Someone Stole my Disney E-gift funds!

[gottalovepluto]

If only that was possible. People use the same info because Disney requires it. All Disney related sites are forced to have the same info.

Except the gift card site. It allows a different password.

 

[SL6827]

My husband got me a $200 Disney gift card for Christmas, thinking about making a dummy room only reservation just to store the card on, then putting the physical card up.

 

[gottalovepluto]

So yesterday I changed the password on my disneygiftcard site and moved $475 I had to another account and just now I get a email saying I transferred that money to another cad, I log on and now that $475 is gone too. So they’ve stole $725 from me.
And I know for a fact they’ve hacked my disneygiftcard site because they made the card my primary card and it wasn’t my primary card yesterday. So it’s the gift card site that’s been hacked. 7am can’t get here fast enough for me, I’m angry and I hope I get my money back!!

Since it’s just you that day it sounds like your credentials are toast. Make sure they aren’t being used anywhere else on the internet. If stuff is being changed after you changed the password your security questions are toast. If they verify via email and you aren’t getting the emails your email credentials could be toast.

It would be simple if the DGC site was hacked. But so many other people here would be raising hell so to me that means either someone very close to you stole from you or your credentials were compromised. I’m suspecting the latter obviously.

I hope Disney gets the rest of your money back. I’ve kept my gift cards on the account as I am prone to losing things and it makes checking the balance instant but their lack of 2-step authentication is seriously problematic so I may stop doing this as well.

 

[sweetpeakaris]

Disney called yesterday to say they were able to freeze both cards that my funds were transferred to, I'm glad the thieves hadn't used the funds yet. However, they still have to investigate and dig deeper before they give me my funds back. Whomever hacked my account is in Malaysia according to Mac and they had access to my emails and disneygiftcard account, the egift cards info are not stored in my emails, only the receipts. I cancelled my AKL ressie 12/15 and on 12/18 they stole the $249 and change left on my gc, then once Disney pushed the $475 refund back to me on 12/22, they took that within hours. I hope I get my funds back asap!

 

[Miffy]

I'd love to use a different password on every single Disney site...but they won't let you. Once you change one password, they are all changed. They require you to use the same password across multiple Disney platforms.

Really? I have a totally different pw for D+ than I do for MDX, for example.

 

[havaneselover]

Really? I have a totally different pw for D+ than I do for MDX, for example.

Me too.

 

[focusondisney]

My husband got me a $200 Disney gift card for Christmas, thinking about making a dummy room only reservation just to store the card on, then putting the physical card up.

? What? You’re going to make a room reservation to hold your gc funds? Why not just don’t put the gift card on the website but keep the physical card in your possession?

 

[SL6827]

? What? You’re going to make a room reservation to hold your gc funds? Why not just don’t put the gift card on the website but keep the physical card in your possession?

Well that is what I did. I just went in and changed my password again on the website to be safe.

 

[Meglen]

Someone last year had this issue so I only use the site to.combine the money than delete the card. I never leave a card on file. I hope they get your money back this is really unacceptable.

 

[SL6827]

Someone last year had this issue so I only use the site to.combine the money than delete the card. I never leave a card on file. I hope they get your money back this is really unacceptable.

Ya, even though I haven't had an issue and I swapped my password out, I am still nervous.

 

[SL6827]

Is there anywhere to buy an odd amount on a DGC? Like I need one with 19.92 on it.

 

[gottalovepluto]

Is there anywhere to buy an odd amount on a DGC? Like I need one with 19.92 on it.

I’ve seen variable loads at grocery stores, Lowes and Best Buy (in person, not online). But I don’t remember if they start at $15, $20 or $25. As long as you hit at least the minimum you can put whatever amount you want on it.

 

[mountdew1]

The problem with alot of gift cards is that they often don't have functions in place to prevent someone from brute force attempting the PIN code. So if they can figure out the sequence of numbers for the card, and then just try thousands and thousands of combos for the PIN code, they can move the funds off that way. Companies that let you register the card offer some form of protection against this (the amount varies by the companies terms), but that isn't always perfect.

RE Disney+, Disney wasn't hacked. People had re-used passwords across multiple sites. So they registered for Yahoo using SallyLovesDisney@gmail.com and the password of MickeyRocks, and then used that same email/password combination for their Disney+ registration. Millions of passwords for Yahoo accounts were stolen over the years, and plenty of people don't change their password. It's like using the same PIN for your ATM card and your luggage lock. So some bored people took that info from the Yahoo breach, and plugged em in to try to log into Disney+ and found some that worked.

Check out https://haveibeenpwned.com/ to see if an account/email you used has been compromised. It's not 100%, but you may be surprised at how many places have been hacked and didn't notify you. I believe the new Lockwise account storage in Firefox will show you similar data based on the sites you have stored locally.

 

[SL6827]

I’ve seen variable loads at grocery stores, Lowes and Best Buy (in person, not online). But I don’t remember if they start at $15, $20 or $25. As long as you hit at least the minimum you can put whatever amount you want on it.

Hmmmm, ok that might work.

 

[SL6827]

The problem with alot of gift cards is that they often don't have functions in place to prevent someone from brute force attempting the PIN code. So if they can figure out the sequence of numbers for the card, and then just try thousands and thousands of combos for the PIN code, they can move the funds off that way. Companies that let you register the card offer some form of protection against this (the amount varies by the companies terms), but that isn't always perfect.

RE Disney+, Disney wasn't hacked. People had re-used passwords across multiple sites. So they registered for Yahoo using SallyLovesDisney@gmail.com and the password of MickeyRocks, and then used that same email/password combination for their Disney+ registration. Millions of passwords for Yahoo accounts were stolen over the years, and plenty of people don't change their password. It's like using the same PIN for your ATM card and your luggage lock. So some bored people took that info from the Yahoo breach, and plugged em in to try to log into Disney+ and found some that worked.

Check out https://haveibeenpwned.com/ to see if an account/email you used has been compromised. It's not 100%, but you may be surprised at how many places have been hacked and didn't notify you. I believe the new Lockwise account storage in Firefox will show you similar data based on the sites you have stored locally.

Is there a safer place to keep them online?

 

[mountdew1]

Is there a safer place to keep them online?

Gift cards? It doesn't really have anything to do with being stored online. Some gift card companies are lazy, and will issue cards numbered 12000 through 13000, sequentially. If someone is smart enough to figure that out, and then the same company used a short (sometimes 4 digit) PIN code, it's trivial to create a program that cycles through 0000-9999 for the PIN code for card 12345 to see if a) someone has activated that card and b) what 4 digit code is the PIN code. When they find a valid card number and PIN code combo, they just transfer funds. Pretty sure the Disney gift cards let you transfer the funds over the phone to another card.

Some companies have stepped up their game, and are using 8 digit (or longer PIN codes) and will limit the number of attempts a computer can make to try to validate a card, but some don't care.

I lost over $1000 in Best Buy gift cards precisely because Best Buy was lazy, and only used a 4 digit PIN code, and the cards had predictable numbers. I know someone figured it out this way as the cards came direct to me from the issuing system, and I never took them out of the envelope until I tried to use them. But because they had no system to register the cards, all they could do was suggest I report the theft to my local police department, who I am sure would have thought this to be a high priority case (especially when Best Buy could tell me they were transferred several time zones away).

So if Disney seems to be making good on freezing funds that are transferred, if you can prove it wasn't you, then there is no harm in registering them, just make sure to use a hard to figure out passsword that isn't used on other sites, and keep an eye on the balance. Really no different than common sense for any financial services today,

 

[wdwmom3]

Is there a safer place to keep them online?

why do you want to “keep it online”. Just don’t leave cards on the gift card site if that’s what you are worried about.

I think people are getting a little crazy over this. You can use the site to combine cards and then delete it off the site. Also we are talking about one person who had their email account hacked. The Disney gift card site was not hacked.

 

[Kaleidodad]

Two completely different uses of the term "technical." It's important with the Disney+ situation because it's user issues that need to be corrected (people need to use different passwords, complicated passwords, and to change their passwords, Disney can't do that for them and that was the issue here; Disney+ was not hacked).

I'm pretty sure that poster has been wrong about everything they've posted in a very short time on the DIS.

 

[SL6827]

why do you want to “keep it online”. Just don’t leave cards on the gift card site if that’s what you are worried about.

I think people are getting a little crazy over this. You can use the site to combine cards and then delete it off the site. Also we are talking about one person who had their email account hacked. The Disney gift card site was not hacked.

Oh, ok. I did change my password to a more complicated one so maybe I shouldn't worry to much.

 

[bobnjenn0828]

I also had my disney gift card money stolen exactly this same way. Mine was due to my charter.net email account being hacked and that is how they got into my DGC site. They then had the emails sent to my junk folder and deleted them before I would see it. They also got on my Amazon account and contacted customer service as me and said I didn't receive an item that I had ordered a few months previously. Amazon put it back on a gift card and I assume they were going to steal that but I had gotten an immediate notification form amazon that I had a credit on my account. I called them and had it deleted before they could do anything. It was a pain in the tail to get my money back, however they did get it all back to me. I won't be leaving any gift card money on my DGC account anymore even though I know it was because my email was hacked and not that account. I'm so sorry this happed to others as well.