Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Community
General Tabletop Discussion
*TTRPGs General
DriveThruRPG Hacked
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Morrus" data-source="post: 7678369" data-attributes="member: 1"><p>Companies and websites getting hacked is a pretty regular occurrence these days (I've been notified just today of two breaches of companies I'm a customer of - the other is a mobile phone company). The latest victim is DriveThruRPG (also known as RPGNow), which has sent out emails to those who have made a card payment on the site since July 6th, as well as those who have their payment details stored on the site. The company has sent an email to both groups of customers. If you've used DTRPG or RPGNow in the last month or so, or if your details are stored there, be sure to check that there are no unusual transactions on your account.</p><p>[PRBREAK][/PRBREAK]</p><p>The email reads:</p><p></p><p style="margin-left: 20px">[hq]Dear customer,</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">I regret to inform you that one of our servers suffered a security breach which may have compromised your credit card information.</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">You are receiving this email because you elected to store your credit card number on our server for future purchases. We store these numbers encrypted on our site, and we have no evidence the stored numbers were compromised during the breach. It is possible, however, that the encrypted numbers could have been copied and un-encrypted. We do not store your CVV code (the digits on the back of your credit card), making it difficult for the hacker to use your card number for online fraud. So while we think the data was not compromised, we wanted to inform you of the possibility. It would be safest if you contact your credit card issuer and ask for a replacement card. At the very least, you should check your card for any suspicious charges occurring on or after July 6th.</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">Our technical team has identified the issue and has secured our servers. Our websites are once again safe to use.</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">Information such as your name and email address were potentially compromised as well.</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">Login passwords are stored encrypted with a one-way hash and cannot be decrypted. You do not need to change your account password, but you are more than welcome to do so on your Account page at any time if you wish.</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">We are truly sorry this incident occurred and sincerely regret the inconvenience it causes you. Navigating credit card company call center menus is no one\'s idea of a good time. </p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px">Security has always been our top concern and up until this incident we were proud of our security record at . We will continue to do everything we can to keep our marketplace secure going forward.[/hq]</p> <p style="margin-left: 20px"> </p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px"></p><p>Another version of the email, sent out to a different group of customers, has a different first paragraph:</p><p></p><p style="margin-left: 20px">[hq]You are receiving this email because you made a purchase (or attempted to make a purchase) on our site using a credit card between July 6th, 2015 and the morning of August 6th, 2015. There is a 50% chance that hackers were able to collect your credit card information. We recommend that you contact your credit card issuing bank and ask them to replace any cards that you used for charges on our site, and also look over your most recent statements for any suspicious charges.[/hq]</p> <p style="margin-left: 20px"></p><p></p><p>You can find <a href="http://support.drivethrurpg.com/entries/69850204-Credit-Card-Data-Breach-Q-A" target="_blank">more information on the website's support page</a>.</p></blockquote><p></p>
[QUOTE="Morrus, post: 7678369, member: 1"] Companies and websites getting hacked is a pretty regular occurrence these days (I've been notified just today of two breaches of companies I'm a customer of - the other is a mobile phone company). The latest victim is DriveThruRPG (also known as RPGNow), which has sent out emails to those who have made a card payment on the site since July 6th, as well as those who have their payment details stored on the site. The company has sent an email to both groups of customers. If you've used DTRPG or RPGNow in the last month or so, or if your details are stored there, be sure to check that there are no unusual transactions on your account. [PRBREAK][/PRBREAK] The email reads: [INDENT][hq]Dear customer, I regret to inform you that one of our servers suffered a security breach which may have compromised your credit card information. You are receiving this email because you elected to store your credit card number on our server for future purchases. We store these numbers encrypted on our site, and we have no evidence the stored numbers were compromised during the breach. It is possible, however, that the encrypted numbers could have been copied and un-encrypted. We do not store your CVV code (the digits on the back of your credit card), making it difficult for the hacker to use your card number for online fraud. So while we think the data was not compromised, we wanted to inform you of the possibility. It would be safest if you contact your credit card issuer and ask for a replacement card. At the very least, you should check your card for any suspicious charges occurring on or after July 6th. Our technical team has identified the issue and has secured our servers. Our websites are once again safe to use. Information such as your name and email address were potentially compromised as well. Login passwords are stored encrypted with a one-way hash and cannot be decrypted. You do not need to change your account password, but you are more than welcome to do so on your Account page at any time if you wish. We are truly sorry this incident occurred and sincerely regret the inconvenience it causes you. Navigating credit card company call center menus is no one\'s idea of a good time. Security has always been our top concern and up until this incident we were proud of our security record at . We will continue to do everything we can to keep our marketplace secure going forward.[/hq] [/INDENT] Another version of the email, sent out to a different group of customers, has a different first paragraph: [INDENT][hq]You are receiving this email because you made a purchase (or attempted to make a purchase) on our site using a credit card between July 6th, 2015 and the morning of August 6th, 2015. There is a 50% chance that hackers were able to collect your credit card information. We recommend that you contact your credit card issuing bank and ask them to replace any cards that you used for charges on our site, and also look over your most recent statements for any suspicious charges.[/hq] [/INDENT] You can find [URL="http://support.drivethrurpg.com/entries/69850204-Credit-Card-Data-Breach-Q-A"]more information on the website's support page[/URL]. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*TTRPGs General
DriveThruRPG Hacked
Top