Rpgnow creditcard information stolen

[Retreater]

Or you can just use PayPal. It is VERY safe and a hack of PayPal would be like hacking a major banking institution. They are a group I don't worry about. I use PayPal now for almost all my online purchases.

Actually, I work with a guy whose credit card information he used through PayPal was stolen. He learned about this when someone purchased several hundred dollars worth of soccer equipment.

Truth is that nothing is safe from hackers. The best thing is to never, ever have online businesses store your credit card numbers. Check your credit card statement often if you plan on purchasing online.

That said, I still purchase online, from Amazon, PayPal, and DriveThruRpg. You just have to be cautious.

Retreater

 

[GMSkarka]

It's not much, but Adamant Entertainment is offering free product to those who have been inconvenienced by this event.

Thanks for your continued support.

(If someone could please post this over on RPGNet, I would appreciate it. My 3 year old ban from the site prevents me from doing so, and I'd like to make sure the word gets out.)

 

[Rhuvein]

To summarize some information:

Only people who chose to have their credit card information stored for convenience on site were affected. Each of these people has been notified by e-mail.

If you are wondering if you might be affected, please check your e-mail (and your spam filter). If you did not get an e-mail then you were not affected.

If you are still in doubt, you can e-mail James at webmaster@rpgnow.com with your RPGNow or RPGShop name and customer ID # and James can check.

We beleive the intrusion happened earlier this summer, so most likely any fraud damage has already been done, but if you receive an e-mail from us, you are still encouraged to change the credit card you had stored.

As previously stated, DriveThru and the old ENGS were not affected, only RPGNow and RPGShop. DriveThru continues to operate on an entirely different server.

All stored credit card information has been wiped from RPGNow and RPGShop. It is safe to shop at the sites and use a credit card, but we will not be storing any credit card information for customer convenience for the foreseeable future.

We are dreadfully sorry for everyone affected and for the inconvenience of changing your credit card account number.

Steve Wieck
RPGNow

Thanks for the info, Steve. I've had nothing but good experiences and service and will continue to be a customer!

 

[AdmundfortGeographer]

We beleive the intrusion happened earlier this summer, so most likely any fraud damage has already been done, ...

This makes sense. The incidences of fraud on my card happend in August (for roughtly $50) and I got my money back from the companies my card and info were used at. For me this feels like a bit of closure. I never had a good idea where it might have come from, and although circumstantial, this feels like this incident must have been where it occured.

 

[Turanil]

Still, cancelling the card I use there just to be safe.

Ditto. After reading the thread I directly went to the bank and cancelled my credit card just in case. Ordered a new one, but not sure I will buy more on rpgnow...

 

[Maliki]

I guess I'm OK, google turned up nothing with my name and rpgnow, no email was sent, and nothing unusual has appeared on any bank statements. (I don't think I ever saved my info, never felt comfortable doing that, thankfully.)

 

[Yair]

My credit card was recently fraudulently charged, and I changed it. Sure enough, the details of the previous card are apparently online. I'm disappointed; I actually suspected another on-line store, not RPGNOW which I trusted.

I have only used PayPal since that incident. I guess I'll continue to use it exclusively from now on.

 

[ninthcouncil]

Any idea how old this flaw is? How long it has been out there?

Because I had been the victim of identity theft with the old card I once used at RPGNow back in August of 2006. I had always wondered how it could have been swiped, but this would be a good candidate. That card has since been suspended and a fraud alert put on my credit reports. Wish I had the old card number around so I could give it a google search...

I had exactly the same experience in the same month; an attempt was made to remove GBP 1600 from my account, which I detected by chance and notified to my bank. Though the funds were earmarked, they never actually got taken out of the account, fortunately. I found the hacker page with the details on (no longer accessible, but Google cached), and it's showing the old card, which is no longer valid.

I'd say it's pretty conclusive that this information has been out there since at least August and that RPGNow have only just found out about the problem. I now also know the source of the failed attempt to rip off my account, which I previously didn't.

 

[Banshee16]

Try googling your name and "rpgnow". That is how I found it.

Nothing. Though I did find two posts under my name, on the WotC site. Apparently Google somehow accesses your real name, rather than your online name, when indexing....because I've always used my online name, yet Google found me.

No cc: info though. I only appeared four times by combining with rpgnow.

Banshee

 

[Nightchilde-2]

Me too.

My wife runs an online store from our house, and it's always surprising to me the number of people she encounters who don't want to pay by paypal because it "isn't safe." They've got no problem handing their actual credit card number to a piddly online store that know nothing about , though!

I only accept PayPal on my store's online site for credit card (and e-check) purchases, and this is one reason why. They've been doing this far longer than I have, so it's worth paying them a little chunk out of every sale I make to have that extra security for my customers.