Seibertron.com Energon Pub Forums

[tigertracks 24]

If they truly wanted to do it right one panel on Friday or early Saturday would be simply, let's discuss the credit card/security debacle, and what we have done about it.

No sense in taking other time, just do it, let fans voice concerns, tell stories, let fans hear the solutions that have taken place, and let it be done, everyone can enjoy everything else the entire weekend, no need to wait and have this air of 'the other shoe is about to drop', but when going on the whole weekend.

[Pete@BotCon]

Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM

Ryan,

Good catch on the additional security hole.

As web vets and I think we both know that FunPub outsources all of their web work. The first problem is that that team is clearly incompetent. I'm sure they've been back pedaling from day 1 trying to avoid a law suit but the reality is that a real team would have shut the site down at the first sign of trouble, patched the hole, been open about the cause and moved on. The second is that there does not seem to be an internal staffer capable of assessing the situation accurately, ie a properly trained/educated "Web Manager" that understands the need for the aforementioned security handling process.

Overall, this has been a wildly irresponsible period of activity on one of the worst fan e-com sites on the web. Twice over the last five years I've offered to redo the site, or hook them up with someone equally skilled, and have never received so much as a courtesy call back. And so here we are.

Truly in 2012 there is no excuse for this nonsense. It's taken too long to take the e-com portions of the site down, and Hasbro's contribution is little more than an artful dodge.

Given how many weeks this has gone on for, and how many people this has caused hassles for as well as credit report risks I don't actually believe that boos are the wrong move in a public forum ASSUMING they have done no more at that time to alleviate the user pain.

My 2 cents,

J

Hello.

Currently that link is throwing an error due to the fact that we took the database OFFLINE.

We have said that our sites would be going up and down and this info has no relation to anything. Simply put, since our systems ARE down, and since they are being all changed over, when they go back up none of this info will even be relevant.

I would suggest contacting us next time as we would have been happy to have passed this information along...

[Delicon]

Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

[Pete@BotCon]

Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

We completely understand there may be some people that want to discuss this at BotCon. We will do our best to accommodate. Anyone with "personal" issues would most likely be talked to on the side i.e. if someone had a question about their OWN transaction. But I am sure we will be addressing the general issue. We have never, and in no way plan to, try and sweep this under any carpet.

One thing I have found recently is that small businesses are increasingly becoming a target of hackers. So this is an issue that should be discussed. This affects all of us. When I Tunes can get hacked that should worry everyone on the internet.

Personally, the one thing I have taken away from this is to NEVER use a debit card online. Anytime. Anywhere.

But, not trying to move away from the topic at hand, yes, absolutely, we will be talking about the security issues that directly affect us and our customers.

[bvzxa]

Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

We completely understand there may be some people that want to discuss this at BotCon. We will do our best to accommodate. Anyone with "personal" issues would most likely be talked to on the side i.e. if someone had a question about their OWN transaction. But I am sure we will be addressing the general issue. We have never, and in no way plan to, try and sweep this under any carpet.

One thing I have found recently is that small businesses are increasingly becoming a target of hackers. So this is an issue that should be discussed. This affects all of us. When I Tunes can get hacked that should worry everyone on the internet.

Personally, the one thing I have taken away from this is to NEVER use a debit card online. Anytime. Anywhere.

But, not trying to move away from the topic at hand, yes, absolutely, we will be talking about the security issues that directly affect us and our customers.

Well what you say is partly true. But using any card electronically is the norm.

[Pete@BotCon]

Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

[Seibertron]

I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

[Pete@BotCon]

I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

[Seibertron]

Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

Some people only have the ability to pay with debit cards. It is not the place of an e-commerce company to tell their customers how they should or shouldn't be paying for items.

The current primary focus of Fun Pub/BotCon/Transformers Collectors' Club should simply be fixing the problems, returning the services for which we have paid in an extremely timely fashion, and getting paid products out to customers (many of which have still not received their Club exclusives). It should not be deflecting or telling customers about problems at other companies (i.e. iTunes) or what best practices are for credit card usage online.

The core problem is that the Club website was programmed in a very poor manner, which created various security holes. Our passwords should be encrypted, your website should be PCI Compliant (which it was not), our credit card information should NOT be stored locally in your database, etc.

Resolving those problems and getting Club exclusives delivered should be the only focus right now.

I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

I assure you that I am depicting your practices in an accurate manner. Otherwise we wouldn't be in this mess.

[bvzxa]

Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

It's easy to say that, and post news articles and the like. But to get what I want I shop online. Whether it be my debit card or my credit card. I had less stress with my debit card than my credit card.

So if you say this with conviction, why offer the option to accept credit cards to begin with if you are 100% against using debit/credit cards online in the first place. You should have been only taking money orders if you believe the use of a card will cause you to get hacked.

There have been two times that my card was accessed unauthorized, TFsource 2011 and TFCC 2012.

I'm sorry don't tell me to not use my card only after the fact I got a $300 charge on top of the $100 I am out because I wanted to re-up with the club this year.

What I want to hear is what measures will be in place that may sway me enough to comeback next year. It's been 30 days I'm out more money and still no club item.

I'm sorry if I'm mad but y'all got some work to do to fix this.

EDIT: Seibs you summed it up nicely. Could not have said it better myself.