How did my cc get hacked?

Ok, I’m on holidays in Vietnam at the moment, since 10/08. On 15/08 and the 19/08, somebody used my credit card for transactions totalling nearly $1500AUD, apparently as POS stuff at an electronics shop in Singapore. I haven’t been to Singapore.

Also, I haven’t used my card at all for about a month. It’s in one of those protective cases that are meant to be ‘skim proof’, so should be immune to randoms walking past me and getting the card number.

The only time my card details have been shared was to book hotels on Is it likely that some arsehole there is compromising credit cards and hoping people don’t notice??

You not only gave your credit card number to booking dot com-you also gave it to all the hotels they passed that number to.

Same thing happened to me, and I don’t know how. Somehow somebody got our CC #s and charged $100 to some cosmetics company (supposedly) and another company I don’t recognize.

The credit card company caught both immediately and refused to pay, and then called us. Unfortunately, I get so many effing robocalls that I blew off the message they left on my answering machine. The Lovely and Talented Mrs. Shodan, however, called the customer service number listed on the credit card (NOT the number left on our answering machine), and sure enough, confirmed the bogus charges. They cancelled the card and sent out new ones.

But I cannot figure out how we got hacked. I buy cigars online, fill the car with gas, and do my SDMB subscription via Paypal, but not much else.

Total charged was about $250. Go figure.


I don’t know how trustworthy your cigar buying sites are, but card skimmers at gas stations and ATMs can be a real problem. This article at pcmag will show you how to spot and avoid them.

Thanks, I will have a look


So are you saying the hotels themselves are using my card details?

I am saying that the longer the line is of people that have access to that number, the greater chance that it will be abused by someone who thinks she/he will be harder to trace.

I imagine that all it takes is one dishonest employee who also has access to the hotel’s computer reservation system.

There’s a trick called “web skimming” where the crooks compromise a website that accepts credit cards and siphon off the numbers from customers. A tool called MageCart is one of the more popular for doing this. I don’t know offhand if was compromised, but it or another site you’ve used recently may have been.

Google MageCart or web skimming and see if any ecommerce sites you’ve been to the past several months have announced being victimized by a web skimmer.

I think Czarcasm meant that the hotels you booked may have themselves been compromised, resulting in your CC number getting out that way. I don’t know enough about how works to say if they share your CC with the hotel or just run your card and bundle payments to their client hotels without passing on the CC numbers.

Don’t most of those systems obscure the credit card number for almost all users?

From here:

So, has it, and then it can then be accessed up to five times by the hotel.

Your card info doesn’t have to have become compromised recently for it to be used recently. The info could have been breached any time since the first time you used it to now. Credit card info is stolen, stored, tested, sold and used daily.

Don’t think too hard about how it may have gotten stolen. Be prepared for it to happen (have additional funding sources). Check your online statements a few times a month. Allow alerts from your credit card company (give them your cell number, and make sure their emails don’t go to the junk box). Don’t use a debit card.

Cool, thanks for the information. Now that I’ve fully woken up and had my first pint of coffee, it does make sense that the hotel would need the card numbers. In my morning haze, I was thinking it would be easier for to do all the processing and keep a cut, but I can see how that would be unwieldy for things like cancellations and would make it a pain for the hotel to charge incidentals.

So, yeah, the site could have been skimmed, their databasse could have been compromised, one of the hotels could have been compromised, or there might be a dishonest employee somewhere along the chain.

And I second what ZipperJJ says as well.

I’ve had my credit card number stolen 3 different times over the years. As each time it was a chip card and my PIN wasn’t used, I wasn’t stuck with any of the charges. Supposedly gas stations with credit card readers (which is all there is around here anyway) are bad for some kind of device being inserted that can read your card so the credit card company advised me to go inside to pay. At most self serve places, you have to leave a deposit, fill your tank then come in and clear up the charge. Time consuming PITA. (I’ve gone back to using the credit card slot on the pump)

If you have the choice, I would use a single-use or virtual credit card number that doesn’t matter if it gets stolen because it’s only valid for a single transaction. That is probably easier to manage for online purchases, though, than with physical transactions, unless the card is a smart card that supports it (I do not have such a card in my wallet at the moment, for instance).

This happened to me and the authorities actually figured it out. We are really careful with our credit cards, but a few months ago, our visa card (which had never left our possession) was being used in Mexico. And the info that the bank had, was that whoever was using the visa, actually had a CARD and was not just giving the number for a phone or internet purchase. Turned out that some criminals had installed some sort of credit card reader/counterfeiter inside the card reader at a local gas station we frequent. They made a phony visa with all our info on it, and started racking up charges in resort cities in Mexico. Kind of amazing how smart some criminals are. Too bad they use it for evil rather than good.

OP’s card most likely wasn’t “hacked”. Neither was Shodan’s.

What do you mean?

Yes. We had a credit card number lifted when we stayed at a hotel. The credit card company told us that it had happened on multiple occasions from that hotel and they were working with management to identify the problem employee.

Are you quibbling over the use of the word “hacked”?

I had several cards spoofed over a couple of years. The card security office said it was probably from running random numbers rather than hacking or skimming.