SPECIAL NOTICE
Malicious code was found on the site, which has been removed, but would have been able to access files and the database, revealing email addresses, posts, and encoded passwords (which would need to be decoded). However, there is no direct evidence that any such activity occurred. REGARDLESS, BE SURE TO CHANGE YOUR PASSWORDS. And as is good practice, remember to never use the same password on more than one site. While performing housekeeping, we also decided to upgrade the forums.
This is a site for discussing roleplaying games. Have fun doing so, but there is one major rule: do not discuss political issues that aren't directly and uniquely related to the subject of the thread and about gaming. While this site is dedicated to free speech, the following will not be tolerated: devolving a thread into unrelated political discussion, sockpuppeting (using multiple and/or bogus accounts), disrupting topics without contributing to them, and posting images that could get someone fired in the workplace (an external link is OK, but clearly mark it as Not Safe For Work, or NSFW). If you receive a warning, please take it seriously and either move on to another topic or steer the discussion back to its original RPG-related theme.

RPGnow hacked

Started by RPGPundit, January 05, 2007, 05:47:40 PM

Previous topic - Next topic

RPGPundit

By now most of you should have heard, but RPGnow/RPGshop has been hacked, and hundreds of credit card numbers were stolen.

This after RPGnow's recent and controversial merger, this is not going to be good...

RPGPundit
LION & DRAGON: Medieval-Authentic OSR Roleplaying is available now! You only THINK you\'ve played \'medieval fantasy\' until you play L&D.


My Blog:  http://therpgpundit.blogspot.com/
The most famous uruguayan gaming blog on the planet!

NEW!
Check out my short OSR supplements series; The RPGPundit Presents!


Dark Albion: The Rose War! The OSR fantasy setting of the history that inspired Shakespeare and Martin alike.
Also available in Variant Cover form!
Also, now with the CULTS OF CHAOS cult-generation sourcebook

ARROWS OF INDRA
Arrows of Indra: The Old-School Epic Indian RPG!
NOW AVAILABLE: AoI in print form

LORDS OF OLYMPUS
The new Diceless RPG of multiversal power, adventure and intrigue, now available.

GRIM

Part of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.
Reverend Doctor Grim
Postmortem Studios - Tales of Grim - The Athefist - Steemit - Minds - Twitter - Youtube - RPGNOW - TheGameCrafter - Lulu - Teespring - Patreon - Tip Jar
Futuaris nisi irrisus ridebis

Mcrow

Yup, not good.

However, it is a good idea to buy online with paypal, then such bad thing wont happen. unless Paypal is hacked.

Spike

From what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...:D
For you the day you found a minor error in a Post by Spike and forced him to admit it, it was the greatest day of your internet life.  For me it was... Tuesday.

For the curious: Apparently, in person, I sound exactly like the Youtube Character The Nostalgia Critic.   I have no words.

[URL=https:

blakkie

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.
Oops!  :duh: :roofle:

P.S. I think by my hardy laughter it should be quite obvious that I haven't bought or sold anything through them. Sorry to those in a different situation. :(
"Because honestly? I have no idea what you do. None." - Pierce Inverarity

Mcrow

Quote from: GRIMPart of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.

Are you planning on signing on with yourgamesnow.com?

Dr Rotwang!

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...:D
And I bought stuff from 'em earlier this year.

Crap.
Dr Rotwang!
...never blogs faster than he can see.
FONZITUDE RATING: 1985
[/font]

HinterWelt

Quote from: Dr Rotwang!And I bought stuff from 'em earlier this year.

Crap.
The date you need to be most worried about is before August of 2006. This is the suspected date that the DB was hacked. As I have been told, it was approx. 3000 cc# and associated info some portion of which included expired cards.

This only applies to people who used the "Store my CC#" on RPGNow or RPGShop. DTRPG and ENGs were not involved. Folks, never store your CC# on a site. Not a good design on the part of the site TA and not a good idea for the customer.

In addition, RPGNow sent out emails to those affected accounts last night. If you had your email changed, spam filter on or email discontinued then you can contact James at RPGNow.

This is a bad thing for the pdf industry as a whole. Shakes customer confidence in an otherwise useful shopping experience.

Bill
The RPG Haven - Talking about RPGs
My Site
Oh...the HinterBlog
Lord Protector of the Cult of Clash was Right
When you look around you have to wonder,
Do you play to win or are you just a bad loser?

KenHR

Wow...I sell credit card processing (among other business-related services) for a living, and the current V/MC guidelines prohibit unencrypted electronic storage of any CC information.  This could get their privilege to accept cards pulled if the damage is bad enough; doubt it will, but they'll probably end up having to pay a hefty fine to V/MC if this was what they were doing.
For fuck\'s sake, these are games, people.

And no one gives a fuck about your ignore list.


Gompan
band - other music

GRIM

Quote from: McrowAre you planning on signing on with yourgamesnow.com?

My membership there is under discussion for approval at the moment I believe.
It's just a pain in the arse uploading files to all these places. I need a filthy assistant or an Igor.

I'm on  E23 if you don't want to go via RPGnow/Drivethru but their selection isn't quite as up to date as they don't have a self-upload function.

I'm not sure where else is worth using, DBB never got back to me really, despite me providing them with some free adventures and Paizo doesn't seem quite the right place for my stuff.
Reverend Doctor Grim
Postmortem Studios - Tales of Grim - The Athefist - Steemit - Minds - Twitter - Youtube - RPGNOW - TheGameCrafter - Lulu - Teespring - Patreon - Tip Jar
Futuaris nisi irrisus ridebis

GRIM

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...:D

That's not quite what happened.
I believe it was discovered when the hacked information was found on a Brazillian wares site through google.

Let's not kick 'em for things they haven't done, eh?
Reverend Doctor Grim
Postmortem Studios - Tales of Grim - The Athefist - Steemit - Minds - Twitter - Youtube - RPGNOW - TheGameCrafter - Lulu - Teespring - Patreon - Tip Jar
Futuaris nisi irrisus ridebis

James McMurray

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.

Link?

If that's true then I hope people file charges for criminal negligence.

RPGPundit

Quote from: GRIMPart of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.

Well, anyone who signed up for one of their "exclusivity" agreements, where they can ONLY sell through RPGnow, are pretty fucked by this turn of events.

RPGPundit
LION & DRAGON: Medieval-Authentic OSR Roleplaying is available now! You only THINK you\'ve played \'medieval fantasy\' until you play L&D.


My Blog:  http://therpgpundit.blogspot.com/
The most famous uruguayan gaming blog on the planet!

NEW!
Check out my short OSR supplements series; The RPGPundit Presents!


Dark Albion: The Rose War! The OSR fantasy setting of the history that inspired Shakespeare and Martin alike.
Also available in Variant Cover form!
Also, now with the CULTS OF CHAOS cult-generation sourcebook

ARROWS OF INDRA
Arrows of Indra: The Old-School Epic Indian RPG!
NOW AVAILABLE: AoI in print form

LORDS OF OLYMPUS
The new Diceless RPG of multiversal power, adventure and intrigue, now available.

Spike

All I know can be found in the first 30 or so posts of the RPG.net thread in open gaming and what's been posted here.  So I'm hardly the expert, sadly.

What was said was that goggling credit card numbers revealed an entire open cache of RpgNow or whatever card numbers.  Obviously some people here have more indepth knowledge
For you the day you found a minor error in a Post by Spike and forced him to admit it, it was the greatest day of your internet life.  For me it was... Tuesday.

For the curious: Apparently, in person, I sound exactly like the Youtube Character The Nostalgia Critic.   I have no words.

[URL=https:

Blackleaf

Logan and I were crazy emphatic about the importance of security when we setup comiXpress.  We weren't going to store credit card data unless we could be 100% sure of the security -- so we decided to work through PayPal for all transactions including credit cards.

I'm pretty surprised at how sloppy and amateurish leaving Credit Card data unencrypted and searchable by Google is.

Almost makes me want to setup an alternative online business. :eek:

But first... I finish the game. :)