| Fun Publications / TFCC Security Update - seibertron.com Mar 28th 2012, 00:26 Tuesday, March 27th, 2012 7:16PM CDT Category: Collector's Club NewsPosted by: El Duque Views: 1,220 Click here to discuss this topic! Fun Publications/TFCC have issued the following update regarding their recent security issues. Here is the latest update on the credit card security investigation.The firm we have hired to analyze our former ecommerce server and software has preliminarily determined that we did incur a SQL injection code attack sometime before Christmas. Our ISP did have a commercial product installed that was supposed to defeat these types of attacks, but apparently it failed. This allowed the hackers access to our order information. While it is still unknown exactly what data they were able to harvest (investigation continues) we need to assume that they were able to extract all of our order information. The security firm thinks that this attack has allowed the hackers to come back periodically and harvest more information. However, once the old server was taken out of service (around February 21st) there was nothing left for them to access. Once this information was stolen, (no matter if it was back before Christmas) there is no time frame as to when the thieves may sell or try to use the information to purport credit card theft. What does this mean to me? We are asking again that anyone who has used a credit card in our old online systems in the past year (NOT THE NEW STORE) to get your card replaced immediately. If you have done this already, there is no action required on your part. We apologize for the inconvenience, we know this whole thing is a pain, but it is better to replace the cards than have to deal with any issues that may result from this theft of data. Even though the amount of fraud has greatly declined, we are still receiving a customer report every few days of someone else (who hasn't replaced their cards) getting hit. We strongly encourage you to take this step immediately if you have not done so already. Again, this DOES NOT pertain to any cards that have been used in the new store. What is the plan? We are still working on all of the issues and are several weeks away from a final resolution. Our new store is currently offline while we complete the entries and audit the data from the renewals we received last week. Just to reiterate, this new store is a totally different piece of software, at a totally different hosting site. There are hundreds of other retailers using this same software as it is hosted by the software creators. We hope to have the store online and registration system back online sometime next week. When the store comes back online, we will be adding products slowly so it will take some time to have everything back in the store. Thank you for your patience and support during this trying issue. Brian Credit(s): TFCC News Categories: 3rd Party News, Auctions, Book News, Cartoon News, Collectables, Collector's Club News, Comic Book News, Company News, Contests, Editorials, Event News, Game News, Heavy Metal War, Interviews, Knock Offs, Media, Movie News, People News, Podcast, Press Releases, Reviews, Rumors, Sightings, Site Articles, Site News, Sponsor News, Store News, Toy News, Transtopia Re: Fun Publications / TFCC Security Update (1362962)Posted by El Duque on March 27th, 2012 @ 7:16pm CDT Fun Publications/TFCC have issued the following update regarding their recent security issues. Here is the latest update on the credit card security investigation.The firm we have hired to analyze our former ecommerce server and software has preliminarily determined that we did incur a SQL injection code attack sometime before Christmas. Our ISP did have a commercial product installed that was supposed to defeat these types of attacks, but apparently it failed. This allowed the hackers access to our order information. While it is still unknown exactly what data they were able to harvest (investigation continues) we need to assume that they were able to extract all of our order information. The security firm thinks that this attack has allowed the hackers to come back periodically and harvest more information. However, once the old server was taken out of service (around February 21st) there was nothing left for them to access. Once this information was stolen, (no matter if it was back before Christmas) there is no time frame as to when the thieves may sell or try to use the information to purport credit card theft. What does this mean to me? We are asking again that anyone who has used a credit card in our old online systems in the past year (NOT THE NEW STORE) to get your card replaced immediately. If you have done this already, there is no action required on your part. We apologize for the inconvenience, we know this whole thing is a pain, but it is better to replace the cards than have to deal with any issues that may result from this theft of data. Even though the amount of fraud has greatly declined, we are still receiving a customer report every few days of someone else (who hasn't replaced their cards) getting hit. We strongly encourage you to take this step immediately if you have not done so already. Again, this DOES NOT pertain to any cards that have been used in the new store. What is the plan? We are still working on all of the issues and are several weeks away from a final resolution. Our new store is currently offline while we complete the entries and audit the data from the renewals we received last week. Just to reiterate, this new store is a totally different piece of software, at a totally different hosting site. There are hundreds of other retailers using this same software as it is hosted by the software creators. We hope to have the store online and registration system back online sometime next week. When the store comes back online, we will be adding products slowly so it will take some time to have everything back in the store. Thank you for your patience and support during this trying issue. Brian Re: Fun Publications / TFCC Security Update (1362974)Posted by ubertenorman on March 27th, 2012 @ 7:44pm CDT This is the kind of correspondance that should have happened a month ago. Re: Fun Publications / TFCC Security Update (1362981)Posted by triKlops on March 27th, 2012 @ 7:54pm CDT agreed Re: Fun Publications / TFCC Security Update (1363010)Posted by Emperor Galvatron on March 27th, 2012 @ 8:28pm CDT El Duque wrote:Fun Publications/TFCC have issued the following update regarding their recent security issues. Here is the latest update on the credit card security investigation.The firm we have hired to analyze our former ecommerce server and software has preliminarily determined that we did incur a SQL injection code attack sometime before Christmas. Our ISP did have a commercial product installed that was supposed to defeat these types of attacks, but apparently it failed. This allowed the hackers access to our order information. While it is still unknown exactly what data they were able to harvest (investigation continues) we need to assume that they were able to extract all of our order information. The security firm thinks that this attack has allowed the hackers to come back periodically and harvest more information. However, once the old server was taken out of service (around February 21st) there was nothing left for them to access. Once this information was stolen, (no matter if it was back before Christmas) there is no time frame as to when the thieves may sell or try to use the information to purport credit card theft. What does this mean to me? We are asking again that anyone who has used a credit card in our old online systems in the past year (NOT THE NEW STORE) to get your card replaced immediately. If you have done this already, there is no action required on your part. We apologize for the inconvenience, we know this whole thing is a pain, but it is better to replace the cards than have to deal with any issues that may result from this theft of data. Even though the amount of fraud has greatly declined, we are still receiving a customer report every few days of someone else (who hasn't replaced their cards) getting hit. We strongly encourage you to take this step immediately if you have not done so already. Again, this DOES NOT pertain to any cards that have been used in the new store. What is the plan? We are still working on all of the issues and are several weeks away from a final resolution. Our new store is currently offline while we complete the entries and audit the data from the renewals we received last week. Just to reiterate, this new store is a totally different piece of software, at a totally different hosting site. There are hundreds of other retailers using this same software as it is hosted by the software creators. We hope to have the store online and registration system back online sometime next week. When the store comes back online, we will be adding products slowly so it will take some time to have everything back in the store. Thank you for your patience and support during this trying issue. Brian So if they have all of our order information, they also have our names, ages, addresses, etc that was stored on their site. Well, that's just peachy. Hey, cancel your credit cards, never mind the identity theft potential. Disregard the man behind the curtain.  Re: Fun Publications / TFCC Security Update (1363014)Posted by autobot_goldbug on March 27th, 2012 @ 8:32pm CDT Re: Fun Publications / TFCC Security Update (1363023)Posted by Stormrider on March 27th, 2012 @ 8:49pm CDT I am not happy for several reasons. How could their security fail and no one noticed it for several months? I still think they are still down playing the threat. The thieves may have had access to our addresses and DOB. They really should be telling people watch your credit reports like a hawk. Fraudulent charges on your credit card are easy to spot. Identity theft and new credit cards that get opened fraudulently in your name using your stolen DOB is not so easy to spot. Re: Fun Publications / TFCC Security Update (1363025)Posted by datguy86 on March 27th, 2012 @ 8:53pm CDT You can add me to the growing list of people who've been hit. Card's canceled, all items are not my fault - but all signs point to FunPub. Re: Fun Publications / TFCC Security Update (1363029)Posted by Rated X on March 27th, 2012 @ 8:58pm CDT Emperor Galvatron wrote: El Duque wrote:Fun Publications/TFCC have issued the following update regarding their recent security issues. Here is the latest update on the credit card security investigation.The firm we have hired to analyze our former ecommerce server and software has preliminarily determined that we did incur a SQL injection code attack sometime before Christmas. Our ISP did have a commercial product installed that was supposed to defeat these types of attacks, but apparently it failed. This allowed the hackers access to our order information. While it is still unknown exactly what data they were able to harvest (investigation continues) we need to assume that they were able to extract all of our order information. The security firm thinks that this attack has allowed the hackers to come back periodically and harvest more information. However, once the old server was taken out of service (around February 21st) there was nothing left for them to access. Once this information was stolen, (no matter if it was back before Christmas) there is no time frame as to when the thieves may sell or try to use the information to purport credit card theft. What does this mean to me? We are asking again that anyone who has used a credit card in our old online systems in the past year (NOT THE NEW STORE) to get your card replaced immediately. If you have done this already, there is no action required on your part. We apologize for the inconvenience, we know this whole thing is a pain, but it is better to replace the cards than have to deal with any issues that may result from this theft of data. Even though the amount of fraud has greatly declined, we are still receiving a customer report every few days of someone else (who hasn't replaced their cards) getting hit. We strongly encourage you to take this step immediately if you have not done so already. Again, this DOES NOT pertain to any cards that have been used in the new store. What is the plan? We are still working on all of the issues and are several weeks away from a final resolution. Our new store is currently offline while we complete the entries and audit the data from the renewals we received last week. Just to reiterate, this new store is a totally different piece of software, at a totally different hosting site. There are hundreds of other retailers using this same software as it is hosted by the software creators. We hope to have the store online and registration system back online sometime next week. When the store comes back online, we will be adding products slowly so it will take some time to have everything back in the store. Thank you for your patience and support during this trying issue. Brian So if they have all of our order information, they also have our names, ages, addresses, etc that was stored on their site. Well, that's just peachy. Hey, cancel your credit cards, never mind the identity theft potential. Disregard the man behind the curtain. I would think someone would need your social security number to do any real damage in identity theft. That's how illegal immigrants get legit jobs. Re: Fun Publications / TFCC Security Update (1363035)Posted by Stormrider on March 27th, 2012 @ 9:06pm CDT You are 100% right. A social security # is needed for most identity theft. But acquiring the SS# is not as difficult as most think. The numbers that make it up represent the year and region that you were born in. The remaining numbers can often be deduced. It's not too difficult to figure out the place you were born, if I know your DOB and full name. When my identity was stolen. Initially, the thieves opened several small accounts using my name and DOB. They did not use my SS#. (My theory is that they didn't have it at that time). Three months later, they figured it out and the flood gates were opened. Ryan, or others that deal with website design - isn't mandatory for companies nowadays to properly store credit card numbers? Have some laws been broken on FunPub's part? Re: Fun Publications / TFCC Security Update (1363036)Posted by Court Jester on March 27th, 2012 @ 9:08pm CDT  I thought it was going to be something about how they're going to make it up to their members. Surprised to read them attempting to garner sympathy... again. The fans should come first. We know their security failed; even they do. What do they expect from this press release, a pat on the shoulder? No, a trust has been broken. How about doing something small like calling up their artists and requesting an emergency 2-page comic based on the Run Bros - and sending the comic to its members via PDF? You know, something... It's about the effort put into things (based on the hobby) that show you care more about your consumer base than to send out pointless emails that attempt to quell legal action. Report on the issue when the issue is resolved. Until then, make me feel the membership is more than just a $60 toy and its $40 "freebie" companion - cuz right now, that's the reality. Re: Fun Publications / TFCC Security Update (1363046)Posted by GetRightRobot on March 27th, 2012 @ 9:34pm CDT This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Donate to Wikileaks. | |
0 意見:
Post a Comment