PSA: Subispeed Hacked

I’ve used Subispeed quite a lot. They’ve got a pretty good website with an excellent collection of parts and gizmos to browse. We often link to in our articles because, quite frankly, in a lot of cases, they’re the quickest, easiest, or only vendor that carries a part.

And so because we link to their store, we feel obligated to write this PSA. Reddit user y_e_y_o recently posted a letter received from Subispeed disclosing the breach to /r/subaru.

All that said, I work in the cybersecurity industry and know how sophisticated these attacks can be, and how daunting they are to thwart. Thematically, what I feel these Redditors have failed to see is that Subispeed is also a victim here. Nothing hurts an online business more than when its customer base doesn’t feel that they can purchase from the store safely.

I’ve chatted with Jeremy over at JB Autosports, and from that conversation I believe they’ve taken all of the appropriate steps to prevent this from happening again and are actively monitoring against further breaches. So much so that I don’t intend to stop linking to Subispeed, nor do I intend to stop buying from them myself.

But there are things you can do too, to help protect your credit card info. Here are a few quick tips to follow when shopping with any online vendor:

  • Use PayPal – it puts a layer of protection between the vendor (and potential hackers) and your account information. Using the PayPal method always redirects you to the PayPal website to complete the transaction and no payment method information is ever exposed to the vendor.
  • Use a Pre-Paid Debit Card – put only enough money to complete the transaction onto a pre-paid debit card or gift card. That way even if it’s stolen, there’s no money on it.
  • Listen to Your Browser – assuming you’re using a decent browser, most have XSS and phishing filters enabled by default. Don’t ignore the warnings, they’re usually right.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s