Seibertron.com Energon Pub Forums

faustx wrote:

Seibertron wrote:Well this is lovely ... the username (CeMa^TkH) for their "secure" database is currently exposed on their website. Hopefully they will change the username after this so that hackers don't have an edge on knowing the username for their SQL database.

Error can be publicly seen when you try to login, or if you directly go to https://www.transformersclub.com/members/index.cfm

TransformersClub.com wrote:The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Error Executing Database Query.

[Macromedia][SQLServer JDBC Driver][SQLServer]Login failed for user 'CeMa^TkH'.

Resources:
Enable Robust Exception Information to provide greater detail about the source of errors. In the Administrator, click Debugging & Logging > Debugging Settings, and select the Robust Exception Information option.
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser **********
Remote Address ***********
Referrer https://t.co/QQBaXdu4
Date/Time 06-Mar-12 06:16 PM

Ryan,

Good catch on the additional security hole.

As web vets and I think we both know that FunPub outsources all of their web work. The first problem is that that team is clearly incompetent. I'm sure they've been back pedaling from day 1 trying to avoid a law suit but the reality is that a real team would have shut the site down at the first sign of trouble, patched the hole, been open about the cause and moved on. The second is that there does not seem to be an internal staffer capable of assessing the situation accurately, ie a properly trained/educated "Web Manager" that understands the need for the aforementioned security handling process.

Overall, this has been a wildly irresponsible period of activity on one of the worst fan e-com sites on the web. Twice over the last five years I've offered to redo the site, or hook them up with someone equally skilled, and have never received so much as a courtesy call back. And so here we are.

Truly in 2012 there is no excuse for this nonsense. It's taken too long to take the e-com portions of the site down, and Hasbro's contribution is little more than an artful dodge.

Given how many weeks this has gone on for, and how many people this has caused hassles for as well as credit report risks I don't actually believe that boos are the wrong move in a public forum ASSUMING they have done no more at that time to alleviate the user pain.

My 2 cents,

J

Delicon wrote:Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

Pete@BotCon wrote:

Delicon wrote:Pete - Since you stopped by this thread, is there any chance of any of the above panel suggestions taking place?

We completely understand there may be some people that want to discuss this at BotCon. We will do our best to accommodate. Anyone with "personal" issues would most likely be talked to on the side i.e. if someone had a question about their OWN transaction. But I am sure we will be addressing the general issue. We have never, and in no way plan to, try and sweep this under any carpet.

One thing I have found recently is that small businesses are increasingly becoming a target of hackers. So this is an issue that should be discussed. This affects all of us. When I Tunes can get hacked that should worry everyone on the internet.

Personally, the one thing I have taken away from this is to NEVER use a debit card online. Anytime. Anywhere.

But, not trying to move away from the topic at hand, yes, absolutely, we will be talking about the security issues that directly affect us and our customers.

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...

Seibertron wrote:

Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

Pete@BotCon wrote:

Seibertron wrote:

Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

So if you say this with conviction, why offer the option to accept credit cards to begin with

Seibertron wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

Some people only have the ability to pay with debit cards. It is not the place of an e-commerce company to tell their customers how they should or shouldn't be paying for items.

The current primary focus of Fun Pub/BotCon/Transformers Collectors' Club should simply be fixing the problems, returning the services for which we have paid in an extremely timely fashion, and getting paid products out to customers (many of which have still not received their Club exclusives). It should not be deflecting or telling customers about problems at other companies (i.e. iTunes) or what best practices are for credit card usage online.

The core problem is that the Club website was programmed in a very poor manner, which created various security holes. Our passwords should be encrypted, your website should be PCI Compliant (which it was not), our credit card information should NOT be stored locally in your database, etc.

Resolving those problems and getting Club exclusives delivered should be the only focus right now.

Pete@BotCon wrote:

Seibertron wrote:

Pete@BotCon wrote:I would suggest contacting us next time as we would have been happy to have passed this information along...

Thanks for the suggestion.

Great. Just want to make sure you are giving your readers accurate information in regard to our practices...

I assure you that I am giving very accurate information in regard to your practices.

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

It's easy to say that, and post news articles and the like. But to get what I want I shop online. Whether it be my debit card or my credit card. I had less stress with my debit card than my credit card.

So if you say this with conviction, why offer the option to accept credit cards to begin with if you are 100% against using debit/credit cards online in the first place. You should have been only taking money orders if you believe the use of a card will cause you to get hacked.

There have been two times that my card was accessed unauthorized, TFsource 2011 and TFCC 2012.

I'm sorry don't tell me to not use my card only after the fact I got a $300 because I wanted to re-up with the club.

What I want to hear is what measures will be in place that may sway me enough to comeback next year. It's been 30 days I'm out more money and still no club item.

I'm sorry if I'm mad but y'all got some work to do to fix this.

F Prime wrote:

bvzxa wrote:

Pete@BotCon wrote:

bvzxa wrote:
Well what you say is partly true. But using any card electronically is the norm.

I feel what I said was 100% true. Debit cards should never be used online. It is the best way to keep your banking account secure...

http://www.creditcards.com/credit-card- ... d-1271.php

So if you say this with conviction, why offer the option to accept credit cards to begin with

This is not really that important, but the link is specifically about debit cards; not credit cards.

TL;DR: Debit cards have less protection against fraud than credit cards and they are directly linked to your bank account.

Delicon wrote:I think that with the economy as it is, a lot of people either choose to only have debit cards or are left with that option, honestly.

Kibble wrote:

Delicon wrote:I think that with the economy as it is, a lot of people either choose to only have debit cards or are left with that option, honestly.

FWIW, you still have options such as a Visa pre-paid credit card, which is basically a universal gift card, at least anywhere Visa is accepted.

Court Jester wrote:This address is on their website... under: where to send money orders.

Court Jester wrote:****

What was your point? Invasion of privacy? My privacy has already been invaded. So, I'd call this back to square.