I’ve got the latest update from Costco US regarding the security situation with the summer outage of the CostcoPhotoCenter.com website. Here’s the text from an email that I received recently detailing the situation and how members may have been affected by the hacking:
As you may be aware, the company that hosts the online Costco Photo Center suffered a security compromise that caused our photo site to be taken offline for several weeks. Although we do not know the exact date of Costco’s compromise, an unauthorized party appears to have accessed the host company’s system from June 19, 2014 to July 15, 2015. At some point, the unauthorized party deployed malware within the host company’s systems. Several retailers were impacted, but we do not know the extent of that impact. Our investigation indicates that some Costco members who typed information into their account may have had that information taken. You are receiving this notice because you have a Costco Photo Center online account, and there is a possibility that if you logged on during the affected time period, your email address and password were compromised. If you created a new account during the affected time period, your name and phone number also may have been compromised. We do not believe, however, that stored information or your photos were at risk. Costco.com itself was not impacted.
The site was taken offline on July 17 so that it could be rebuilt with additional security measures at a variety of levels. As a precaution, all stored credit card information was deleted. When we resume taking payments online, the site will have new payment technology with enhanced security features. We continue to work closely with our hosting company to implement security tools and tests to protect our members’ personal data.
Now that the site is online again, we are requiring that all users reset their passwords the first time they access the site. In addition, we strongly recommend that you change your password on all other sites or services where you used the same password used for the photo site.
There is additional information about this situation accessible from the help section of the online Costco Photo Center: www.costcophotocenter.com/faqs. You may also call us at 866-329-0155.
We regret any inconvenience this situation may cause you.
The Costco Photo Center Team
As always in a situation like this, you should certainly change your password, just in case. And best practice (though highly annoying) is to not reuse your password across multiple sites. Which is a total pain, but if something like this happens it does mean that you only need to worry about changing the password for one site instead of twenty different sites. Just to reiterate, this only affected the Costco US photo center website. None of the other photo center websites for Costco locations around the world were bothered by this situation in the US, nor was there a breach of Costco.com or any of the other Costco websites.
Hopefully, now that the site it back online everyone has been able to access their photos and projects without a problem (though I know at least one of my readers has had a significant loss to the progress on their large photo book).