Rpgnow creditcard information stolen

[SteveC]

You might want to double-check your email list, James. My name and info appeared on that list, but I still have received no email from OBS.

I'm also not in the habit of selecting SAVE THIS DATA, ever.....and usually pay with Paypal, besides. Given the age of the card and the info in question, I'm concerned that it was the card that I gave when I created an account in the first place.

I have to agree with you here: saving credit card data has been the culprit in a number of online vendors I've done business with. In each case, when you purchased something from the company, you always had the option to save or not save this data. I would suggest never saving this data under any circumstances, no matter who it is. It just seems like an invitation to disaster.

--Steve

 

[Le Noir Faineant]

I logged in and found no info on possible data saved for me. Do I still have to fear?

 

[The_Fan]

Good thing I lose my credit cards fairly regularly. I can't keep the same credit card number for more than a few months, so I'm sure the information they had was horribly outdated.

 

[AdmundfortGeographer]

Yup, I just got my email from them saying my old card was among the list.

I'm lucky my wife checks our bank account activity regularly (she's a bit OCD that way) and caught the fraud a week after it happened.

 

[Whizbang Dustyboots]

Yep, I just got the e-mail myself. It's a card that's expiring this month, which likely means it's my bank card that I replaced several months ago (with a new number) and was turned off at that point.

My wife watches the credit card bills like a hawk, so we're probably good.

 

[SteveWieck]

To summarize some information:

Only people who chose to have their credit card information stored for convenience on site were affected. Each of these people has been notified by e-mail.

If you are wondering if you might be affected, please check your e-mail (and your spam filter). If you did not get an e-mail then you were not affected.

If you are still in doubt, you can e-mail James at webmaster@rpgnow.com with your RPGNow or RPGShop name and customer ID # and James can check.

We beleive the intrusion happened earlier this summer, so most likely any fraud damage has already been done, but if you receive an e-mail from us, you are still encouraged to change the credit card you had stored.

As previously stated, DriveThru and the old ENGS were not affected, only RPGNow and RPGShop. DriveThru continues to operate on an entirely different server.

All stored credit card information has been wiped from RPGNow and RPGShop. It is safe to shop at the sites and use a credit card, but we will not be storing any credit card information for customer convenience for the foreseeable future.

We are dreadfully sorry for everyone affected and for the inconvenience of changing your credit card account number.

Steve Wieck
RPGNow

 

[Whizbang Dustyboots]

I will continue to shop at both your stores. Prior to this incident, I have had nothing but positive experiences at them both. Get the reprint of Lost Vault of Tsathzar Rho in the RPGShop and I'll buy it today.

I hope no one was too badly affected by this and that the banks can straighten everything out.

 

[CRGreathouse]

Your best course of action is to call your card issuer and have them cancel that account right away (be sure to explain why you're doing it). Then go back through your statements to make sure you don't find any unaccounted for purchases. If you do, then report these to your issuer as well (likely you'll get your money back).

I agree.

I canceled my credit card earlier today after getting the email from RPGNow. There weren't any charges on it, though, other than those I made, thank goodness.

 

[catsclaw227]

As a lawyer I for one will be watching this space very closely and for good measure hold off any future transactions on RPGNOW until such time I personally feel assured that they have implemented a far more robust means of managing sensitive data that they are provided by their consumers so as to avoid a fiasco like this from repeating itself - 'nuff said, for now.

Or you can just use PayPal. It is VERY safe and a hack of PayPal would be like hacking a major banking institution. They are a group I don't worry about. I use PayPal now for almost all my online purchases.

 

[catsclaw227]

I will continue to shop at both your stores. Prior to this incident, I have had nothing but positive experiences at them both. Get the reprint of Lost Vault of Tsathzar Rho in the RPGShop and I'll buy it today.

I hope no one was too badly affected by this and that the banks can straighten everything out.

I will continue to buy as well. I love RPGNow and have been a loyal customer for years.