Rpgnow creditcard information stolen

molonel said:
No, everyone should have gotten an email. We already know that there are people who did have their credit card information stolen who received no notice whatsoever. That is simply inexcusable and unprofessional.

And pardon me if I am not entirely confident of their ability to determine who was affected and who wasn't since they weren't able to protect our confidential data in the first place.

Just because our data was NOT posted on the internet does not mean that we were not affected. I have three credit cards, and now I'm going to have to dig back through my credit card bills for last September to see which one I used.

Thanks.
Click to expand...


That's a bit unfair. In 90% of the cases we ONLY have an email on file to contact someone. How the hell can we contact someone that is filtering our emails? We did what we can and so how is that inexcusable?

I know for a fact that the whole credit card file was not breached, but we mailed EVERYONE who ever stored a card with us. So we know for a FACT that everyone who had their card comprimised was contacted. We then deleted all that data off the server forever. For good. So again, how is that not a sure thing that we know who was at risk?

We're very sorry this happened. We're trying our best to be honest and upfront about it and all we're getting is threats to never use us again? Well who does that hurt in the end?

James
 

log in or register to remove this ad


rpghost said:
Again, very short sited comment...
Click to expand...

Your semantics in this post imply that I'm making multiple "very short-sited comments" when it was my only comment on the entire fiasco across all the sites where this incident has been posted, so I'd appreciate a little clarificiation there, perhaps multi-quoting instead of mass of posts? :) Otherwise, it implies that I'm making a variety of comments you perceive as short-sighted, which is not the case.

rpghost said:
Paypal is worse the credit cards for customer security by far. They arbitrarly seize accounts. Hackers or phishing for accounts there all the time. WHen your account is stolen the chance of you getting your money back are very low. They are not a real bank and do not follow the same laws.

On the other hand, we've been stuck with lots of fraud at RPGShop from people making purchaes. There is very little we can actually do to prevent a chargeback there. 99% of the time the customer wins a dispute and we're out merchandise and money even when they really did get the delivery.

So taking paypal only isn't the cure all. It's just another evil.

James
Click to expand...

Yes, but the majority of our sales were on an OSCommerce-based site, which was prone to this vulnerability. As a result, while our site was small in size, if we had stored CC data, it would have been vulnerable.

There isn't any perfect solution - hell, even using cash can result in people passing counterfeit money and the business is out the merchandise - but I'm also a big fan of KISS ;)

I've tried to remain completely independent of this whole situation and have made no comments about RPGNow even in this post, so please don't call me short-sighted. :)
 

rpghost said:
We've alerted those that were at risk... why alarm the other 60,000 customers for no reason?
Click to expand...

If you've been hacked, isn't anyone who conducts a business transaction with you potentially at risk? Shouldn't they be made aware that there's been a problem? If ten houses on your street were burglarized, wouldn't you want to know so you can take precautions?

rpghost said:
You want us to go out of business?
Click to expand...

Nice. Very ethical. It shows you just don't get it. It's not about your business, it's about the customers who have been put at risk! You've been hacked. Who are you to say who is at risk and who isn't? You couldn't protect the store in the first place! I really can't believe that there's not even an announcement on your homepage! Totally irresponsible!!! At least Reaper Miniatures posted what happened when they got hacked. You're trying to keep it as quiet as possible. Unbelievable! :\
 
Last edited:

rpghost said:
That's a bit unfair. In 90% of the cases we ONLY have an email on file to contact someone. How the hell can we contact someone that is filtering our emails? We did what we can and so how is that inexcusable?
Click to expand...

James, I like you. I like your business. I've done more business with RPGnow.com than probably most single individuals in this thread. I had a rather large purchase in early September, and I'm simply a little perturbed to be finding out about this on an unrelated web forum, instead of through you. I'm not threatening to yank my business, but I'd be lying if my confidence in the security and integrity of that business didn't take a HUGE hit.

Hacks happen. I work with computers. I understand that.

But yanking references off of other forums to "mitigate" damage doesn't sit well with me. The damage is already done, both to you and to your customers. I know this affects you in a personal, direct way and I'm not trying to argue with you. In my opinion, more people should have been informed. Obviously, my opinion is not your opinion, and we disagree.

rpghost said:
I know for a fact that the whole credit card file was not breached, but we mailed EVERYONE who ever stored a card with us. So we know for a FACT that everyone who had their card comprimised was contacted. We then deleted all that data off the server forever. For good. So again, how is that not a sure thing that we know who was at risk?
Click to expand...

I have to take your word for it that the whole file was not breached. I also have to take your word for it that everyone was contacted. I also have to take your word for it that my information is not out there, either, since I made a large purchase at about or around the time the hack happened.

Since my information was evidently not safe on your web site, that's a lot of trust that you're asking.

rpghost said:
We're very sorry this happened. We're trying our best to be honest and upfront about it and all we're getting is threats to never use us again? Well who does that hurt in the end?

James
Click to expand...

I believe you that you're trying to be upfront and honest to those you believe were at risk. But I also believe you're trying to mitigate the damage by not letting it out TOO far. In your position, I might very well do the same thing. After all, it's your livelihood.

Just like it's my money, and my credit rating that are at stake.
 

Wow. I've just realized my name is more common than I thought. It would take me a year to go through all those hits... and that's with my middle initial included!
 

Glyfair said:
Given that my CC# and info was on the google cache copy, I know my information was gathered. I never received and email from RPGNow, and I've kept an eye on my spam filtered email as well. So, there is a flaw in this somewhere.
Click to expand...
Remember that most ISPs include spam filters that their customers never see. It may be possible that the message was filtered out before it ever got near your email account. Or did you not store your CC info on the server but your card was there anyway?

(Not trying to make excuses for RPGNow - just pointing out the sad realities with spam filters and how they make online commication increasingly difficult).

Cheers,
Jason
 

rpghost said:
Wrong... if it uses Linux and OSCommerse which it does, it has the same vaunerabilities as we did. You're fooling yourself if you think you can't be hacked in a minute too.
Click to expand...

I can't be hacked if all of the credit card processing is done by PayPal (which it is). The CC# is never entered at my site.
 


PapersAndPaychecks said:
... and paypal advertise 100% protection against unauthorized payments sent from the buyer's account.
Click to expand...

And if PayPal is ever hacked into and the information shared it's going to be a huge deal. Top of the hour, major news sort of deal.

It's just safer for publishers like me to let PayPal handle all of that. Sure they take a cut of sales but they're performing a vital service for their percentage.
 

Similar Threads

Abstruse
Steve Jackson Games Releases Stakeholder Report for 2023
2 3 4
Replies
31
Views
9K
Wofano Wotanto
W
Christian Hoffer
Daggerheart Release Date Revealed
5 6 7 8 9
Replies
83
Views
16K
zedturtle
zedturtle
Morrus
Modiphius' Discworld RPG Has A Quickstart And A Trailer--And It's Very Pratchett!
Replies
1
Views
5K
Anon Adderlan
Anon Adderlan
MGibster
Are Game Lines Smaller Today?
2 3 4 5 6
Replies
50
Views
3K
aramis erak
aramis erak
cthulhucthulhu1453
Something to vent out ,the story of how a vampire romance broke a west march server.
2
Replies
14
Views
1K
Wofano Wotanto
W
Remove ads

Top