Bowker’s ISBN SIte Has Been Hacked, and Credit Card Numbers Have Been Stolen

This content has been archived. It may no longer be accurate or relevant.

From The Digital Reader:

When I reported 3 days ago about MyIdentifiers.com’s extended downtime, I made an offhand reference to a report about credit cards being stolen on the site. I didn’t really trust that unconfirmed story, but it was later confirmed by another author, and now Bowker admitted that due to their sloppy website security, they were indeed hacked.

From Bowker:

Bowker was recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Bowker’s website, www.myidentifiers.com. We immediately launched an investigation and engaged a leading forensic firm to assist. Our investigation has identified unauthorized code that was added to the checkout page on our website. Based on currently available evidence, our investigation is focused on determining if the code was active from May 1, 2018 through October 23, 2018. However, because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation. We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and orders that may have been affected.

Bowker has not said when their site will be online again, but they did say that you can still buy a single ISBN through a different site. You can also buy a block of ISBNs by downloading an order form and faxing it in.

Link to the rest at The Digital Reader

PG suggests that a one-time credit card number may be prudent for dealing with Bowker in the future (if you feel an irresistable craving for an ISBN number).

From MarketWatch:

Capital One last month announced a new feature for its credit cards called “virtual numbers.” They are one-time numbers consumers can use while shopping online so they don’t have to give their actual Capital One credit-card number to an online retailer.

To get the virtual number, card holders must visit their Capital One online profile, through the Capital One website. There, they can find a tool called “Virtual Numbers from Eno,” named after Capital One’s virtual assistant Eno. The tool creates unique, virtual numbers for each merchant, linked to their Capital One credit card account. But the online retailers don’t receive the actual number printed on consumer’s physical credit card.

. . . .

It’s Capital One’s latest answer to combatting online credit card fraud. Several banks, including Bank of America and Citi have started similar systems.

When fraud is detected on credit cards, “I have to go through and update my card everywhere I’ve ever put it,” said Tom Poole, the senior vice president of digital payments and identity at Capital One. “But if you’re like me, you don’t know where you put your card.”

Link to the rest at MarketWatch

15 thoughts on “Bowker’s ISBN SIte Has Been Hacked, and Credit Card Numbers Have Been Stolen”

  1. Here’s an irony for you. Years ago, I bought a block of 100 ISBNs from Bowker. The credit card number I used was later stolen and has been replaced.

    So I guess this set of hackers is out of luck. Not much satisfaction, though.

    In case you’re wondering, I’ve used 70 of those numbers (some books require two, for print and ebook). That 70 total includes reissues. I don’t write THAT fast.

  2. “But if you’re like me, you don’t know where you put your card.”

    Some of us do have to keep track of such things …

    (Someone who refuses to do business with Capital One. 😛 )

    MYMV

  3. I am so grateful that I compared the prices between the US and Mexico for ISBNs and decided to wait on till I relocate to Mexico to buy due to the price. I refuse to support over pricing when the rest of the world gets a dirt cheap to free. So my books will be registered in Mexico.

    It’s starting to get to the point where companies should be banned from the Internet unless they prove their competent in security. There should be Third party examinations other system And licensing based on their systems and testing of the people maintaining said systems.

    • I wish computer security were so simple. The most secure site in the world is still one undiscovered vulnerability, rogue employee, or ill-advised click away from being hacked. Some sites are more secure than others, but all are all vulnerable.

      My best advice is to look for businesses that conduct regular security audits orchestrated by folks who know what they are doing. Look for certifications. There are no guarantees this side of the grave, but you can better your odds. Unfortunately, certified security audits are pricey and a lot of businesses don’t do them.

      Although hacks occur all the time, the actual probability that you will be a victim is in the same ballpark with the probability that you will be run over crossing the street: a distinct possibility, but it has never stopped me from crossing.

  4. People are talking about this on 20books. Every time I mention you no longer need to buy ISBNs from this outdated fragment of the old empire, they freak out. I’ve had everything from polite discourse to outrage and accusations of being in Amazon’s pocket…

    Nothing about an ISBN increases book sales. Nothing.

    • ISBNs have nothing to do with marketing.

      They have everything to do with ecommerce. If you want to participate in the larger world of the book trade outside of a couple of retailers (including, admittedly, the most important one: Amazon) you will need ISBNs to play, even for ebooks. They are required from all the distributors.

      • Completely agree. An ISBN is valuable. Amazon’s choice not to require them is not in the public interest.

        Nevertheless, I am disappointed that Bowker charges a lot for a product that costs them very little. The ISBN prices in other countries are closer to fair, in my opinion.

        • It’s not in the public interest to not require them?

          Why is my buying an ebook from Amazon which may not have an ISBN not in society’s interest?

          • I was not clear; you misunderstood me.

            You buying a book without an ISBN is not against the public interest, but Amazon’s decision not to require ISBNs does run counter to the public interest because having a single unique identifier (a cannonical representation if you will)for editions of books is in the public interest. ISBNs ease the work of librarians, scholars, and booksellers, among others. Therefore the general public.

            The ISBN was developed in the mid-60s, originally as an aid to British booksellers for managing their inventories. It was a raging success and spread rapidly worldwide.

            In my past career, I designed and built many computer systems to manage entities like inventories. I have two patents on uniquely identifying components in IT systems. I’ve built systems to manage farm equipment parts, cell towers, consumers, IT configuration items, and other stuff I’ve forgotten. Having an unambiguous, compact, easily searched identifier for managed objects makes system designs simpler, reduces compute resource requirements, reduces errors, and speeds troubleshooting.

            Oddly, I sympathize with Amazon’s decision not to use ISBNs for KDP. Bowker’s charges are scandalous and putting a critical chunk of Amazon’s system in the hands of a potential competitor (Bowker is a publisher like KDP after all) would not be good business.

            If I had my druthers, ISBN registration would be in the hands of a foundation like the Linux Foundation or Apache, not in the hands of a greedy competitor. But I don’t have my druthers and the public loses.

  5. Ebook ISBNs just graduated from “harmless cargo-cult voodoo that helps insecure self-publishers feel more legit” to “i went to buy a pack of gum and had my wallet stolen”

    That’s… just… sad.

  6. Discover used to offer single-use numbers for online purchases. However, they discontinued that feature a while ago. I imagine most people found the couple of extra clicks just too much trouble in the internet world.

  7. So, I read about the hacking just as I was about to buy a pack of 10 ISBN numbers for 2019. I’ve been publishing since 2015. My ebooks have all had an Amazon/Kobo number generated by those companies. Now I use Draft2Digital for all save those two. And I’ve always purchased ISBNs for my paperbacks (as created and distributed via CreateSpace. I’ve already moved to KDP Print.) The reason I bought the ISBNs is to have it published under my own company and not beholdened/owned by Amazon.

    So, just to be clear: having my own ISBNs for my paperbacks/audiobooks is still a good thing…and I still have to purchase ISBNs via Bowker, even it is via fax.

    Are there other alternatives?

    Thanks in advance.

    Scott

  8. I’ve been recently juggling the idea of using Ingram for all paperbacks, which would mean buying a bulk order of ISBNs. Outrage over how much they cost in the US stopped me so far, but wow, this is troubling.

    I wonder if maybe someone will notice that they don’t need to be sold at a huge profit like that now that the site is so roundly hacked.

  9. My credit card number was stolen and used for several thousand dollars of fraudulent charges in September, three weeks after I purchased several ISBNs from Bowker. We’ve gotten new cards and resolved everything, and we have some good leads for tracking down the people who made the charges, provided the fraud investigators aren’t too busy to follow them.

Comments are closed.