Kevin Fishburne writes: At 1:15 am EST I received an order confirmation from rakuten.com, formerly buy.com, for a $64 computer case and a $300 gift certificate, the former being shipped to my address and the latter being sent to the email address email@example.com. As my password for the site would be difficult to crack by brute force or dictionary attacks I believe their site may have been compromised to reveal only usernames and passwords. I don't believe users' payment information has been compromised or they would have used them directly or sold them instead of using the site to place gift card orders. I have since removed my payment methods, changed my password and notified their support staff of the potential breach. If you have an account with Rakuten/Buy, I strongly suggest removing your payment methods and hardening your password.