• The Infractions Forum is available for public view. Please note that if you have been suspended you will need to open a private/incognito browser window to view it.

RPGNow/RPGShop Hack

Status
Not open for further replies.

Steve Wieck

Registered User
Validated User
It does appear that RPGNow and RPGShop's databases were hacked and customer information was extracted. Until we know the extent of the damage, we are e-mailing all customers to alert them of the problem. Everyone conceivably affected will be notified by private e-mail. Public warnings are more damaging than helpful right now.

For this reason, I have asked RPG.net to remove the thread that Ian started on this topic. In asking RPG.net to remove the thread, I'm not trying to stifle outcry, just mitigate damage. This is a serious problem and we are doing everything we can to address it.

It would be best for the community if no new threads were started on this subject just yet.

We have purged all credit card data from RPGNow and RPGShop servers and will remove the option for customers to have that data stored until we resolve the matter.

Steve
RPGNow
 

MadCow

Master of all evil bovine
Validated User
Question: As far as I can remember, I never save my CC information and always re-enter it when making a purchase. Am I affected by this?
 

Njorhg

Active member
Validated User
I recall that a while ago someone said "I got spam to the mailaddress only RPG.net knew about".

Could this be related?
 

Galandris

Nefarious and deceptive
I thought that having the browser "remember" the information in the form was a form of storage on the browser's side, not server's... Can you be 100% sure that the info that leaked from the hack concerned only the ones who opted to store the information?

Plus, for people who read the cached version of the file, look at the end, it appears to be trunkated, so don't be relieved too quickly: someone could possibly have a copy of this information anyway (just not google's cache).
 

Adam

Posthuman
Validated User
I thought that having the browser "remember" the information in the form was a form of storage on the browser's side, not server's...
It is. This has nothing to do with that functionality.
 

Njorhg

Active member
Validated User
From the Policies of RPGShop.com:
Your privacy
We respect and protect your privacy. We use the information we collect about you to process orders and to provide a personalized shopping experience. Please read on for more details about our privacy policy.

What information do we collect?
When you order, we need your name, e-mail, billing address, shipping address, phone number, credit card number and expiration date. This information allows us to fill your order and to contact you if the need arises. Orders can be placed into different status modes and you will be emailed about them. See your Account History section for more information.

When you subscribe to our mailing list, you will receive site and product updates and notices of special sales.

How do we protect the information?
All the information collected is stored on a secure server and will never be used without your consent. The secure server software encrypts all information using the latest 128 bit encryption processes before it is sent to RPGShop.com.

Will you disclose this Information?
Never. This information is too precious to share it with anyone. We too hate Spam and unsolicited phone calls.
 

obatron

New member
This may be a stupid question, but does this affect drivethrurpg.com as well (with your merger, did you merge the database information?)

I notice they still allow you to save their credit card number, which thankfully I did not do. I just wish I could remember if I was foolish and did so on rpgshop...
 

Sword Raven

Ponytar!
I think that it's a good thing to have made a statement straight away instead of letting rumours run amok.

Good luck to sorting the problem and I hope nobody gets badly affected by this development.
 

RPGHost

Retired User
Question: As far as I can remember, I never save my CC information and always re-enter it when making a purchase. Am I affected by this?
No. The hack was a dump of the stored credit card data. It was not storing them itself or was any snooping used on the encrypted page. The only damage (we have found so far) is the customers that used the SAVE CARD DATA option that you have to click during checkout at RPGShop.com or RPGNow.com. This does NOT effect DTRPG customers at all. It does effect people using the shop here at RPG.NET.

James
 
Status
Not open for further replies.
Top Bottom