Shandle Fox22 November, 2018

      still waiting (2 1/2 weeks and counting) for a reply to my fax. emailed, sent a follow up fax, called… all to no avail. if you’ve heard any updates do tell.

      Reply
  3. Brian T2 November, 2018

    This might be the type of hack they are talking about if someone wanted more information: https://arstechnica.com/information-technology/2018/09/british-airways-site-had-credit-card-skimming-code-injected/

    Reply
  4. Allen F2 November, 2018

    So glad I never bothered paying their prices for a number.

    Reply
  5. S Marcus3 November, 2018

    Does that mean that the block of ISBNs I bought in March 2018 is compromised?

    Reply
    1. Nate Hoffelder3 November, 2018

      The credit card you used may be compromised, yes.

      Reply
  6. PJ Harrison4 November, 2018

    I’m so glad I am cheap. Every time I look at their price tag, I decide not to. It’s reinforced by the fact with Temp Residency, I can get my ISBNs in Mexico for 13 bucks each [less depending on the value of the peso that day]. So it simply gets put off until I relocate.

    Reply
  7. Alicia Butcher Ehrhardt4 November, 2018

    Thanks, Nate.

    I’d say congratulations on the scoop, except that even you would have rather had it up front.

    I only hope enough people will see this – bad on Bowker. Long may they not live.

    Reply
  8. Laura12 November, 2018

    No notice to this major publisher yet either…

    Reply
  9. Amy Gaiennie13 November, 2018

    Shortly after purchasing a barcode from Bowker recently, the credit card I used was hacked. Payments went to a site in Hong Kong. This is probably the Bowker hacking.

    Reply
  10. Angela Korra'ti25 November, 2018

    Followup on this post, for those of you who like me might have been impacted:

    As of this weekend (mail received on Saturday the 24th, though I am writing this on Sunday the 25th), I FINALLY received mailed notice from Bowker that my credit card might have been impacted by the hack to their site.

    Given that Nate posted this posted back on 11/2, that’s an elapsed turnaround time of about three weeks.

    However, I found out about our credit card being compromised back on September 22nd, which is when I first posted to Facebook about it. So counting from there, that’s just over two months between when I found out about the card being compromised–and Bowker finally sending me notification that a hack to their site might have put my card at risk.

    GEE THANKS BOWKER. Bit late there. >:|

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top