Seibertron.com Energon Pub Forums

FINALLY, NEW FORUM! Interestingly enough it took a HUGE fudge up to finally get the ball rolling on the right direction. Still not happy about the security/fraudulent charges on my account.

Instead of continuing to proceed their career in credit reports, has the club actually said sorry and accepted full responsibility yet?

Trikeboy wrote:Instead of continuing to proceed their career in credit reports, has the club actually said sorry and accepted full responsibility yet?

They're apologized, not sure about accepting full responsibility. They might not be able to legally, I'm assuming that's the advice a lawyer would give them (which I hope they have consulted because this is all extremely serious and delicate stuff). Their latest apology is in the email that was quoted in the latest news story about this.

Transformers Collectors' Club wrote:As we continue to work on our systems, you will see some of our services go offline and then come back, so please be patient as we preserve data and clone servers and websites.

We are also taking this opportunity to remove all non-essential services from our ecomerce server. So in the short term in the next day or so, the club forums will be discontinued. It will be several days until we are ready to bring them back under an entierly new piece of software. I know alot of you have been asking for this so, we have decided to replace several of our systems with new packages. This means that you will not have access to the forum for a while at all. We do plan to make the old forum viewable (no posts) in the future.

Since we do not know exactly what data was taken, we are recommending that if your have used common logins or passwords with our system and any other system that your change your passwords in those systems immidiately (especially any financial sysstems)! We will be resetting all of the passwords in our system very soon. Please don't delay in changing your passwords in other locations.

In addition, we have found a few recent aticles concerning security issues with other vendors. If you use these services, these issues could possibly impact you. Please read the attached links:

http://www.huffingtonpost.com/2012/02/1 ... 68593.html?

http://www.greenpois0n.co/itunes-accoun ... redit.html

Thanks for your support in this difficult time. We will continue to work with our vendors to correct the issues and we apologize for any inconvenience this has caused any of our members.

Brian Savage

Again?? REALLY??

-_- *sighs*

They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?

There is absolutely NO excuse for not encrypting passwords.

Jeez, what's next?!? I guess tomorrow they'll be telling us all to change our names and enter the witness relocation program!

mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?

There is absolutely NO excuse for not encrypting passwords.

That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.

I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.

It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.

Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.

Using pictures of Swindle to accompany the article is great touch.

What has me must concerned is our personal information being taken. Name, address, etc. That's how my identity got stolen.

Highlighting the failures of other websites is a distraction and doesn't take away from your own flop. I'm sure anybody who got hit at iTunes is aware of it already.

Naked Magnus wrote:

mattwhite924 wrote:They didn't encrypt the passwords!? Who the heck is running that site, a 4 year-old?

There is absolutely NO excuse for not encrypting passwords.

That is correct. I am a professional software developer and have a masters degree in computer science. The entire site is built like sites were literally 10 years ago. Either they do not want to invest the money to modernize or their own in-house developers are seriously behind the times. Their software is a complete hackjob by todays standards. Nobody uses Cold Fusion anymore. I used to, but that was in 2002.

I haven't done shopping cart sites in a long time, but I can't help but think there are off-the-shelf products out there that could easily be customized in a short period of time to replace this legacy piece of garbage.

It isn't hard to encrypt passwords. Either they are too lazy or their developers are compete idiots. It is completely trivial now'adays to encrypt passwords. Probably writing a migration script to encrypt the existing passwords is beyond their technical capabilities.

Seriously, we need to stop putting up with this crap. Another option for them is to outsource the online store to an entity that knows what it is doing.

I have a degree in Network Security and management and I see so much is wrong with how the website was setup. I know that letting an outside company handle commerce can get expensive if you aren't making alot of sales to support the cost.

What I see is just a lack of security and thinking. They thought no one would hack them, which of course is foolish thinking. For some reason the way the ordering page was setup, it felt like I was ordering from a company back in the late 90's.

As far as them accepting full responsibility, they can't. technically because the breach is well known, and has caused problems for people they are on the hook. However FunPub is no Sony, this hack job could ruin them and probably for good. I just better get what I paid for before that happens.

It's times like this when I wish we really did have Optimus Prime around to help us out occasionally. How awsome would it be to have 'ol Optimus pull up in Brian Savages driveway at midnight....clear his airbrakes line (pchooooooooooooo) blow his airhorn pissing off the neighborhood dogs (both inside and outdoors) for miles and setting off a car alarm or two as well, then Transforming and walking to the door just as Savage stumbles to it himself to see what all the comotion is about....just in time to see Prime leaning down on bended knee and simply proceeding to chastize him like a 7 year old child..."Do we have a problem with responsibilty Mr. Savage?"

Oh, how cool would that be?

Wow, I knew the website looked old-fashioned but I really thought that at least the backend would be secure. Pre-dotcom bubble sites were more modern and secure than this one. This is the ultimate betrayal of trust, pure and simple.

I will only forgive FunPub if they send me a free Punch/Counterpunch, with FREE shipping. (I'm only semi-joking about that)

If you don't know business, don't run one. It's as simple as that.

I'm not trying to be mean, I'm really not, but I mean this is their umpteenth problem and it's costing people a LOT of money.

The CC companies must be losing dough with all the canceled charges, cards, etc. TFCC is lucky the companies don't file against them. They probably could.

Naked Magnus wrote:Nobody uses Cold Fusion anymore.

Just 778,000 of us and growing. http://wwwimages.adobe.com/www.adobe.co ... st-kit.pdf

Just got fraudulent charges today. Closed my CC account. Keep checking, guys.

On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.

I got a new debt card number today. Time to go change my accounts to use it before they try to charge anything to the old number.

At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.

Andrius wrote:Just got fraudulent charges today. Closed my CC account. Keep checking, guys.

On a related note, I'm still waiting for my exclusives to ship... Insult to injury and all that.

Don't keep checking...cancel your cards NOW!

mattwhite924 wrote:At this point I wish I wouldn't have joined the Transformers Club, no toy is worth this kind of crap.

This statement says it all. You should never have to say this over a toy. Never. Ya know?

I'm so saddened and dismayed by this whole thing.

UPDATE:

As I was checking my bank account I got a $298.54 charge from Walmart.com

I was in the process of cancelling my card when I saw this. Talked to the bank rep and she told me there was a $1 authorization charge to my card account to test the card. They did that on the 2/29. Then either last night or early this morning the attempt to use the card was made at Walmart.com

Now my bank kinda sucks but they did proceed the normal way of disputing the charge and proceeded to cancel the card.

Then I decided to give Walmart.com a call, and believe it or not, I got top quality customer service over the phone than I ever did at the many Walmart stores I shopped in. I began to explain to "Kevin" that I believe my card was used without my consent for a purchase. Since I have a Walmart.com account I checked that and the last .com purchase I made was a TV back in 2010. "Kevin" asked me for the last 4 digits of the card and what the amount was. I gave him the information and he found the charge. It went through but he said Walmart canceled the charge because the address did not match and there was an account already in my name. So he said even though it was on my bank statement the charge would drop off in 3 to 5 business days. He also took it a step further and escalate the situation to the financial security department.

he couldn't tell me the entire address but the thieves were trying to purchase an iPod Touch and trying to send it to California.

So I have no card but I have some peace of mind that this charge won't stick as well as not having to fight it out with the bank.

MODS: I'm gonna post this in the threads related to the TFCC fiasco so people can have some hope if they visit one of the three threads.

bvzxa wrote:he couldn't tell me the entire address but the thieves were trying to purchase an iPod Touch and trying to send it to California.

See, this is what gets my goat the most. I have had 3 separate cases of fraud on my bank over the last few years. On each occasion it has caused me lots of stress, and in one case a stiff rebuke and cancellation of my account by PayPal (for some completely ludicrous reason)

I have asked my bank to chase it up and the merchant has supplied me with a printout of the transaction, but with the name and address of the criminal blacked out. Why the hell do criminals get the right to anonmyity? I just don't get it.

Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Burn wrote:Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

Banjo-Tron wrote:

Burn wrote:Because as far as the merchant is concerned, they're customers not criminals, giving out data like that will be a breach of their privacy.

Oh OK. I assumed that the bank was the one that obscured their details, not the merchant. Does that mean that their identities are protected if, say, the police wanted to see 'em?

No. With a warrant or a subpoena, PayPal has to release that information so an arrest may be made.

just a heads up to anyone interested.

TFCC is giving out refunds on their memberships based on the remaining time on your membership.

so if anyone wants to take action against this loss of personal data, please email TFCC and get your money back, they will also wipe all your data once you cancel your membership.

Damaging Brian Savage's bottom line is the only thing the TFCC will really feel, Botcon and the TFCC have made him a rich man, and there is no excuse for the broken, outdated site he was running when you are intaking the kind of money he does from the TF collector's community.

He had a responsibility and ignored it, I urge you all to pull your memberships.