Seibertron.com Energon Pub Forums

It finally happened to my card that had been used on TF Source. Though, to be fair, it had also been used on PSN.

Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...

BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...

darkwingduck13 wrote:As I stated in the TFW thread, I dealt with the problems for almost 2 weeks before seeing the thread on TFW. My debit card, my wife's credit card, my wife's debit card, and my friend's debit card all got compromised. It wasn't until we were sitting around the kitchen table and they were watching me unwrap my birthday presents that it all came together. I kept saying, "You ordered this online, didn't you?" and they both said they ordered my gifts from TFSource. A little more talking, and it turned out all three of us had cards compromised. That's what led me to start checking for info online, and I found the TFW thread. Now it seems like it's all going to get covered up, judging by TFSource's lack of public comment and the TFW admin trying to censor the thread.

There are also multiple people in the TFW thread who had cards that were used for nothing but TFSource. It's not really a question whether it could be TFSource yet, but more of a question of why they chose not to notify their customer base when the first reports of this were sent to them almost a month ago now. They are (sometimes) responding to complaints by saying that the problem lies with authorize.net, their credit card processor. Odds are that this is the same processor they were using the first time they had this problem...they have not been forthcoming with information, because all they've ever said publicly is that security is important to them and that they're improving it.

If they stuck with the same credit card processor after the first time this happened, then this time the blame rests squarely on their shoulders.

VectorA3, just make sure you keep a close eye on your account. The thing with these security breaches is that the thieves get a whole list of credit card numbers at a a time...they don't pick and choose. Your account looks just fine, business as usual, right up until they finally pick your number off that list and try to do something with it. Charges to places like iTunes or online dating sites are common ways for credit thieves to check and make sure your card is valid. If you have a spouse, and you see some small iTunes charge on your account the first day, don't just assume she bought a song or CD...ask her. The first report of someone having a problem occurred on May 4th. I'm still hearing from people as of yesterday who are just now seeing the fraudulent charges.

Glad you mentioned the fact that a TFW admin is trying to censor the thread. Both Kickback, who is notorious for being TFW's version of a corrupt cop, and now Tony Bacala, the owner, are basically telling people to keep their mouths shut. They didn't really step in until people started critiquing TFW for advertising for them and taking money from a disreputable source. Once that was stated publicly, they came in and tried to clean up the mess.

Goes to show you how disgusting they can be. I thought Bacala might have more integrity than Kickback, but I was wrong. Though, to be fair, Kickback has no integrity, so Bacala having even a modicum of it is better than Kickback.

And it should be said that only a few people believe TFSource was hacked, and they're wrong. The rest of the people know that TFSource was not hacked and that they blame it on their processor. Which, as I stated in another thread is supposedly a division of Visa. I sincerely doubt Visa would steal from their own customers.

As for this being a PSN problem, no. Many people have come forward and said the card that got ripped off at TFSource had never been used at PSN, and some even said they don't own a PS3. So saying it's partly to blame on the PSN situation is wrong. Flat out wrong.

Do I think TFSource itself is stealing the numbers and doing all of this? No. Curt's not that low. Besides, it would be happening more frequently if that was the case. There must be something between them and the processor that acts as a middleman/go between, and I'm guessing that's where the problem lies.

However, to be honest... plenty of people keep their credit card information on BBTS's servers and haven't been ripped off. In fact, BBTS requires a credit card for preorders, and I've only heard of one person having a problem with their credit card involving BBTS. Yet I've heard countless complaints over TFSource.

Even if Curt and his crew aren't directly responsible for this issue, it still doesn't look good for them when they don't publicly address it and don't change their current system so this doesn't happen again.

If I was Curt and this happened the first time, people would be calling for my head on a stick. From that point on, I'd make sure I found out the source of the problem and corrected it to the best of my abilities. If it happened a second time, people would want my blood and they'd have every reason to be angry.

If nothing else, Curt should switch to PayPal only and be done with it. He still gets his payment, the people still get their stuff, and there's no direct access to the credit cards. However, that leaves the buyer at a disadvantage in case they need to dispute something.

Do I think Curt and his staff are evil? No. That's ridiculous.
Do I think they're the ones behind it? No.

I do think, however, they should find the source of this problem (no pun intended), and fix it. It'll go a long way towards making amends with the fandom, which they sorely need.

As for TFW and their censoring this issue? Par for the course. It's to be expected, really.

yeah it happened to me last friday. I had my card my university gave to me stolen. they used $1 amounts on netflix and itunes. the idiot tried to open and ship on a fedex account under my name. i used that card to order the generations wave with megs way back in october at tfsource. i use my regular bank credit card when i order from big bad toystore or amazon. luckily i canceled the card.

Autobot032 wrote:As for TFW and their censoring this issue? Par for the course. It's to be expected, really.

Please do not turn this thread into an anti-TFW thread. Those guys work their butts off on TFW just like the staff here works our butts off on Seibertron.com. TFsource.com is also a sponsor of Seibertron.com. I have a responsibility to the advertisers on my site to be fair to them and to give them the benefit of the doubt.

When I reached out to Curt pertaining to this issue a couple of weeks ago, he assured me that they weren't hacked. I have to take him at his word until we hear otherwise. If you guys wish to present your personal situation related to this in a fair, open-minded, factual, and non-attacking/non-accusatory manner, I will be more than happy to present the information, in its entirety, to TFsource.com. But I need your guys cooperation.

Three words to resolving this situation: cool heads prevail.

Kibble wrote:Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...

BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...

You should cancel the card you used with PSN and have them send you a new number. Be proactive, don't wait until they end up using your card six months from now.

Seibertron wrote:

Kibble wrote:Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...

BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...

You should cancel the card you used with PSN and have them send you a new number. Be proactive, don't wait until they end up using your card six months from now.

This is also what I've been recommending to everyone who has a currently-active card that they've used to order from TFSource. It's not a matter of "if" you're going to see the charges, but "when."

That, and I recommend to just never order from TFSource again. Three strikes is all you get in baseball, and between the first hack, the Shadow Scyther lying/gouging incident, and this second hack, TFSource has burned through all three of their strikes with me. I'm still getting calls from businesses where the people tried to use my card number.

People are still reporting that they're finding fraudulent charges on TFW and TFormers. And of course the admin from TFormers has already PMed me and warned me not to call for their boards to refuse sponsorship from TFSource.

Makes me wonder just how many board owners are in Curt's pocket.

darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.

This is the kind of talk that needs to be avoided in this topic. It's not fair to us site owners (TFsource.com has been a valued site sponsor of Seibertron.com since 2009). We can listen, we can advise, but at the end of the day, it's between you guys and the sponsor. I am more than happy to be a mediator, if necessary, and a voice of factual straightforward information. But I will not allow myself or the other site owners to be vilified because of something out of our control.

Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.

Seibertron wrote:

darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.

Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.

Then how about making a front-page news item to help let people who haven't been in the General Discussion forum know that they need to keep an eye on their accounts (or even better, just go ahead and request new cards now)?

Don't get me wrong, I'm not pissed at site owners personally, but when a business like TFSource repeatedly screws over the fanbase and you guys keep supporting it by advertising for it, it's like you're saying that it's all okay. And as long as people think it's all okay, and can be swept under the rug, then nothing is ever going to change.

darkwingduck13 wrote:

Seibertron wrote:

darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.

Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.

Then how about making a front-page news item to help let people who haven't been in the General Discussion forum know that they need to keep an eye on their accounts (or even better, just go ahead and request new cards now)?

Don't get me wrong, I'm not pissed at site owners personally, but when a business like TFSource repeatedly screws over the fanbase and you guys keep supporting it by advertising for it, it's like you're saying that it's all okay. And as long as people think it's all okay, and can be swept under the rug, then nothing is ever going to change.

We didn't have a surge of people posting about this problem on Seibertron.com. In fact, not a single member contacted me about this problem (only a small handful of staff members alerted me to the situation on TFW regarding this, and a couple of TFW members who felt they weren't getting fair treatment on TFW about this).

I am continuing to analyze the situation and gather information from various people so that I can make a case for everyone if needed and, if necessary, encourage TFsource.com to make a statement. I thought it was odd that the majority of people who've had a problem with this post on TFW2005 but not on Seibertron.com, which makes me think that this problem goes back to the original hack from around December 2009 (meaning TFsource had a significantly higher customer base ratio from TFW prior to TFsource advertising on Seibertron.com) and people who never changed their cards (though I am aware of a few people saying that it was a new card so that, in some situations, would contradict my theory possibly).

It seems like if there was a major hack in the past couple of months, we'd have people here posting about this problem as well (30,000 to 50,000 people per day visit Seibertron.com and TFsource.com has been advertising on this site for almost 2 years). Doesn't that strike you guys as odd also?

If other people post here and factually present their situation, I'm more than happy to look over everything to figure out what actions might need to take place, if any at all. So far, I haven't heard from but a small handful of Seibertronians which isn't enough for me to rule out all of the fraud that has been reported by the news media over the past couple of months (i.e. Sony, Michael's, Chase, Target, Zales, etc).

Chase wrote:Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

As a reminder, we recommend that you:

Don't give your Chase OnlineSM User ID or password in e-mail.
Don't respond to e-mails that require you to enter personal information directly into the e-mail.
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don't reply to e-mails asking you to send personal information.
Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

Sincerely,

Patricia O. Baker

Senior Vice President

Chase Executive Office

Zales wrote:Recently, Citi was notified of a system breach at Epsilon, a third-party vendor that provides marketing services to a number of companies, including Citi. The information obtained was limited to the customer name and email address of some credit card customers. No account information or other information was compromised and therefore there is no reason to re-issue a new card.

Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers of the following:

Citi Cards uses an Email Security Zone in all of our email to help you recognize that the email was sent by us. Customers should check the Email Security Zone to verify that the email you received is from Citi and reduce the risk of personal information being "phished." To help you recognize that the email was sent by Citi we will always include the following in the Email Security Zone in the top headline portion of all our emails:
Your first name and last name
Last four digits of your Citi card account number
And recently to increase security, we have added your “member since” date located on the front of your card, where available.


More information about phishing is available here: learn more
Important steps that you can take to protect your security online:

Don't provide your Online User ID or password in an e-mail.
Don't reply to e-mails that require you to enter personal information directly into an e-mail or URL.
Don't reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
It is not recommended to use your e-mail address as a login ID or password.
If you suspect that you’ve received a fraudulent e-mail message, please forward it to us.
Forward suspicious e-mails to: spoof@citicorp.com

If you have any questions or concerns about emails that you may receive that look suspicious, we encourage you to contact Citi Customer Service at the phone number on the back of your card.

(I swore I have the following email or something similar from when Target notified me, but I can't find that email oddly. Here it is from another website at http://minnesota.publicradio.org/displa ... rity-leak/ )

Target affected by Epsilon security breach
by Nancy Lebens, Minnesota Public Radio
April 4, 2011

St. Paul, Minn. — Target Corporation is now among the companies notifying customers that their email addresses may be used by in Internet scams.

Target says it was told about the security breach by marketing firm Epsilon, but didn't say when. Two other Minnesota companies, Best Buy and US Bank also sent email notices to customers warning them not to respond to emails asking for personal information.

Epsilon reported a security breach in which the email addresses of customers were released. The 20-plus companies affected include Amazon.com, Walgreens, TiVo, and the College Board, the organization that runs the SATs.

Here's a list according to this website of companies affected by the breach at Epsilon: Chase Bank, Citi Bank, AbeBooks, Disney, Krogers, Brookstone, Hilton Honors, LL Bean, Capital One Financial Corp., Barclays Bank, U.S. Bancorp, JPMorgan Chase & Co., Ameriprise Financial Inc. a, Best Buy Co., TiVo Inc., New York & Co., Walgreen, The College Board (CollegeBoard.com), Marks & Spencer,

More about the various companies affected by the breach at Epsilon: http://www.google.com/#sclient=psy&hl=en&source=hp&q=%22companies+affected%22+epsilon&aq=f&aqi=g-c1&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=19a59778de2c65e2&biw=1920&bih=961

What if the information compromised from major banks and retailers wasn't limited to personal and email information? I can't help but think that somehow this could be related and until I can rule that out to the best of my abilities, I can't point any fingers at one of this site's sponsors, especially after I inquired about it and was informed that there was no compromise of customer information to the best of their knowledge.

Information about the Sony hack: http://www.sfgate.com/cgi-bin/blogs/abraham/detail?entry_id=89990

Information about the recent Michael's craft store debit card hack: http://www.sltrib.com/sltrib/money/51875285-79/card-debit-credit-account.html.csp

In ^Seibertron's defense, when I first created this thread a year ago (if memory serves me right), they did end up front paging it later that same day.

To the best of my knowledge, TFSource still uses Authorize.net and if they (authorize.net) were hacked then you'd be hearing about more than just Transformer customers being hacked. Yet, when you do a quick Google search for "Authorize.net hacked" the most recent item of note is from 2004. Granted, I'm not an expert and I don't claim to have any "insider" information, but I don't think the problem lies with Authorize.net, it's somewhere within TFSource.

I'm not trying to accuse them of intentionally stealing/compromising card numbers, I don't think they're up to any shenanigans. However, I do think they are guilty of negligence. The fact of the matter is, in today's information age, hacks happen. Nobody can dispute that, and no matter how careful you are, in this day and age over the course of one's lifetime it's not an issue of "if", but rather "WHEN." However, if you as a company are compromised, you owe it to your customer base to notify them about the issue. They will think you're looking out for them and appreciate it, then return the favor with continued business once the holes are repaired.

Instead, TFSource has sat on it for weeks without addressing the matter directly with their customers, and meanwhile one customer after another is getting hit with fradulent charges and have had to deal with the repercussions after the fact instead of being afforded an opportunity to be proactive in the matter. From the customer's point of view, TFSource is taking a "see no evil, hear no evil, speak no evil" stance on the matter, trying as hard as possible not to publicly address the problem, hoping it will go away. Well, if anything goes away, it will be their customers, en masse.

Thankfully, I stopped dealing with them after I was affected last year. On a yearly basis, I probably spend well into four-figures on TF-related items (God forbid, maybe even more than that, LOL) and it used to be pretty much a 50-50 split between TFSource and BBTS. Ever since last year, BBTS gets about 90-95% of my business now. Rest assured, more people will be abandonding them until they get their act together. Again, there is no shame in telling people you were hacked and they should watch their CC info for the time being. The only shame is trying to sweep it under the rug.


Also, to Seibertron, you mentioned that Curt personally assured you that they weren't hacked, and then you ask for "factual" posts from any affected members. If I may be so bold as to ask, did Curt provide anything resembling "facts" when he told you they weren't hacked, or did you just take him at his word? If it's the latter, then perhaps it's understandable given their long history in the business, but then again maybe not quite so understandable since the same thing happened a year ago.

Seibertron wrote:

darkwingduck13 wrote:

Seibertron wrote:

darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.

Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.

Then how about making a front-page news item to help let people who haven't been in the General Discussion forum know that they need to keep an eye on their accounts (or even better, just go ahead and request new cards now)?

Don't get me wrong, I'm not pissed at site owners personally, but when a business like TFSource repeatedly screws over the fanbase and you guys keep supporting it by advertising for it, it's like you're saying that it's all okay. And as long as people think it's all okay, and can be swept under the rug, then nothing is ever going to change.

We didn't have a surge of people posting about this problem on Seibertron.com. In fact, not a single member contacted me about this problem (only a small handful of staff members alerted me to the situation on TFW regarding this, and a couple of TFW members who felt they weren't getting fair treatment on TFW about this).

I am continuing to analyze the situation and gather information from various people so that I can make a case for everyone if needed and, if necessary, encourage TFsource.com to make a statement. I thought it was odd that the majority of people who've had a problem with this post on TFW2005 but not on Seibertron.com, which makes me think that this problem goes back to the original hack from around December 2009 (meaning TFsource had a significantly higher customer base ratio from TFW prior to TFsource advertising on Seibertron.com) and people who never changed their cards (though I am aware of a few people saying that it was a new card so that, in some situations, would contradict my theory possibly).

It seems like if there was a major hack in the past couple of months, we'd have people here posting about this problem as well (30,000 to 50,000 people per day visit Seibertron.com and TFsource.com has been advertising on this site for almost 2 years). Doesn't that strike you guys as odd also?

If other people post here and factually present their situation, I'm more than happy to look over everything to figure out what actions might need to take place, if any at all. So far, I haven't heard from but a small handful of Seibertronians which isn't enough for me to rule out all of the fraud that has been reported by the news media over the past couple of months (i.e. Sony, Michael's, Chase, Target, Zales, etc).

Chase wrote:Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

As a reminder, we recommend that you:

Don't give your Chase OnlineSM User ID or password in e-mail.
Don't respond to e-mails that require you to enter personal information directly into the e-mail.
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don't reply to e-mails asking you to send personal information.
Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

Sincerely,

Patricia O. Baker

Senior Vice President

Chase Executive Office

Zales wrote:Recently, Citi was notified of a system breach at Epsilon, a third-party vendor that provides marketing services to a number of companies, including Citi. The information obtained was limited to the customer name and email address of some credit card customers. No account information or other information was compromised and therefore there is no reason to re-issue a new card.

Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers of the following:

Citi Cards uses an Email Security Zone in all of our email to help you recognize that the email was sent by us. Customers should check the Email Security Zone to verify that the email you received is from Citi and reduce the risk of personal information being "phished." To help you recognize that the email was sent by Citi we will always include the following in the Email Security Zone in the top headline portion of all our emails:
Your first name and last name
Last four digits of your Citi card account number
And recently to increase security, we have added your “member since” date located on the front of your card, where available.


More information about phishing is available here: learn more
Important steps that you can take to protect your security online:

Don't provide your Online User ID or password in an e-mail.
Don't reply to e-mails that require you to enter personal information directly into an e-mail or URL.
Don't reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
It is not recommended to use your e-mail address as a login ID or password.
If you suspect that you’ve received a fraudulent e-mail message, please forward it to us.
Forward suspicious e-mails to: spoof@citicorp.com

If you have any questions or concerns about emails that you may receive that look suspicious, we encourage you to contact Citi Customer Service at the phone number on the back of your card.

(I swore I have the following email or something similar from when Target notified me, but I can't find that email oddly. Here it is from another website at http://minnesota.publicradio.org/displa ... rity-leak/ )

Target affected by Epsilon security breach
by Nancy Lebens, Minnesota Public Radio
April 4, 2011

St. Paul, Minn. — Target Corporation is now among the companies notifying customers that their email addresses may be used by in Internet scams.

Target says it was told about the security breach by marketing firm Epsilon, but didn't say when. Two other Minnesota companies, Best Buy and US Bank also sent email notices to customers warning them not to respond to emails asking for personal information.

Epsilon reported a security breach in which the email addresses of customers were released. The 20-plus companies affected include Amazon.com, Walgreens, TiVo, and the College Board, the organization that runs the SATs.

Here's a list according to this website of companies affected by the breach at Epsilon: Chase Bank, Citi Bank, AbeBooks, Disney, Krogers, Brookstone, Hilton Honors, LL Bean, Capital One Financial Corp., Barclays Bank, U.S. Bancorp, JPMorgan Chase & Co., Ameriprise Financial Inc. a, Best Buy Co., TiVo Inc., New York & Co., Walgreen, The College Board (CollegeBoard.com), Marks & Spencer,

More about the various companies affected by the breach at Epsilon: http://www.google.com/#sclient=psy&hl=en&source=hp&q=%22companies+affected%22+epsilon&aq=f&aqi=g-c1&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=19a59778de2c65e2&biw=1920&bih=961

What if the information compromised from major banks and retailers wasn't limited to personal and email information? I can't help but think that somehow this could be related and until I can rule that out to the best of my abilities, I can't point any fingers at one of this site's sponsors, especially after I inquired about it and was informed that there was no compromise of customer information to the best of their knowledge.

I'm not going to answer every part of this, but I am going to give some factual information:

1. It was "necessary" for TFSource to make a statement back on May 4th when the first few customers started inquiring about this problem. A legitimate business does not turn a blind eye to a situation like that. I can only assume that they must be trying to limit their responsibility by refusing to comment...the chance of being able to sweep it under the rug (again) disappears if they admit to it. I think it's highly likely that they did not in fact change credit card processing companies after the first attack, and they realize that this second time the fault lies squarely with them for not doing enough to protect their customers.

2. Many people, in the multiple threads throughout the fandom, have explicitly detailed that their card was used only at TFSource. Even discarding the process of elimination/deduction that many of the rest of us have gone through to arrive at this conclusion, the information given by those people is all the evidence needed to see that there is a problem. All this talk of other places being hacked is nothing more than a diversion/smokescreen.

3. By going out and gathering all this extraneous information and posting it here after your previous post (where you said you'd be happy to help), it's become clear that what you really meant is that you're happy to try to help TFSource, not the people who are affected by their unconscionable way of doing business.

I understand that running a website is an expense. I and many other fans appreciate having places to congregate and talk about our hobby. However, the way this has gone down has ended up exposing some major flaws in the way that the sponsorship system apparently works.

I've been trying to remain neutral on this, but can no longer turn a blind eye to this. In the last 15 posts, two more people reported they'd been hit, including Counterpunch. What more proof do we need? I've checked my Amex again, and no suspicious activity. I should probably cancel/change my # before anything goes down. While TFSource can say they were not hacked directly, the 3rd party company they use had to have been. Very bad business to not acknowledge for the customers, even if the neither of the sites were hacked. Bestbuy/bestbuy.com sent me an email this year warning of a potential breach to Epsilon. Fortunately no suspicious charges. I think I got a similar email from Chase when they were hit too. The least Tfsource & vendor could provide is a warning. Wth?
If they're not careful both of them are gonna wind up in some nasty lawsuits.

darkwingduck13 wrote:3. By going out and gathering all this extraneous information and posting it here after your previous post (where you said you'd be happy to help), it's become clear that what you really meant is that you're happy to try to help TFSource, not the people who are affected by their unconscionable way of doing business.

I understand that running a website is an expense. I and many other fans appreciate having places to congregate and talk about our hobby. However, the way this has gone down has ended up exposing some major flaws in the way that the sponsorship system apparently works.

I appreciate your concerns. As I mentioned above, I will NOT be vilified by this situation which I feel you are doing by the statements you made above. I am happy to help you guys out if you guys are willing to keep an open mind to this situation and are not on a witch hunt. If you have already convicted TFsource of being the source of the problem, then you don't need me to help. But if you are willing to have open communications with Curt to get to the bottom of this, then I will continue to stay involved with seeking out information about this issue.

No flaws in the sponsorship process have been exposed and there are none to be exposed. If there was a flawed system, I would have simply locked this topic and any other topic like it or any unflattering topic that talks about one of this site's sponsors. I have never done such a thing in the past 11 years. I am questioning this situation because of all of the unusual amount of hacks that have happened with major retailers and companies that actually issue credit cards.

vectorA3 wrote:I've been trying to remain neutral on this, but can no longer turn a blind eye to this. In the last 15 posts, two more people reported they'd been hit, including Counterpunch. What more proof do we need? I've checked my Amex again, and no suspicious activity. I should probably cancel/change my # before anything goes down. While TFSource can say they were not hacked directly, the 3rd party company they use had to have been. Very bad business to not acknowledge for the customers, even if the neither of the sites were hacked. Bestbuy/bestbuy.com sent me an email this year warning of a potential breach to Epsilon. Fortunately no suspicious charges. I think I got a similar email from Chase when they were hit too. The least Tfsource & vendor could provide is a warning. Wth?
If they're not careful both of them are gonna wind up in some nasty lawsuits.

Counterpunch also acknowledged his card was used with the Sony Playstation Network. Considering the scale of that ordeal that brought down the Playstation Network for several weeks, I'd assume that his card was hit due to that situation and not TFsource.

As someone mentioned above, if Authorize.net was hacked, this wouldn't be limited to just TFsource.com. Authorize.net is HUGE. Massive. It's one of the two biggest players in the credit card processing field (the other being Verisign). Verisign and Authorize.net are like the Walmart and Target of the retail scene in America. Massive stores. One is bigger than the other but they both have a huge presence. And not just in America, but the world. Wikipedia cites them as the world's largest credit card processing company.

http://en.wikipedia.org/wiki/Authorize.net

Authorize.Net is a payment gateway service provider allowing merchants to accept credit card and electronic checks payments through their Web site and over an IP (Internet Protocol) connection. Authorize.Net claims a user base of over 305,000 merchants, which would make them the Internet's largest payment gateway service provider.[citation needed]

I have worked on many e-commerce websites over the years that utilize Authorize.net, and am familiar with how Curt explained their system works which sounds just like how we used to integrate Authorize.net and Verisign.

Ok. But how does this explain the fraudulent card hits that were only used for TFsource?? I'm not accusing them of foul play btw.
Regardless of the situation, Curt/tfsource need to publicly address this. Playing the silent card only makes them look worse.

I can't believe I forgot to post that here, lol. I got hit with fraud on May 11th. First Itunes confirmation, then a charge to PlentyofFish. Don't use either one, so it was a dead giveaway.

Got the card cancelled and the $30 refunded.

I'm not quite sure if it was the TFSource breach or the PSN breach though. Had that card on both.

Won't be making that mistake again. I'll pick up the PSN cards at Walmart or use Paypal on TFSource to avoid this debacle again.

More and more people keep coming forward, and still no word from TFSource. Tomorrow will mark June 4th, a full month from May 4th when Soundwave2 first noticed charges on his account, notified them, and bumped this thread subject on TFW2005. More people have come forward on the threads on TFW2005 and Seibertron, too. I've been warned by the administrators of each of these sites not to talk about or threaten the status quo, so my involvement in this is more or less at an end.

I urge the TF fan community to at least attempt to hold TFSource responsible for their (repeated) mistakes/misdeeds. At this point, the only way we can hope to make a difference is to cut into their financial bottom line by shopping elsewhere. It'll take a major word-of-mouth push to make up for the positive portrayal of TFSource given off by the enormous advertising presence on the community sites, but maybe we can keep at least a few people from making the same mistake those of us who have been burned this latest go-round have made.

darkwingduck13 wrote:More and more people keep coming forward, and still no word from TFSource. Tomorrow will mark June 4th, a full month from May 4th when Soundwave2 first noticed charges on his account, notified them, and bumped this thread subject on TFW2005. More people have come forward on the threads on TFW2005 and Seibertron, too. I've been warned by the administrators of each of these sites not to talk about or threaten the status quo, so my involvement in this is more or less at an end.

I urge the TF fan community to at least attempt to hold TFSource responsible for their (repeated) mistakes/misdeeds. At this point, the only way we can hope to make a difference is to cut into their financial bottom line by shopping elsewhere. It'll take a major word-of-mouth push to make up for the positive portrayal of TFSource given off by the enormous advertising presence on the community sites, but maybe we can keep at least a few people from making the same mistake those of us who have been burned this latest go-round have made.

I'm not on the side of TF Source and I'll openly admit they are my least liked online retailer due to several bad impressions I have had with them personally.

However, no one on Staff is doing anything to make people be quiet or to suppress them from making statements on the matter. Where this site is concerned and where its Staff members are concerned, please refrain from painting us in any kind of unfair light. We simply don't censor this kind of stuff unless it becomes obvious beyond doubt that someone is fabricating a story or their own "facts".

We're an honest broker in all this.

Counterpunch wrote:I'm not on the side of TF Source and I'll openly admit they are my least liked online retailer due to several bad impressions I have had with them personally.

However, no one on Staff is doing anything to make people be quiet or to suppress them from making statements on the matter. Where this site is concerned and where its Staff members are concerned, please refrain from painting us in any kind of unfair light. We simply don't censor this kind of stuff unless it becomes obvious beyond doubt that someone is fabricating a story or their own "facts".

We're an honest broker in all this.

I'm glad to hear it, Counterpunch, especially since someone over on TFW messaged me and pointed me back to the TFW thread...which the admin has now closed. The closing post is really nice, too, where he's talking about how there are still people coming into the thread to post about having their info stolen, but it's not enough to bother with, apparently.

I can only hope that there will continue to be sites for the fandom to enjoy where the site's relationship with its users is deemed a higher priority than the site's relationship with its irresponsible sponsors.

Did anyone use their $5 off a $100 purchase from TFSource at Botcon??

I checked out their booth for the MP starscream coronation kit but they were out

I posted this on TFW2005 thread, too. I was also hit with fraudulent charges on a credit card of mine. But instead of Itunes, they decided to open up a fedex account with my credit card and then proceeded to send out multiple checks from a bank based in washington dc. Luckily, it wasn't from my bank, but I kept getting multiple phone calls from the people that received these checks asking what they were for. I was able to get the fedex account closed, closed out my credit card, and will not do business with TFSource again. It was the first time I had ever done business with them, too.

SmokeStack wrote:I posted this on TFW2005 thread, too. I was also hit with fraudulent charges on a credit card of mine. But instead of Itunes, they decided to open up a fedex account with my credit card and then proceeded to send out multiple checks from a bank based in washington dc. Luckily, it wasn't from my bank, but I kept getting multiple phone calls from the people that received these checks asking what they were for. I was able to get the fedex account closed, closed out my credit card, and will not do business with TFSource again. It was the first time I had ever done business with them, too.

Nice. I ended up with a grand total of 3 different cards that were compromised, since my wife had bought gifts for me from TFSource on the last two gift-giving occasions (plus my own card that I had used there). We're still dealing with the fallout, but it's slowing down, at least. The TFW2005 thread is locked now, in case you hadn't seen. It was too "off topic" for the admin's taste.

No, I didn't know that it got locked. I would assume that this one will eventually, too. Nothing against Seibertron or TFW2005, mind you. It is a sponsor and they wouldn't want someone bashing them. I just wish TF Source would have sent out emails or something about the issue. That is my main gripe. I had to find out from the six phone calls I received. If they ever change who deals with their transactions, I might go back, but I doubt it.