Reported on rpg.net, and confirmed by Steve Wieck. I wonder why they store creditcard numbers at all.
Rpgnow creditcard information stolen
- Thread starter DanMcS
- Start date
Nightfall said:Dan,
Uhm because people want free money?
By "they", I meant "rpgnow". They don't actually need free money, they take a cut of pdf sales
Looks like the first thread I linked to has been pulled. Basically, a guy googled his own name, and got a hit to a page which is cached in google which had the name and credit card he had used to purchase stuff from rpgnow or rpgshop.
He reported he could google for his credit card number and get a hit as well, but that's a really bad idea, because any number of proxies, http referrer logs, etc will then have your credit card number in them, since your query to google is sent in plain text. So don't google your credit card number.
catsclaw227
First Post
DanMcS said:
This sucks, for sure. I just logged into rpgnow and they don't seem to have a place to edit/modify your credit card data via the My Account console. Is this normally only available during checkout?
I can't remember if they have my credit card data, and I don't know which card I used. I hope we find out soon.
And I also wonder if, in the merger, the credit card data was combined between RPGNow, DTRPG and Enworld Gamestore. That would really suck if all three were now affected.
catsclaw227
First Post
Unbelieveable!!! I just googled my name and I got a cached page from some hacker site that showed a TON of credit card numbers, addresses, and names from rpg now.
You won't believe how many there are. WHO CAN I CONTACT ABOUT THIS?!?
It says it was cached on Google on Nov 23rd 2006, so the numbers have been available since then.
You won't believe how many there are. WHO CAN I CONTACT ABOUT THIS?!?
It says it was cached on Google on Nov 23rd 2006, so the numbers have been available since then.
catsclaw227 said:
Google has a contact page. Report the search you used and what you found in their cache, and ask them to remove it.
RPGnow already knows, obviously.
Check that credit card carefully for unwanted charges; contact the CC company itself via their phone help or something for advice about what to do. You may want/need to cancel that number and get a different one issued.
catsclaw227 said:
Your best course of action is to call your card issuer and have them cancel that account right away (be sure to explain why you're doing it). Then go back through your statements to make sure you don't find any unaccounted for purchases. If you do, then report these to your issuer as well (likely you'll get your money back).
Olaf the Stout
Hero
I'm glad I only ever paid via PayPal.
Olaf the Stout
Olaf the Stout
Olaf the Stout
Hero
DaveMage said:
I Googled my name too, just in case. My name is only on 3 sites that I could see and I know exactly what all of them are.
Olaf the Stout
DanMcS said:
Not sure why they would; it doesn't make a lot of sense unless they had people buying stuff in installments. Storing card numbers is allowable, but there are some very strict rules on keeping the information secure. They can be looking at some stiff fines from Visa and Master Card and likely losing their ability to accept credit cards, if they're found to be at fault.
Festivus
First Post
What you should do is put a fraud alert on your credit account if you are one of the affected. I recently got one of those letters due to California law stating you must notify someone if their data has been compromised. It is painless and took me about 5 minutes to accomplish.
catsclaw227
First Post
I've already send something to Google as well as RPGNow. I hope this is the same page of information that they already know about, and it isn't another cached page.
I haven't had any erroneous charges on my credit card yet, but you can bet your sweet sister that I am gonna get this card cancelled. I feel bad for the other people on this (rather large) list....
I haven't had any erroneous charges on my credit card yet, but you can bet your sweet sister that I am gonna get this card cancelled. I feel bad for the other people on this (rather large) list....
JVisgaitis
Explorer
I tried Googling my name. Its a nightmare wading through everything. I'll just hope I'm not on that list...
catsclaw227
First Post
As it turns out, the card they had for me is cancelled already (thank god I have been using paypal for the past year or so).
catsclaw227
First Post
JVisgaitis said:
I had a lot of entries too, so I googled my name and rpgnow -- after the various reviews, I found the offending page.
