Rpgnow creditcard information stolen

I want to send something positive to James and RPGNow.

James, thank you for the way you've handled this. You've been open and honest. You notified the customers who were affected as soon as was possible and given the correct advice. You've done everything that you could think of to keep folks as up to date as possible.

I mean it. As one of the affected people - thank you, James.

The rest of you - if you have to blame someone, blame the hacker who broke in and STOLE the data. Blame Google for caching a page containing credit card details; surely google labs has someone clever enough to filter cc details out of cached pages. It's a simple enough regex and checksum algorithm ferchrissakes! I've written one myself in the past. Anything that matches the algorithm replace with xxxxxxxxxxxxxxxx. Easy. That would have lessened the problem, greatly.

But don't go and blame RPGNow. They are a victim of theft, not the cause.

More than anything, blame this nasty, criminal world we live in where anything more complex than barter is open for abuse by people of a criminal mind.

That's why we escape for a while with role-playing games, right? :)

I wish you all the best for the future James and RPGNow. I'll be there with you.
 

log in or register to remove this ad

jgbrowning said:
For the record, Curt (the moderator) pre-approved my message via PM before I posted it in that thread because he said I was correcting misinformation. I would have no reason to post any message were James to stop saying that other sites who sell e-products have the same vulnerability that resulted in peoples CC's being hacked and simply address his company's issue. If he would have not associated his errors with other sites selling e-products, I would have never posted in any thread about this subject.
Click to expand...
Okay, I understand your reasoning, even though I take it as a given that you don't compromise CC info if you don't get it in the first place, because you only use Paypal.
 

Jason Anderson said:
Remember that most ISPs include spam filters that their customers never see. It may be possible that the message was filtered out before it ever got near your email account.
Click to expand...

I'm almost certain Comcast has one you can access. I specifically chose to have my spam saved and periodically check it.

Or did you not store your CC info on the server but your card was there anyway?
Click to expand...

No idea. It was years ago (again, the expiration date was 2004, so the information was very old). Of course, this is why I'm not particularly concerned (as that CC # is long gone). My only complaint is I don't have an email to take advantage of AEG's offer ;)
 

I agree with Greywulf. Throwing the blame at each other and freaking out about it doesn't go anywhere. We're all victims of a theft here. We need to stop the needless bickering before it gets really ugly.

Let's keep our cool and face the problem together.
 

molonel said:
I have to take your word for it that the whole file was not breached. I also have to take your word for it that everyone was contacted. I also have to take your word for it that my information is not out there, either, since I made a large purchase at about or around the time the hack happened.
Click to expand...
What's the alternative? Would you like to go over to his server farm and look at them personally?

People are getting unreasonable, IMO.
 

greywulf said:
I want to send something positive to James and RPGNow. James, thank you for the way you've handled this. You've been open and honest. You notified the customers who were affected as soon as was possible and given the correct advice. You've done everything that you could think of to keep folks as up to date as possible. I mean it. As one of the affected people - thank you, James. The rest of you - if you have to blame someone, blame the hacker who broke in and STOLE the data. Blame Google for caching a page containing credit card details; surely google labs has someone clever enough to filter cc details out of cached pages. It's a simple enough regex and checksum algorithm ferchrissakes! I've written one myself in the past. Anything that matches the algorithm replace with xxxxxxxxxxxxxxxx. Easy. That would have lessened the problem, greatly. But don't go and blame RPGNow. They are a victim of theft, not the cause. More than anything, blame this nasty, criminal world we live in where anything more complex than barter is open for abuse by people of a criminal mind. That's why we escape for a while with role-playing games, right? :) I wish you all the best for the future James and RPGNow. I'll be there with you.
Click to expand...

Oh, I blame the hacker. Don't worry about that.

But the fact is, when you run a business where you handle other people's financial data, you become a custodian of that data.

And you are responsible for how that is used. Or misused.

And if it is stolen from your website, then you can expect people to be somewhat displeased about that.

Whizbang Dustyboots said:
What's the alternative? Would you like to go over to his server farm and look at them personally?
Click to expand...

The alternative was to let me, as a customer know, so that I could do some research myself and be aware that this might have been an issue. Finding out HERE was both a random blessing, and something that kinda pissed me off.

In a major way? No.

But you can bet your sweet bippy I've spent some of my spare time looking over my credit card records and wondering if I should just go ahead and cancel one of my cards to be on the safe side.

Whizbang Dustyboots said:
People are getting unreasonable, IMO.
Click to expand...

If you've ever worked at a customer service desk, then you'd know that people here are being unfailingly polite, restrained and almost friendly by comparison to what it could be.
 

Glyfair said:
I'm almost certain Comcast has one you can access. I specifically chose to have my spam saved and periodically check it.
Click to expand...
I don't know specifically about Comcast, but using an Australian example Bigpond have user spam filters (which you can set to save mail it flags as spam), but they will also discard email before it even reaches an individuals spam filter. Usually using some half-baked rules based on people whinging about legitimate email that they're too lazy to unsubscribe from themselves, which then cause problems for others. (Nah, I'm not bitter about "hidden" spam filters :) )

Yahoo, AOL & Hotmail do the same thing.

Any business who sends out email is especially vulnrable to such hidden filters. Since many people here & on RPGNet have complained in the past that they get "unwanted" email from RPGNow (even though there are options to turn off email), it's probably a given that at least a few people have complained about the so-called "spam" and got RPGNow put on blacklists.
 


Ogrork the Mighty said:
If you've been hacked, isn't anyone who conducts a business transaction with you potentially at risk? Shouldn't they be made aware that there's been a problem? If ten houses on your street were burglarized, wouldn't you want to know so you can take precautions?
Click to expand...

Cause the RPGShop.com server was hacked, not the RPGNow server. And cause there is no longer any data that would hurt someone if they had it (other then your home address I guess). So why alarm everyone over something that isn't a concern? No transactions with credit card are at risk, they are all handled through encryption and direct SSL to the bank. Just as secure as any other site. The only concern before was that the credit cards were stored on our SQL server when we were asked to do so. Now they are not and never can be and we never see them. So what is the lack of security?

James
 

molonel said:
I have to take your word for it that the whole file was not breached. I also have to take your word for it that everyone was contacted. I also have to take your word for it that my information is not out there, either, since I made a large purchase at about or around the time the hack happened.

Since my information was evidently not safe on your web site, that's a lot of trust that you're asking.
Click to expand...


This statement bothers me as it implies something I'm trying to make clear isn't the case. Not everyone who used RPGNow is at risk. Not everyone who uses their credit cards at RPGNow were at risk. Only those who choose to save their card with us. So if you didn't click that option, we have NO RECORDS AT ALL of your credit card number. Our processoronly supplies us with the last 4 didgets. We have no such info. Now that we whiped out that cc saving option/file, we nolonger have any payment data at risk.

You don't have to take my word or be guessing if you had that option on. Just send me your ID number and I can look it up for you. I've done this for hundreds of people so far with almost all of them having never stored their card (which is why they didn't get an email from us).

James
 

Similar Threads

Abstruse
Steve Jackson Games Releases Stakeholder Report for 2023
2 3 4
Replies
31
Views
8K
Wofano Wotanto
W
Christian Hoffer
Daggerheart Release Date Revealed
5 6 7 8 9
Replies
83
Views
16K
zedturtle
zedturtle
Morrus
Modiphius' Discworld RPG Has A Quickstart And A Trailer--And It's Very Pratchett!
Replies
1
Views
5K
Anon Adderlan
Anon Adderlan
MGibster
Are Game Lines Smaller Today?
2 3 4 5 6
Replies
50
Views
2K
aramis erak
aramis erak
Abstruse
Roll20 Hacked, Customer Information Possibly Exposed
Replies
3
Views
6K
Daraniya
D
Remove ads

Top