Drivethrurpg user?

All topics including role playing games, board games, etc., etc.
Post Reply
Treebore
Mogrl
Posts: 20660
Joined: Mon May 01, 2006 7:00 am
Location: Arizona and St Louis

Drivethrurpg user?

Post by Treebore »

If you use a CC with them, which I think you pretty much have to, check your e-mails, including Spam folder, because you should be getting informed about a Hack between July 6th and August 6th. They said there is a 50% chance my info was taken, so recommended I contact my bank and get a new card issued. I did so, since I made a purchase between those dates, to give myself a B-day present.

http://support.drivethrurpg.com/entries ... Breach-Q-A
Since its 20,000 I suggest "Captain Nemo" as his title. Beyond the obvious connection, he is one who sails on his own terms and ignores those he doesn't agree with...confident in his journey and goals.
Sounds obvious to me! -Gm Michael

Grand Knight Commander of the Society.

User avatar
Kayolan
Lore Drake
Posts: 1790
Joined: Sun Jan 20, 2008 8:00 am
Location: Ohio

Re: Drivethrurpg user?

Post by Kayolan »

Holy crap!

Treebore
Mogrl
Posts: 20660
Joined: Mon May 01, 2006 7:00 am
Location: Arizona and St Louis

Re: Drivethrurpg user?

Post by Treebore »

Sorry, dates are July 10th to August 6th. So if you made a purchase during that time frame, you should look for the e-mail.

Edit: If you save your CC info with them. If you enter your info every time, your OK.
Since its 20,000 I suggest "Captain Nemo" as his title. Beyond the obvious connection, he is one who sails on his own terms and ignores those he doesn't agree with...confident in his journey and goals.
Sounds obvious to me! -Gm Michael

Grand Knight Commander of the Society.

User avatar
Arduin
Greater Lore Drake
Posts: 4045
Joined: Tue Sep 27, 2011 6:12 pm
Location: Granite quarry

Re: Drivethrurpg user?

Post by Arduin »

Not storing sensitive data at rest in a highly encrypted form is a no-no.

Luckily I fell outside those dates for my last purchase.
Old age and treachery will overcome youth and skill

House Rules

User avatar
Ancalagon
Ulthal
Posts: 478
Joined: Tue May 03, 2011 1:13 am
Location: Bellevue, NE

Re: Drivethrurpg user?

Post by Ancalagon »

Treebore wrote:Sorry, dates are July 10th to August 6th. So if you made a purchase during that time frame, you should look for the e-mail.

Edit: If you save your CC info with them. If you enter your info every time, your OK.
Glad you added that tidbit. I made a purchase during the time frame but entered the info. I never store my CC info with drivethrurpg.
Imaginatio est Vita
Grand Knight Commander

User avatar
mmbutter
Red Cap
Posts: 352
Joined: Sat Jun 29, 2013 8:28 pm

Re: Drivethrurpg user?

Post by mmbutter »

I don't have a problem with storing my CC on their servers; CCs are insured, and I'm not responsible for fraud on them.

Treebore
Mogrl
Posts: 20660
Joined: Mon May 01, 2006 7:00 am
Location: Arizona and St Louis

Re: Drivethrurpg user?

Post by Treebore »

mmbutter wrote:I don't have a problem with storing my CC on their servers; CCs are insured, and I'm not responsible for fraud on them.
Yep, but I still called, got it cancelled, and have new ones coming to me. I think next time I will just attach the CC to Paypal, and pay via it, giving me another layer of separation, etc...
Since its 20,000 I suggest "Captain Nemo" as his title. Beyond the obvious connection, he is one who sails on his own terms and ignores those he doesn't agree with...confident in his journey and goals.
Sounds obvious to me! -Gm Michael

Grand Knight Commander of the Society.

User avatar
mmbutter
Red Cap
Posts: 352
Joined: Sat Jun 29, 2013 8:28 pm

Re: Drivethrurpg user?

Post by mmbutter »

Nah, not going through the hassle. If there is fraud, then I'll do it. Over the last 5 years, I've gotten these type of warnings about 2 dozen times. If I cancelled and had cards re-issued every time, it would be a big hassle. In that 5 years, I've had one time where fraud actually occurred, so I only had to get the card cancelled and reissued once, instead of dozens of times.

And, BTW, that one case of fraud did *not* stem from online usage. It occurred because the clerk at a convenience store stole my number when I used the card to pay for gas and snacks on a trip. You're much more likely to have your card info stolen and used via face to face usage than online usage.

User avatar
Arduin
Greater Lore Drake
Posts: 4045
Joined: Tue Sep 27, 2011 6:12 pm
Location: Granite quarry

Re: Drivethrurpg user?

Post by Arduin »

Treebore wrote:
Edit: If you save your CC info with them. If you enter your info every time, your OK.
This is not correct according to the site:

"The main things the hacker accomplished were using our server as a platform to launch DDOS attacks on other sites and also swiping credit card information as we processed it from July 10th to the morning of August 6th."
Old age and treachery will overcome youth and skill

House Rules

User avatar
Dracyian
Unkbartig
Posts: 877
Joined: Mon Mar 18, 2013 3:22 pm
Location: Eastern Wisconsin

Re: Drivethrurpg user?

Post by Dracyian »

This is why I use paypal, I'm hoping that hack didn't get that information

Treebore
Mogrl
Posts: 20660
Joined: Mon May 01, 2006 7:00 am
Location: Arizona and St Louis

Re: Drivethrurpg user?

Post by Treebore »

Arduin wrote:
Treebore wrote:
Edit: If you save your CC info with them. If you enter your info every time, your OK.
This is not correct according to the site:

"The main things the hacker accomplished were using our server as a platform to launch DDOS attacks on other sites and also swiping credit card information as we processed it from July 10th to the morning of August 6th."

Ah, in my e-mail they indicated otherwise.
Since its 20,000 I suggest "Captain Nemo" as his title. Beyond the obvious connection, he is one who sails on his own terms and ignores those he doesn't agree with...confident in his journey and goals.
Sounds obvious to me! -Gm Michael

Grand Knight Commander of the Society.

User avatar
Omote
Battle Stag
Posts: 11560
Joined: Wed May 03, 2006 7:00 am
Location: The fairest view in the park, Ohio.
Contact:

Re: Drivethrurpg user?

Post by Omote »

They sent out multiple e-mails. The latest e-mail from 9:59am EST on Aug 11, 2015 says this:
OneBookShelf wrote:Dear customer,

I regret to inform you that one of our servers suffered a security breach which may have compromised your credit card information.

You are receiving this email because you made a purchase (or attempted to make a purchase) on our site using a credit card between July 6th, 2015 and the morning of August 6th, 2015. There is a 50% chance that hackers were able to collect your credit card information. We recommend that you contact your credit card issuing bank and ask them to replace any cards that you used for charges on our site, and also look over your most recent statements for any suspicious charges.

Our technical team has identified the issue and has secured our servers. Our websites are once again safe to use.

Information such as your name and email address were potentially compromised as well.

Login passwords are stored encrypted with a one-way hash and cannot be decrypted. You do not need to change your account password, but you are more than welcome to do so on your Account page at any time if you wish.

We are truly sorry this incident occurred and sincerely regret the inconvenience it causes you. Navigating credit card company call center menus is no one\'s idea of a good time.

Security has always been our top concern and up until this incident we were proud of our security record at DriveThruRPG.com. We will continue to do everything we can to keep our marketplace secure going forward.

More information on this is available on this page:
http://support.drivethrurpg.com/entries ... Breach-Q-A

And on the DriveThruRPG Facebook page:
https://www.facebook.com/DriveThruRPG

Thank you for your patience and loyalty.

Best Regards,
Steve Wieck
OneBookShelf
@-Duke Omote Landwehr, Holy Order of the FPQ ~ Prince of the Castles & Crusades Society-@
VAE VICTUS!
>> Omote's Advanced C&C stuff <<

User avatar
Arduin
Greater Lore Drake
Posts: 4045
Joined: Tue Sep 27, 2011 6:12 pm
Location: Granite quarry

Re: Drivethrurpg user?

Post by Arduin »

Treebore wrote:
Arduin wrote:
Treebore wrote:
Edit: If you save your CC info with them. If you enter your info every time, your OK.
This is not correct according to the site:

"The main things the hacker accomplished were using our server as a platform to launch DDOS attacks on other sites and also swiping credit card information as we processed it from July 10th to the morning of August 6th."

Ah, in my e-mail they indicated otherwise.
Initially on the site it didn't state it either. Must have been a revision.
Old age and treachery will overcome youth and skill

House Rules

User avatar
Daniel
Red Cap
Posts: 216
Joined: Wed Apr 15, 2015 8:31 pm
Location: Burbank CA USA

Re: Drivethrurpg user?

Post by Daniel »

So if the email came from OneBookShelf, then I wonder if it also impacted RPGNow.com?

Either way, this sucks. :(

Post Reply