Cyclists: don't ever buy anything from Bike Nashbar

In April of this year, I was walking into a market and glanced down at my phone to see two new emails. I read them only to find out that two really weird looking purchases were made on a credit card sitting in my pocket. I thought "aw crap, someone ran my numbers on some purchases" and I called the credit card company immediately to cancel the card and investigate the two most recent purchases.

Back in 1996, someone ran my ATM/VISA's card numbers halfway around the world for some jewelery purchases that emptied my bank account. Luckily, my bank noticed immediately and refunded the money and canceled the card. In this new case, it looked like someone bought two get-rich-quick ebooks online, but refunds were on their way. It felt like a problem solved enough that I continued my day.

A couple weeks later and I started getting phone calls from people on my private cellphone number and they knew my name. They were selling get-rich-quick systems and they were calling to "set everything up to start making money" because I had "purchased their wealth creation system". I started to freak out a little because running random numbers in credit card scanners is one thing, but knowing my name, credit card number, and private phone number is a heck of a lot worse. I began to freak out a bit. I ordered credit reports and started tracking my credit profile at various agencies. I changed every password on every online service I use and I began to be very cautious about signing up with new services.

I wracked my brain for months trying to figure out how and who might have access to this sensitive information. I spent the last couple years weeding out get-rich-quick scammers from MetaFilter and had sometimes publicly mocked cash gifting scammers in my twitter stream. Perhaps one of the people I banned from my site for spamming had somehow gotten my information?

An epiphany came when I read this news item at Bike Portland about Bike Nashbar's customer database being compromised (which Bike Nashbar did not inform customers of for SEVEN months while the security hole was open). I rarely shop there because they are obnoxious about advertising and send endless home mailers to you. Then I remembered that a set of very specific tires I couldn't find anywhere online for sale I ended up buying through bikenashbar.com late last year. I wondered if maybe I was one of the compromised customers, so I looked up my old credit card records to find the transaction. I looked at the card, and it was the one that emails me on new purchases.

A temporary wave of relief washed over as I finally figured out who my faceless hacker/stalker was that had my personal details: it was some website cracker that broke into Bike Nashbar's webservers and since I canceled the card within minutes of its first use, the nightmare was over.

Or so I thought -- It turns out the moment my chargebacks were credited to my account four months later (it's a very long process), it appears each company in the get-rich-quick e-business game sold my information along to try and recoup some of their lost income. As a result, I've been getting 2-3 calls per day from people with various important sounding company names saying they just picked up a card I submitted saying I was interested in the exciting world of work-at-home business. Every time I tell these people it's a mistake and to please remove me, I only hear one thing: a dial tone.

It turns out people in the business of scamming people into thinking they can make thousands of dollars at home doing virtually nothing aren't big on customer service or helping people out.

To make a long story short: Bike Nashbar's poor programming resulted in thousands of credit card, address, name, and phone details getting into the wrong hands and they took months to acknowledge, fix, and notifiy customers (in my case I was never notified). I will never do business with them again, but I hope anyone reading this heeds the warning as well. Several months later, I'm still living with the daily headaches caused by Bike Nashbar's fuckup over a single purchase made last year and there are thousands of others like me.

Don't ever shop at Bike Nashbar.