Bowker’s ISBN SIte Has Been Hacked, and Credit Card Numbers Have Been Stolen
When I reported 3 days ago about MyIdentifiers.com’s extended downtime, I made an offhand reference to a report about credit cards being stolen on the site. I didn’t really trust that unconfirmed story, but it was later confirmed by another author, and now Bowker admitted that due to their sloppy website security, they were indeed hacked.
Bowker was recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Bowker’s website, www.myidentifiers.com. We immediately launched an investigation and engaged a leading forensic firm to assist. Our investigation has identified unauthorized code that was added to the checkout page on our website. Based on currently available evidence, our investigation is focused on determining if the code was active from May 1, 2018 through October 23, 2018. However, because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and orders that may have been affected.
Bowker has not said when their site will be online again, but they did say that you can still buy a single ISBN through a different site. You can also buy a block of ISBNs by downloading an order form and faxing it in.
BTW, did anyone else notice they didn’t tell anyone about the hack until two days after I first reported it? Does anyone else think they would never have said anything publicly if I hadn’t already posted my scoop? (I do)
P.S. This is why I continue to blog; I love being two days ahead of the official announcement.