[OT] If you order from Reaper Minis, you might want to cancel your credit card.

[Ashrem Bayle]

Just got this in my email:

On late Wednesday, April 29, an international group of professional hackers has used a new exploit to grab the encrypted user information of at least several dozen companies in the US. This attack targeted all of these companies' respective eCommerce sites. Among these companies is Reaper Miniatures.

These criminals are demanding an extortion fee to prevent them from making sensitive user information public on the internet. They have told us they are able to decrypt our customers' credit card information. We cannot verify this fact, however it is prudent to inform you, our customer, of this possibility so you may take appropriate action with your banks.

Your credit card in question is a [DELETED] with an expiration date of [DELETED].

We will not succumb to their threats, and are instead going to you first so you can take appropriate actions to protect yourself.

We are in contact with the FBI and other law enforcement agencies to deal with these criminals. We have taken our store offline for a few days while we evaluate any potential threats and work to strengthen our existing systems.

We're also in the process of calling any affected customers, so please do not call us directly. Rather, respond to this email with any questions. We will respond to your email messages in a timely fashion in the order in which they are received.

We apologive for any inconvenience and any duplicate messages you may receive. We're just trying our hardest to cover all the bases and reach anyone concerned with this matter.

Reaper Minaitures

Wow...

 

[Ankh-Morpork Guard]

Woah...that's really...um...just woah.

 

[Storminator]

Yup. Cancelled my card today.


Not too sure if it was really threatened tho. If you stole a ton of credit card info from an online store would you blackmail the store or charge the bejesus out of the cards? Thinking it's more likely a scam than a hack.

Cancelled the card anyway.

PS

 

[Len]

Not too sure if it was really threatened tho. If you stole a ton of credit card info from an online store would you blackmail the store or charge the bejesus out of the cards? Thinking it's more likely a scam than a hack.

It's been done before. I guess it's easier to blackmail the company for a big lump sum than to make thousands of online purchases and re-sell a warehouse-full of goods.

 

[welby]

just to bump/confirm, a player in my campaign just got this same email.

 

[Ashrem Bayle]

I just got a phone call as well. I doubt customers are in any real danger, but better safe than sorry.

 

[cyferwolf]

got the same thing myself, truly sucks that some people are so terrible.

 

[Creamsteak]

It's been done before. I guess it's easier to blackmail the company for a big lump sum than to make thousands of online purchases and re-sell a warehouse-full of goods.

Just imagine how much crap you'd have to do to organize the shipping so that none of the items point to where one of the hackers live? I imagine you'd have to go international.

 

[Umbran]

I guess it's easier to blackmail the company for a big lump sum than to make thousands of online purchases and re-sell a warehouse-full of goods.

The thing is, it is also several times more risky. If he or she uses the credit card numbers intelligently, the criminal will be difficult to catch. With blackmail or extortion, at some point someone has to pick up the payment. If your victim goes to the police, the criminal will likely be caught at that time.

 

[RangerWickett]

I feel sorry for you guys. Remind me to talk with James from RPGNow to make sure he's fully secure there.

I do find it a little odd that they'd send you your own credit card info in the email. How could that possibly help?