In the late summer of 2020, some subscribers of SapphireFoxxBeyond.com informed us that they were experiencing unauthorized charges on their credit cards. We were not aware at that time of any compromise of the SapphireFoxxBeyond.com site. Throughout the fall, we continued to hear sporadically from subscribers about unauthorized charges, so we retained an outside forensic expert to investigate. In December, our forensic expert informed us about malware on our site, which appears to have been installed in June. The malware was removed on December 12, 2020.
According to our forensic expert, the malware had the capability of exporting the keystrokes of users while they were on the site between June and December 12. We therefore notified all individuals who logged-on during that period of time that their username and password may have been compromised, had users reset their passwords, and recommended that users reset their passwords on other sites if those passwords were the same as the passwords used on our site. Additionally, we notified all individuals who entered credit card numbers on our site between June and December 12 that their credit card numbers may have been compromised, and offered those individuals certain protection services.
In addition, we have been working and continue to work with our technology security expert and data security lawyers to incorporate into our site additional software and other security controls that both prevent this type of incident from reoccurring and also enhance our overall security. One example is advanced threat detection software installed on the site that senses even the minimalistic activity of sophisticated malware, preventing the downloading of the malware to our site as well as preventing malware from activating if it is downloaded to our site. We are confident that, with the help of our technology expert and data security lawyers, our site currently has and will continue to have state-of-the-art security safeguards.
If you received an email notice from us, it is because you accessed SapphireFoxxBeyond.com between June and December 12, and information about you may have been compromised. If you did not receive an email notice from us, then your information was not compromised. In particular, our sister site, SapphireFoxx.com, was not affected by the malware. Only the SapphireFoxxBeyond.com site was affected.
The following are answers to some Frequently Asked Questions. Additionally, Please call us at (888) 522-8696 or send us an email at response@sapphirefoxxbeyond.com if you have any other questions. We apologize for any concern or inconvenience this situation may cause, and thank you for your continued participation in the Sapphire Foxx Beyond community
Frequently Asked Questions:
When Did this Incident Occur? Our forensic expert discovered the malware in December 2020, and informed us that it appears that the malware was installed in June. It was removed from our site on December 12. As a result, the period of time of the potential compromise was from June to December 12, 2020.
What is Malware? Malware is a type of software created for improper purposes. Although we are unsure about the impact that the malware on our site actually had, that type of malware had the capability to send out the keystrokes of users while they are on the site.
Was My Information Potentially Compromised? If you received an email notice from us, your information may have been compromised. The malware affected our SapphireFoxxBeyond.com site, but did not affect our sister site, SapphireFoxx.com. The notice you received tells you what type of information about you may have been compromised. For some individuals, the compromise may have affected only their username and password. That is why we have had all of our users reset their passwords. We also recommend that, if people use the same password on other sites, they should reset the password on those sites as well. For other individuals, who entered a credit card on the SapphireFoxxBeyond.com site between June and December 12, the compromise may have affected that credit card number. Again, the notice you received will tell you what type of information about you may have been compromised.
What Information Was Potentially Compromised? The malware we experienced had the ability to send out keystrokes of users while they were on the site. In light of how our site operates, we feel that two types of potentially sensitive information may have been compromised. The first is username and password, since people who logged-on to the site would have entered that information. While we have had all of our users reset their passwords for our site, some people may use that same password on other sites. If so, we recommend that they reset the password on those sites as well. Some users also may have entered a credit card number on the SapphireFoxxBeyond.com site between June and December 12. The notice you received tells you whether only your username and password were potentially compromised, or whether you also entered a credit card number on the site that may have been compromised.
Did this Incident Affect Personally Identifiable Information or PII? For people who entered a credit card number on the SapphireFoxxBeyond.com site between June and December 12, the incident did involve their personally identifiable information, since a credit card number is one type of PII. The email notice you received tells you whether your credit card number may have been compromised.
Was My Credit Card Number Potentially Compromised? Only credit card numbers entered on the SapphireFoxxBeyond.com site between June and December 12 were potentially affected. Credit cards entered outside that time period were not affected. Specifically, if a charge was made to your card during that time period to auto-renew your subscription, your credit card number was not compromised. Only credit card numbers actually entered on the SapphireFoxxBeyond.com site between June and December 12 were potentially affected. The notice you received tells you whether you entered a credit card number on the site that may have been compromised.
Should I Get a New Credit Card Number? If you received a notice stating that your credit card number may have been compromised, you have a choice. You could get a new credit card number right away. You do so by informing your credit card company that your number may have been compromised and asking the company to send you a card with a new number. Alternatively, you could monitor your credit card statement carefully each month for potentially fraudulent charges. If none occur, then you do not necessarily need to get a new credit card number. If you find any fraudulent charge on your credit card account, you should immediately notify your credit card company of the situation and dispute the charge. Your credit card company should provide you with a new credit card number at that time.
What Can Someone Do with My Credit Card Number? If someone has your credit card number, that person could use the number to make unauthorized charges or purchases to your account. While the credit card system sometimes catches this activity before the transaction processes, the system is not always able to detect it. If the credit card system does detect this activity before the transaction processes, your credit card company should contact you to inquire about whether the transaction is authorized. If that occurs and the transaction was not authorized, then you should inform your credit card company of that fact, and receive a new credit card number. If the credit card system does not detect this activity before the transaction processes, then you will need to catch it when you review your credit card statements each month. If you find any fraudulent charge on your credit card statement, you should immediately notify your credit card company of the situation and dispute the charge. Your credit card company should provide you with a new credit card number at that time.
Do I Qualify for Protection Services? We are offering protection services to the individuals whose credit cards may have been compromised. We are not offering those services to individuals if only their username and password may have been compromised. The best method for those individuals to protect that information is to change that password on any sites where they are using that password. The notice you received tells you whether your credit card number may have been compromised and, if so, how to enroll in the protection services.
What Should I Do To Protect Myself? We are encouraging individuals to take the steps recommended in the email notice. Specifically, we recommend that every individual who received a notice should change their password on other sites if it is the same as the password they used on our SapphireFoxxBeyond.com site. In addition, if the notice you received states that your credit card number many have been compromised, then we also encourage you to enroll in the protection services offered to you in the notice.
If I Qualify, How Do I Enroll in the Protection Services? If your credit card number may have been compromised, we are offering to a two-year membership in Experian’s IdentityWorks protection services. To enroll, you can call Experian directly as 888-397-3742, or go to the following website: https://www.experianidworks.com/identity. Once you are at that website, use the code provided in the email notice you received. If you have any issue enrolling in these services or if you have any questions about the scope of these services, we ask that you contact Experian directly at 888-397-3742. Please remember that you only have until April 30, 2021 to enroll, so you will need to enroll by that date if you want to take advantage of these services.
If I Qualify, What Do I Get with the Protection Services? If your credit card number may have been compromised, we are offering to a two-year membership in Experian’s IdentityWorks protection services. If you have questions about the scope of these services, we ask that you contact Experian directly at 888-397-3742. Please remember that you only have until April 30, 2021 to enroll, so you will need to enroll by that date if you want to take advantage of these services.
Are There Additional Steps I Should Take to Protect Myself? We are encouraging individuals to take the steps recommended in the email notice. Specifically, we recommend that every individual who received a notice should change their password on other sites if it is the same as the password they used on SapphireFoxxBeyond.com. In addition, if the notice you received states that your credit card number many have been compromised, then we also encourage you to enroll in the protection services offered to you in the notice. While we are not encouraging you to take any other steps, if you choose to do so, you could do two additional things. First, you could obtain your credit reports from www.annualcreditreport.com, inspect them for any potentially fraudulent activity, and notify the creditor if fraudulent. Second, you could either implement a 90-day fraud alert, or freeze/lock your files with each of the three major credit bureaus. Both are free of charge to you. The information to implement a fraud alert or freeze/lock your credit files is as follows: Equifax’s telephone number is 866-349-5191, and its website is www.equifax.com; Experian’s telephone number is 888-397-3742, and its website is www.experian.com; and TransUnion’s telephone number is 800-888-4213, and its website is www.transunion.com.
Is My Identity at Risk? This incident did not involve any social security numbers or governmental identification numbers. As a result, we believe that your identity is not at any increased risk as a result of this incident.
What is Sapphire Foxx Beyond Doing To Prevent this Incident from Reoccurring? We have been working and continue to work with an outside technology security expert, as well as our data security lawyers, to incorporate into our site additional software and other security controls that both prevent this type of incident from reoccurring and also enhance our overall security. One example is the advanced threat detection software installed on the site that senses even the minimalistic activity of sophisticated malware, preventing the downloading of the malware to our site as well as preventing malware from activating if it is downloaded to our site. We are confident that, with the help of our technology expert and data security lawyers, our site currently has and will continue to have state-of-the-art security safeguards.
Did You Contact the Police? No. Our forensic expert and legal counsel believe that, based on the type of malware used, it would be impossible or nearly impossible to identify the individuals responsible for this incident. Additionally, to the best of our knowledge, all of our members who experienced unauthorized charges to their credit cards have been reimbursed for those charges by their credit card companies, and therefore have experienced no financial loss. As a result, based on advice from our forensic expert and legal counsel, we feel that law enforcement involvement would not assist in this situation.
Hi I’m wondering if it is safe to put in my credit card information to subscribe? I was hit with a hack and unauthorized charges way before. I do want to subscribe to this site.
I created my account on this site mid November 2020 and so entered username/password and my credit card info in the affected timeframe. I however did not receive a mail with the mentioned warnings.
@SapphireFoxx please check your logs again, as I am pretty sure that my case will not be the only one
There were dozens of emails that bounced because the registered email address was invalid. Are you sure your email was spelled correctly or had some other issue receiving mail?
You can reach out to our Support email to get a code for the Experian protection.
My creditcard information has been hacked for the third time. I changed my password and I renewed my subscription in totdat in the morning and few Horus later I got a textmessage from my bank that Thérèse are some strange activities in the creditcard account.
I recieved like $75 in charges to my card r
From someone saying they’re Facebook. This was In late November like the day after I submitted my brand new card information to SF.
I got a third card now, but what do you guys mean by protective services?
While I did receive such an email, I haven’t noticed any charges on my card. Still, I’ll keep this in mind.
This might explain why I got 3 charges to my card on the 8th of January. I had to have my card cancelled.
Thanks, for the information. Yes, I have unauthorized charges to my credit card.
Best Regards,