Page 10 of 14

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 4:14 pm
by Seibertron
Sid Burn wrote:anyone who attends botcon should boo Brain Savage when he makes his general announcements at the start of the con.

with all the cash he takes in, I am pretty sure he could have sprung for a site that properly protects his customers.


That's not what people should do. Two wrongs don't make a right. While I am advocating that they should discuss the situation with us in person and not sweep things under the rug, people should not be acting like asses. They should be polite and courteous.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 4:44 pm
by Stormrider
Seibertron wrote:
Sid Burn wrote:anyone who attends botcon should boo Brain Savage when he makes his general announcements at the start of the con.

with all the cash he takes in, I am pretty sure he could have sprung for a site that properly protects his customers.


That's not what people should do. Two wrongs don't make a right. While I am advocating that they should discuss the situation with us in person and not sweep things under the wrong, people should not be acting like asses. They should be polite and courteous.


I agree. So far Fun Pub has been giving us updates. Let them finish their investigation before raising pitch forks. But at the same time remain persistant with wanting answers.


Seibertron wrote:In addition, all of our credit card info (past and present) as well as our personal account information, usernames, unprotected passwords, email addresses, street addresses, dates of birth (I believe that's one of the fields they collect), etc were all taken as well. IMO, this situation was far worse than what happened with TFsource, since all of our personal information went plus the "Transformers Collectors' Club" is advertised on every Hasbro Transformers package, which brings Hasbro into the mix instead of it just being an online retailer.

Can't wait for the identity theft reports to start coming in (that's sarcasm)! It's only a matter of time now. That will be far worse than fraudulent charges on credit cards.



I just ordered mine to double check.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 5:16 pm
by Autobot032
I agree that civility and patience should be exercised, here. However, if someone poses the question and they refuse to answer and/or get nasty about it, I think you should start with the booing and cause a scene. Embarrass them, force them to speak about it.

If it were any one of us, we'd be roasted on the spit if we screwed up like this.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 5:22 pm
by Seibertron
Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

TransformersClub.com wrote:The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 5:26 pm
by Autobot032
Seibertron wrote:Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

TransformersClub.com wrote:The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM



Sho' 'nuff.

Untitled.jpg

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 5:37 pm
by chuckdawg1999
Autobot032 wrote:I agree that civility and patience should be exercised, here. However, if someone poses the question and they refuse to answer and/or get nasty about it, I think you should start with the booing and cause a scene. Embarrass them, force them to speak about it.

If it were any one of us, we'd be roasted on the spit if we screwed up like this.


I would taste good with a nice smokey BBQ sauce. Low and slow, that's how you go.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 9:37 pm
by faustx
Seibertron wrote:Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

TransformersClub.com wrote:The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM



Ryan,

Good catch on the additional security hole.

As web vets and I think we both know that FunPub outsources all of their web work. The first problem is that that team is clearly incompetent. I'm sure they've been back pedaling from day 1 trying to avoid a law suit but the reality is that a real team would have shut the site down at the first sign of trouble, patched the hole, been open about the cause and moved on. The second is that there does not seem to be an internal staffer capable of assessing the situation accurately, ie a properly trained/educated "Web Manager" that understands the need for the aforementioned security handling process.

Overall, this has been a wildly irresponsible period of activity on one of the worst fan e-com sites on the web. Twice over the last five years I've offered to redo the site, or hook them up with someone equally skilled, and have never received so much as a courtesy call back. And so here we are.

Truly in 2012 there is no excuse for this nonsense. It's taken too long to take the e-com portions of the site down, and Hasbro's contribution is little more than an artful dodge.

Given how many weeks this has gone on for, and how many people this has caused hassles for as well as credit report risks I don't actually believe that boos are the wrong move in a public forum ASSUMING they have done no more at that time to alleviate the user pain.

My 2 cents,

J

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Tue Mar 06, 2012 9:46 pm
by Seibertron
faustx wrote:Good catch on the additional security hole.


One of Seibertron.com's staff members brought the exposed error to my attention.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 12:53 am
by chuckdawg1999
Here's a thought that was brought up on What's on Joe Mind? tonight. Do we really want to take up 10 minutes at a Club or Hasbro panel talking about this when that would be 10 minutes less about figures and the brand? Do you want to be the person who causes this 10 minute loss, in a room where the majority don't care/weren't affected and are there for the toy info?

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 1:32 am
by Seibertron
chuckdawg1999 wrote:Here's a thought that was brought up on What's on Joe Mind? tonight. Do we really want to take up 10 minutes at a Club or Hasbro panel talking about this when that would be 10 minutes less about figures and the brand? Do you want to be the person who causes this 10 minute loss, in a room where the majority don't care/weren't affected and are there for the toy info?


Yes, this should be addressed.

I'm shocked to be reading your response. The majority of those people should care and most likely were affected, and if they don't they don't care or are unaware that they were affected, they should be respectful of those who were affected and need to have this addressed. Yes, I would be more than happy to be that fan so that those who were affected can have the fans minutes they deserve to have this addressed.

Anyone who's used a card with them over the past few years was affected on both the GI Joe and Transformers side of things. There should be ten minutes added on to both panels to discuss this. Instead of a 60 minute panel, it runs 70 minutes. Yes, this should be addressed, the fans should be apologized to in-person, and there should be a few minutes for air clearing. So the day runs until 5:10 instead of 5:00, or 2 minutes for five other panels is shaved off throughout the day, or something.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 1:40 am
by Autobot032
chuckdawg1999 wrote:Here's a thought that was brought up on What's on Joe Mind? tonight. Do we really want to take up 10 minutes at a Club or Hasbro panel talking about this when that would be 10 minutes less about figures and the brand? Do you want to be the person who causes this 10 minute loss, in a room where the majority don't care/weren't affected and are there for the toy info?



The answers should be as follows:

Yes. Yes. And those affected pay for the conventions every year, so they have every right to know where their money and security has gone.

Plus, with Hasbro making promises they won't keep, there's no point in taking much about the future because it changes at the drop of at hat and we're all at the mercy of their whims.

And if the majority doesn't care?

1.) Too bad, so sad.

2.) They better care, because anyone of them (or all of them) could be compromised and open to ruination with the press of a thief's button. Especially when they least expect it.

With the attendees, the packages, the memberships, etc...FunPub has made a LOT of money off of the fandom. While Hasbro can get away with not caring about us, FunPub can't. The fandom PAYS them exorbitant amounts of money to give a damn, and FunPub's response is "Our give a damn's busted".

Waste 10 minutes, 10 hours, even. Be that guy. Pin 'em and make 'em squirm.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 1:48 am
by chuckdawg1999
Seibertron wrote:
chuckdawg1999 wrote:Here's a thought that was brought up on What's on Joe Mind? tonight. Do we really want to take up 10 minutes at a Club or Hasbro panel talking about this when that would be 10 minutes less about figures and the brand? Do you want to be the person who causes this 10 minute loss, in a room where the majority don't care/weren't affected and are there for the toy info?


Yes, this should be addressed.

I'm shocked to be reading your response. The majority of those people should care and most likely were affected, and if they don't they don't care or are unaware that they were affected, they should be respectful of those who were affected and need to have this addressed. Yes, I would be more than happy to be that fan so that those who were affected can have the fans minutes they deserve to have this addressed.

Anyone who's used a card with them over the past few years was affected on both the GI Joe and Transformers side of things. There should be ten minutes added on to both panels to discuss this. Instead of a 60 minute panel, it runs 70 minutes. Yes, this should be addressed, the fans should be apologized to in-person, and there should be a few minutes for air clearing. So the day runs until 5:10 instead of 5:00, or 2 minutes for five other panels is shaved off throughout the day, or something.


Sorry I shocked you, wasn't my intent but it was a good thought that was brought up. Correct me if I'm wrong but aren't the majority of people there walk ins and not members of the club? If not then my point is mute. Do you really think they'll add the extra 10 minutes to the overall run time? I personally don't as I'm sure these guys are a stickler for schedule. For what it's worth it appears this has hit the TF side of things much harder than the Joe guys.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 2:41 am
by Autobot032
chuckdawg1999 wrote:For what it's worth it appears this has hit the TF side of things much harder than the Joe guys.


Well, now... Isn't that interesting? More and more, this sounds like an inside job.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 3:40 am
by chuckdawg1999
Autobot032 wrote:
chuckdawg1999 wrote:For what it's worth it appears this has hit the TF side of things much harder than the Joe guys.


Well, now... Isn't that interesting? More and more, this sounds like an inside job.


Um, no. Keep in mind that the TF Club had exclusives on sale so there were higher than normal transactions. Joe Club haven't even revealed the con set yet.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 8:28 am
by Delicon
chuckdawg1999 wrote:
Seibertron wrote:
chuckdawg1999 wrote:Here's a thought that was brought up on What's on Joe Mind? tonight. Do we really want to take up 10 minutes at a Club or Hasbro panel talking about this when that would be 10 minutes less about figures and the brand? Do you want to be the person who causes this 10 minute loss, in a room where the majority don't care/weren't affected and are there for the toy info?


Yes, this should be addressed.

I'm shocked to be reading your response. The majority of those people should care and most likely were affected, and if they don't they don't care or are unaware that they were affected, they should be respectful of those who were affected and need to have this addressed. Yes, I would be more than happy to be that fan so that those who were affected can have the fans minutes they deserve to have this addressed.

Anyone who's used a card with them over the past few years was affected on both the GI Joe and Transformers side of things. There should be ten minutes added on to both panels to discuss this. Instead of a 60 minute panel, it runs 70 minutes. Yes, this should be addressed, the fans should be apologized to in-person, and there should be a few minutes for air clearing. So the day runs until 5:10 instead of 5:00, or 2 minutes for five other panels is shaved off throughout the day, or something.


Sorry I shocked you, wasn't my intent but it was a good thought that was brought up. Correct me if I'm wrong but aren't the majority of people there walk ins and not members of the club? If not then my point is mute. Do you really think they'll add the extra 10 minutes to the overall run time? I personally don't as I'm sure these guys are a stickler for schedule. For what it's worth it appears this has hit the TF side of things much harder than the Joe guys.


Just a few clarifications on BotCon and the panels, as I've been to my share of both.

Almost everyone who registers for a Primus (or Protoform, for that matter) is a Club member just because of the $40 or so discount given on those packages, which more or less pays for your membership.

People with registered packages get priority seating at all panels, meaning if you're just a general admission, you have to wait for a few minutes to sit down and GA's actually aren't guaranteed a seat at all. So far they haven't turned anyone away from a panel, but they still have the right to do so.

It is not unusual at all for panels to run late, and by that I mean 5 or so minutes. However, they don't let anyone ask a single question until they are done presenting what they're presenting. So, at a Hasbro panel they're going to show you upcoming products before the questions start and at a Club panel, they're going to reveal exclusives before they take questions.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 10:05 am
by Tigertrack
If they truly wanted to do it right one panel on Friday or early Saturday would be simply, let's discuss the credit card/security debacle, and what we have done about it.

No sense in taking other time, just do it, let fans voice concerns, tell stories, let fans hear the solutions that have taken place, and let it be done, everyone can enjoy everything else the entire weekend, no need to wait and have this air of 'the other shoe is about to drop', but when going on the whole weekend.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 10:30 am
by Pete@BotCon
faustx wrote:
Seibertron wrote:Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

TransformersClub.com wrote:The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM



Ryan,

Good catch on the additional security hole.

As web vets and I think we both know that FunPub outsources all of their web work. The first problem is that that team is clearly incompetent. I'm sure they've been back pedaling from day 1 trying to avoid a law suit but the reality is that a real team would have shut the site down at the first sign of trouble, patched the hole, been open about the cause and moved on. The second is that there does not seem to be an internal staffer capable of assessing the situation accurately, ie a properly trained/educated "Web Manager" that understands the need for the aforementioned security handling process.

Overall, this has been a wildly irresponsible period of activity on one of the worst fan e-com sites on the web. Twice over the last five years I've offered to redo the site, or hook them up with someone equally skilled, and have never received so much as a courtesy call back. And so here we are.

Truly in 2012 there is no excuse for this nonsense. It's taken too long to take the e-com portions of the site down, and Hasbro's contribution is little more than an artful dodge.

Given how many weeks this has gone on for, and how many people this has caused hassles for as well as credit report risks I don't actually believe that boos are the wrong move in a public forum ASSUMING they have done no more at that time to alleviate the user pain.

My 2 cents,

J


Hello.

Currently that link is throwing an error due to the fact that we took the database OFFLINE.

We have said that our sites would be going up and down and this info has no relation to anything. Simply put, since our systems ARE down, and since they are being all changed over, when they go back up none of this info will even be relevant.

I would suggest contacting us next time as we would have been happy to have passed this information along...

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 10:53 am
by Delicon
Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:13 am
by Pete@BotCon
Delicon wrote:Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?


We completely understand there may be some people that want to discuss this at BotCon. We will do our best to accommodate. Anyone with "personal" issues would most likely be talked to on the side i.e. if someone had a question about their OWN transaction. But I am sure we will be addressing the general issue. We have never, and in no way plan to, try and sweep this under any carpet.

One thing I have found recently is that small businesses are increasingly becoming a target of hackers. So this is an issue that should be discussed. This affects all of us. When I Tunes can get hacked that should worry everyone on the internet.

Personally, the one thing I have taken away from this is to NEVER use a debit card online. Anytime. Anywhere.

But, not trying to move away from the topic at hand, yes, absolutely, we will be talking about the security issues that directly affect us and our customers.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:33 am
by bvzxa
Pete@BotCon wrote:
Delicon wrote:Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?


We completely understand there may be some people that want to discuss this at BotCon. We will do our best to accommodate. Anyone with "personal" issues would most likely be talked to on the side i.e. if someone had a question about their OWN transaction. But I am sure we will be addressing the general issue. We have never, and in no way plan to, try and sweep this under any carpet.

One thing I have found recently is that small businesses are increasingly becoming a target of hackers. So this is an issue that should be discussed. This affects all of us. When I Tunes can get hacked that should worry everyone on the internet.

Personally, the one thing I have taken away from this is to NEVER use a debit card online. Anytime. Anywhere.

But, not trying to move away from the topic at hand, yes, absolutely, we will be talking about the security issues that directly affect us and our customers.



Well what you say is partly true. But using any card electronically is the norm.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:43 am
by Pete@BotCon
bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.


I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:45 am
by Seibertron
Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...


Thanks for the suggestion.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:52 am
by Pete@BotCon
Seibertron wrote:
Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...


Thanks for the suggestion.


Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:54 am
by Seibertron
Pete@BotCon wrote:
bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.


I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php


Some people only have the ability to pay with debit cards. It is not the place of an e-commerce company to tell their customers how they should or shouldn't be paying for items.

The current primary focus of Fun Pub/BotCon/Transformers Collectors' Club should simply be fixing the problems, returning the services for which we have paid in an extremely timely fashion, and getting paid products out to customers (many of which have still not received their Club exclusives). It should not be deflecting or telling customers about problems at other companies (i.e. iTunes) or what best practices are for credit card usage online.

The core problem is that the Club website was programmed in a very poor manner, which created various security holes. Our passwords should be encrypted, your website should be PCI Compliant (which it was not), our credit card information should NOT be stored locally in your database, etc.

Resolving those problems and getting Club exclusives delivered should be the only focus right now.

Pete@BotCon wrote:
Seibertron wrote:
Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...


Thanks for the suggestion.


Great. Just want to make sure you are giving your readers accurate information in regard to our practices...


I assure you that I am depicting your practices in an accurate manner. Otherwise we wouldn't be in this mess.

Re: TF Community Warning: Check your Credit and Debit Card accounts for recent fraudulent activity

PostPosted: Wed Mar 07, 2012 11:57 am
by bvzxa
Pete@BotCon wrote:
bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.


I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php



It's easy to say that, and post news articles and the like. But to get what I want I shop online. Whether it be my debit card or my credit card. I had less stress with my debit card than my credit card.

So if you say this with conviction, why offer the option to accept credit cards to begin with if you are 100% against using debit/credit cards online in the first place. You should have been only taking money orders if you believe the use of a card will cause you to get hacked.

There have been two times that my card was accessed unauthorized, TFsource 2011 and TFCC 2012.

I'm sorry don't tell me to not use my card only after the fact I got a $300 charge on top of the $100 I am out because I wanted to re-up with the club this year.

What I want to hear is what measures will be in place that may sway me enough to comeback next year. It's been 30 days I'm out more money and still no club item.

I'm sorry if I'm mad but y'all got some work to do to fix this.

EDIT: Seibs you summed it up nicely. Could not have said it better myself.