Seibertron.com Energon Pub Forums

[bvzxa]

They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?

There is absolutely NO excuse for not encrypting passwords.

That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.

I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.

It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.

Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.

I have a degree in Network Security and management and I see so much is wrong with how the website was setup. I know that letting an outside company handle commerce can get expensive if you aren't making alot of sales to support the cost.

What I see is just a lack of security and thinking. They thought no one would hack them, which of course is foolish thinking. For some reason the way the ordering page was setup, it felt like I was ordering from a company back in the late 90's.

As far as them accepting full responsibility, they can't. technically because the breach is well known, and has caused problems for people they are on the hook. However FunPub is no Sony, this hack job could ruin them and probably for good. I just better get what I paid for before that happens.

[G1 Legacy]

It's times like this when I wish we really did have Optimus Prime around to help us out occasionally. How awsome would it be to have 'ol Optimus pull up in Brian Savages driveway at midnight....clear his airbrakes line (pchooooooooooooo) blow his airhorn pissing off the neighborhood dogs (both inside and outdoors) for miles and setting off a car alarm or two as well, then Transforming and walking to the door just as Savage stumbles to it himself to see what all the comotion is about....just in time to see Prime leaning down on bended knee and simply proceeding to chastize him like a 7 year old child..."Do we have a problem with responsibilty Mr. Savage?"

Oh, how cool would that be?

[Banjo-Tron]

Wow, I knew the website looked old-fashioned but I really thought that at least the backend would be secure. Pre-dotcom bubble sites were more modern and secure than this one. This is the ultimate betrayal of trust, pure and simple.

I will only forgive FunPub if they send me a free Punch/Counterpunch, with FREE shipping. (I'm only semi-joking about that)

[Autobot032]

If you don't know business, don't run one. It's as simple as that.

I'm not trying to be mean, I'm really not, but I mean this is their umpteenth problem and it's costing people a LOT of money.

The CC companies must be losing dough with all the canceled charges, cards, etc. TFCC is lucky the companies don't file against them. They probably could.

[jbliss]

Nobody uses Cold Fusion anymore.

Just 778,000 of us and growing. http://wwwimages.adobe.com/www.adobe.co ... st-kit.pdf

[Andrius]

Just got fraudulent charges today. Closed my CC account. Keep checking, guys.

On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.

[mattwhite924]

I got a new debt card number today. Time to go change my accounts to use it before they try to charge anything to the old number.

At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.

[Kibble]

Just got fraudulent charges today. Closed my CC account. Keep checking, guys.

On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.

Don't keep checking...cancel your cards NOW!

[Autobot032]

At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.

This statement says it all. You should never have to say this over a toy. Never. Ya know?

I'm so saddened and dismayed by this whole thing.

[bvzxa]

UPDATE:

As I was checking my bank account I got a $298.54 charge from Walmart.com

I was in the process of cancelling my card when I saw this. Talked to the bank rep and she told me there was a $1 authorization charge to my card account to test the card. They did that on the 2/29. Then either last night or early this morning the attempt to use the card was made at Walmart.com

Now my bank kinda sucks but they did proceed the normal way of disputing the charge and proceeded to cancel the card.

Then I decided to give Walmart.com a call, and believe it or not, I got top quality customer service over the phone than I ever did at the many Walmart stores I shopped in. I began to explain to "Kevin" that I believe my card was used without my consent for a purchase. Since I have a Walmart.com account I checked that and the last .com purchase I made was a TV back in 2010. "Kevin" asked me for the last 4 digits of the card and what the amount was. I gave him the information and he found the charge. It went through but he said Walmart canceled the charge because the address did not match and there was an account already in my name. So he said even though it was on my bank statement the charge would drop off in 3 to 5 business days. He also took it a step further and escalate the situation to the financial security department.

he couldn't tell me the entire address but the thieves were trying to purchase an iPod Touch and trying to send it to California.

So I have no card but I have some peace of mind that this charge won't stick as well as not having to fight it out with the bank.

MODS: I'm gonna post this in the threads related to the TFCC fiasco so people can have some hope if they visit one of the three threads.

[Banjo-Tron]

he couldn't tell me the entire address but the thieves were trying to purchase an iPod Touch and trying to send it to California.

See, this is what gets my goat the most. I have had 3 separate cases of fraud on my bank over the last few years. On each occasion it has caused me lots of stress, and in one case a stiff rebuke and cancellation of my account by PayPal (for some completely ludicrous reason)

I have asked my bank to chase it up and the merchant has supplied me with a printout of the transaction, but with the name and address of the criminal blacked out. Why the hell do criminals get the right to anonmyity? I just don't get it.

[Burn]

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

[Banjo-Tron]

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

[Autobot032]

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

No. With a warrant or a subpoena, PayPal has to release that information so an arrest may be made.

[Sid Burn]

just a heads up to anyone interested.

TFCC is giving out refunds on their memberships based on the remaining time on your membership.

so if anyone wants to take action against this loss of personal data, please email TFCC and get your money back, they will also wipe all your data once you cancel your membership.

Damaging Brian Savage's bottom line is the only thing the TFCC will really feel, Botcon and the TFCC have made him a rich man, and there is no excuse for the broken, outdated site he was running when you are intaking the kind of money he does from the TF collector's community.

He had a responsibility and ignored it, I urge you all to pull your memberships.

[Burn]

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

No. With a warrant or a subpoena, PayPal has to release that information so an arrest may be made.

Which then brings back the issue of who gets the police involved?

In this particular instance I think the police could easily get involved, there are a number of people affected, they have a source of where the information was gathered from, an investigation could and should be launched.

Perhaps some of you affected members could approach your local police and explain the situation to them? They may be able to point you in a direction where a number of you can give the necessary info to help get things rolling.

[Stormrider]

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

No. With a warrant or a subpoena, PayPal has to release that information so an arrest may be made.

Which then brings back the issue of who gets the police involved?

In this particular instance I think the police could easily get involved, there are a number of people affected, they have a source of where the information was gathered from, an investigation could and should be launched.

Perhaps some of you affected members could approach your local police and explain the situation to them? They may be able to point you in a direction where a number of you can give the necessary info to help get things rolling.

It is definitely a good idea, but probably won't warrant any attention from the police unless TFCC gets the police involved. Having gone through identity theft I can tell you first hand that the police don't consider fraudulent charges a serious crime unless you actually lose money.

Probably the best people to get involved in this is your State Attorney General and/or FBI. Most major cities have an FBI branch you can call and the State Attorney General you can reach via websites. They have the power to investigate especially where it affected a large number of people.

Does anyone else think it's more than a coincidence that these fraudulent charges went rampant at the time of the Runamuck/Runabout went on sale? Of all the places to hit on the internet - why a Transformers fan club and why at this particular period? I think the thieves are TF fans or have inside knowledge about TFCC.

[Banjo-Tron]

TFCC is giving out refunds on their memberships based on the remaining time on your membership

If we did this, would it forefeit our right to receive Runamuck? I suppose we could do it just after Runabout is shipped. I guess that would hurt FunPub some. I'm still surprised that Hasbro hasn't waded in on this debacle.

[chuckdawg1999]

TFCC is giving out refunds on their memberships based on the remaining time on your membership

If we did this, would it forefeit our right to receive Runamuck? I suppose we could do it just after Runabout is shipped. I guess that would hurt FunPub some. I'm still surprised that Hasbro hasn't waded in on this debacle.

I'm sticking with the club for the time being; I want Runamuck and hope to get Runabout at some point. (I really wanted Drift at first but only if he comes with the right guns)

[Burn]

TFCC is giving out refunds on their memberships based on the remaining time on your membership

If we did this, would it forefeit our right to receive Runamuck? I suppose we could do it just after Runabout is shipped. I guess that would hurt FunPub some. I'm still surprised that Hasbro hasn't waded in on this debacle.

Realistically the only thing Hasbro needs to do is decide whether to allow FunPub to retain the license for TF's or revoke it.

Hasbro don't really have a need to get involved in this situation, it's not their venture.

[Sid Burn]

I'm sticking with the club for the time being; I want Runamuck and hope to get Runabout at some point. (I really wanted Drift at first but only if he comes with the right guns)

this is why FUNPUB probably wont do that much to improve in the future, these exclusives have gone from being a nice addition to a collection, to being necessary to complete the G3 lineup.

TFCC has collectors by the balls with this approach.
(not flaming, I used to be a collector like this)

[chuckdawg1999]

I'm sticking with the club for the time being; I want Runamuck and hope to get Runabout at some point. (I really wanted Drift at first but only if he comes with the right guns)

this is why FUNPUB probably wont do that much to improve in the future, these exclusives have gone from being a nice addition to a collection, to being necessary to complete the G3 lineup.

TFCC has collectors by the balls with this approach.
(not flaming, I used to be a collector like this)

I don't NEED the figure but I'd like to have him. Depending on the QC and what goes down in the next year with the club we'll see if I renew next year. I'd hate for Hasbro to come in and strip everything from FunPub as I think that will mean the end of Joe and Bot Con and the advent of Hasbro con.

[Seibertron]

Here is a message we just received from Hasbro regarding recent situations with Fun Publications, the organization which runs the Transformers Collectors' Club, BotCon (the official Transformers convention), G.I. Joe Collectors' Club, and JoeCon (the official G.I. Joe convention).

To the G.I. Joe and Transformers fan communities and Fun Publications customers,

Thank you for bringing your concern to our attention and for giving Hasbro the opportunity to respond to a matter that impacts its G.I. Joe and Transformers brands. Please know we take all consumer concerns very seriously and are in regular contact with Fun Publications (our licensee) about the possibility of a breach in security to their online purchasing system for the G.I. Joe and Transformers Collectors' Clubs. Fun Publications is also taking this matter very seriously and is diligently working at identifying any problems, the number of customers affected and ways to ensure it does not happen to any more customers. Hasbro wants consumers to have a positive experience at all touch points for its brands, including transactions with its licensees. As such, we are confident that Fun Publications has detailed instructions and pertinent information available for those consumers who believe they may have been targeted by credit theft via their portals.

Based on our extensive conversations with the Fun Publications team Hasbro wants to convey the following to the fan communities:

Fun Publications has assured us that they are taking necessary measures to curb additional issues, and they are working with third party experts to identify the problem. They anticipate knowing and communicating the cause of the breach as soon as possible to those affected.

-- They believe that the number of customers affected is low relative to the volume of sales transactions made.

-- However, if you believe fraudulent charges have been made to your credit card after making a purchase with any portals for the G.I. Joe or Transformers Collectors' Clubs, we urge you to contact Fun Publications immediately and provide them with the information requested at <https://www.transformersclub.com/tccccinfo.cfm> or <http://gijoeclub.com/ccinfo.cfm> by using the "Contact Us" link at the bottom of these pages.

-- Fun Publications can also be reached at the following number for additional consumer affairs inquiries relating to the G.I. Joe and Transformers Collectors' Clubs at (817) 448-9863 during regular business hours.

-- As more information becomes available, they will be contacting all affected customers who have notified them about the issue.

Thank you again to all of the fans of our Transformers and G.I. Joe brands for their continued support and for the opportunity to respond to this matter.



Sincerely,

Joe Moscone
on behalf of Hasbro, Inc.

[Delicon]

I applaud Hasbro for making a public statement on this matter, although the line below is pretty appalling to me.

-- They believe that the number of customers affected is low relative to the volume of sales transactions made.

If you're talking about the last year, then maybe but since February...YIKES.

[Jelze Bunnycat]

In short, Hasbro is sticking its head in the sand.