By now most of you should have heard, but RPGnow/RPGshop has been hacked, and hundreds of credit card numbers were stolen.

This after RPGnow's recent and controversial merger, this is not going to be good...

RPGPundit

Part of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.

Yup, not good.

However, it is a good idea to buy online with paypal, then such bad thing wont happen. unless Paypal is hacked.

From what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

Oops!  :duh: :roofle:

P.S. I think by my hardy laughter it should be quite obvious that I haven't bought or sold anything through them. Sorry to those in a different situation.

Quote from: GRIMPart of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.

Are you planning on signing on with yourgamesnow.com?

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...

And I bought stuff from 'em earlier this year.

Crap.

Quote from: Dr Rotwang!And I bought stuff from 'em earlier this year.

Crap.

The date you need to be most worried about is before August of 2006. This is the suspected date that the DB was hacked. As I have been told, it was approx. 3000 cc# and associated info some portion of which included expired cards.

This only applies to people who used the "Store my CC#" on RPGNow or RPGShop. DTRPG and ENGs were not involved. Folks, never store your CC# on a site. Not a good design on the part of the site TA and not a good idea for the customer.

In addition, RPGNow sent out emails to those affected accounts last night. If you had your email changed, spam filter on or email discontinued then you can contact James at RPGNow.

This is a bad thing for the pdf industry as a whole. Shakes customer confidence in an otherwise useful shopping experience.

Bill

Wow...I sell credit card processing (among other business-related services) for a living, and the current V/MC guidelines prohibit unencrypted electronic storage of any CC information.  This could get their privilege to accept cards pulled if the damage is bad enough; doubt it will, but they'll probably end up having to pay a hefty fine to V/MC if this was what they were doing.

Quote from: McrowAre you planning on signing on with yourgamesnow.com?

My membership there is under discussion for approval at the moment I believe.
It's just a pain in the arse uploading files to all these places. I need a filthy assistant or an Igor.

I'm on  E23 if you don't want to go via RPGnow/Drivethru but their selection isn't quite as up to date as they don't have a self-upload function.

I'm not sure where else is worth using, DBB never got back to me really, despite me providing them with some free adventures and Paizo doesn't seem quite the right place for my stuff.

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.  I beleive the entire cache of credit card data, completely unencrypted was simply searchable by google.

This is why I hate the increased dependence upon electronic money.  Other than credsticks that is...

That's not quite what happened.
I believe it was discovered when the hacked information was found on a Brazillian wares site through google.

Let's not kick 'em for things they haven't done, eh?

Quote from: SpikeFrom what I read yesterday, they weren't even hacked, they just didn't defend their data at all.

Link?

If that's true then I hope people file charges for criminal negligence.

Quote from: GRIMPart of the reason I've been diversifying outlets and will be adding my own store  to my website methinks, but I think this'll blow over reasonably quickly. It's just a bad combination of events.

Well, anyone who signed up for one of their "exclusivity" agreements, where they can ONLY sell through RPGnow, are pretty fucked by this turn of events.

RPGPundit

All I know can be found in the first 30 or so posts of the RPG.net thread in open gaming and what's been posted here.  So I'm hardly the expert, sadly.

What was said was that goggling credit card numbers revealed an entire open cache of RpgNow or whatever card numbers.  Obviously some people here have more indepth knowledge

Logan and I were crazy emphatic about the importance of security when we setup comiXpress.  We weren't going to store credit card data unless we could be 100% sure of the security -- so we decided to work through PayPal for all transactions including credit cards.

I'm pretty surprised at how sloppy and amateurish leaving Credit Card data unencrypted and searchable by Google is.

Almost makes me want to setup an alternative online business. :eek:

But first... I finish the game.