Firebird wrote:Thanks for posting the email message!
I haven't been a club member since 2008. I got both of my credit cards that I used previously with the club (for botcon registration and buying club toys from their website) hit with fraud charges last month. If it wasn't for you guys posting the news and the site members that I follow on twitter, I wouldn't have ever known why I had the fraud charges.
It's too bad Fun Pub isn't sending these emails to their previous members too...
Seibertron wrote:Stormrider wrote:I am not happy for several reasons. How could their security fail and no one noticed it for several months? I still think they are still down playing the threat. The thieves may have had access to our addresses and DOB. They really should be telling people watch your credit reports like a hawk. Fraudulent charges on your credit card are easy to spot. Identity theft and new credit cards that get opened fraudulently in your name using your stolen DOB is not so easy to spot.
Just offering my opinion from someone who's got a lot of experience with this ...
Imagine SQL injections are similar to a computer virus of some sort ... you usually don't know if your computer has a virus, you usually don't know that someone is taking advantages of SQL injections until after something bad happens. In one scenario, someone finds a weakness in the site's code by manipulating the URL where variables are being passed (such as a transaction ID, a user ID, a store order ID, etc.). They are able to insert a malicious command into the code because the programmer didn't verify that the variable was an integer or didn't include various characters that shouldn't be passed to the query. I know how to prevent it in my code, but I might not be able to best explain in layman's terms.
Wikipedia has a great explanation / summary ...
(I've always said "see-kwell" for SQL, but it is often pronounced by it's letters S-Q-L)An SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a poorly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits a security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Wikipedia's article can be found at http://en.wikipedia.org/wiki/Sql_injection
This is coming from our new store software to all active members. We have been transferring and cleaning up data in order to use our new system. We want to have one more set of eyes to look at your addresses, and that's you!
Please go to this link and log in using the email address this email came to, and your old club password (unless you have changed it in the new store).
As we continue to bring up new systems and software, this will remain your membership log in and password. You may change either at anytime by logging in. However, each membership you have must have a unique email address as that will be your log in from here forward. If you don't know your password, use the retrieval link and then log in and change it.
After you log in, please check all of the tabs and make sure your information is accurate. You will have until Tuesday at 5 pm central time to make any changes to your address(es). After that time we will lock the files and create the mailing lists for this year's membership figure and your April issue. Your April issue will run about 2 weeks late. Next month, we should be back on our regular schedule.
We have limited the access in this first implementation of the club store. There are still some issues we have to work out this week before we put product in. We want to make sure all of the data is correct before we move forward.
If you have more than one membership and have trouble getting into your second account or if you have accounts in both clubs, please contact customer service and we will assist you. It is more efficient for you to email us. Don't reply to this email, use the links on the bottom of all of our pages.
In addition, approximately 150 of you will expire this next week (check your Bill Date in your profile). The new system automatically renews you on your billing anniversary provided you have a valid credit card on file. If you don't want to leave it on file, you can come back after it is billed (you can see the charge in your account) and delete it.
Thanks for your support and help!
VinKlem wrote:someone please help!!!!!!!! i'm about to sanp out sooo i just logged into the "new club" and my purchase history shows my club registration but no "over-run" WTF!!!!!!!! I clearly ordered him have my email conformation and order number, just waiting on him. i'f i get **** out of this i'll march right up to hasbro or fanspub or both if i have to and raise hell untill i get my battle chargers
Mkall wrote:VinKlem wrote:someone please help!!!!!!!! i'm about to sanp out sooo i just logged into the "new club" and my purchase history shows my club registration but no "over-run" WTF!!!!!!!! I clearly ordered him have my email conformation and order number, just waiting on him. i'f i get **** out of this i'll march right up to hasbro or fanspub or both if i have to and raise hell untill i get my battle chargers
It showed the same for me, and I got my Over-Run and SG Drift, so I suspect you'll be ok. You can always call them and confirm though.
Va'al wrote:I'm going to troll all the customisers, and put a piece of artwork as the thumbnail for the news post.
DMSL wrote:I paid up till September and i'm not renewing unless i can pay with something other than a credit card. I was victim of those damn hackers and lost 111 and 50 euro due to their crap system being so full of holes.
GetRightRobot wrote:Don't feel bad, I am a member and hardly get their emails. You make a valid point though, regarding previous members.
datguy86 wrote:This is the second TFCC toy named after a vibrator, yes?