darkwingduck13 wrote:As I stated in the TFW thread, I dealt with the problems for almost 2 weeks before seeing the thread on TFW. My debit card, my wife's credit card, my wife's debit card, and my friend's debit card all got compromised. It wasn't until we were sitting around the kitchen table and they were watching me unwrap my birthday presents that it all came together. I kept saying, "You ordered this online, didn't you?" and they both said they ordered my gifts from TFSource. A little more talking, and it turned out all three of us had cards compromised. That's what led me to start checking for info online, and I found the TFW thread. Now it seems like it's all going to get covered up, judging by TFSource's lack of public comment and the TFW admin trying to censor the thread.
There are also multiple people in the TFW thread who had cards that were used for nothing but TFSource. It's not really a question whether it could be TFSource yet, but more of a question of why they chose not to notify their customer base when the first reports of this were sent to them almost a month ago now. They are (sometimes) responding to complaints by saying that the problem lies with authorize.net, their credit card processor. Odds are that this is the same processor they were using the first time they had this problem...they have not been forthcoming with information, because all they've ever said publicly is that security is important to them and that they're improving it.
If they stuck with the same credit card processor after the first time this happened, then this time the blame rests squarely on their shoulders.
VectorA3, just make sure you keep a close eye on your account. The thing with these security breaches is that the thieves get a whole list of credit card numbers at a a time...they don't pick and choose. Your account looks just fine, business as usual, right up until they finally pick your number off that list and try to do something with it. Charges to places like iTunes or online dating sites are common ways for credit thieves to check and make sure your card is valid. If you have a spouse, and you see some small iTunes charge on your account the first day, don't just assume she bought a song or CD...ask her. The first report of someone having a problem occurred on May 4th. I'm still hearing from people as of yesterday who are just now seeing the fraudulent charges.
Autobot032 wrote:As for TFW and their censoring this issue? Par for the course. It's to be expected, really.
Kibble wrote:Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...
BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...
Seibertron wrote:Kibble wrote:Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...
BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...
You should cancel the card you used with PSN and have them send you a new number. Be proactive, don't wait until they end up using your card six months from now.
darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.
Seibertron wrote:darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.
Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.
darkwingduck13 wrote:Seibertron wrote:darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.
Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.
Then how about making a front-page news item to help let people who haven't been in the General Discussion forum know that they need to keep an eye on their accounts (or even better, just go ahead and request new cards now)?
Don't get me wrong, I'm not pissed at site owners personally, but when a business like TFSource repeatedly screws over the fanbase and you guys keep supporting it by advertising for it, it's like you're saying that it's all okay. And as long as people think it's all okay, and can be swept under the rug, then nothing is ever going to change.
Chase wrote:Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.
As a reminder, we recommend that you:
Don't give your Chase OnlineSM User ID or password in e-mail.
Don't respond to e-mails that require you to enter personal information directly into the e-mail.
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don't reply to e-mails asking you to send personal information.
Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive Office
Zales wrote:Recently, Citi was notified of a system breach at Epsilon, a third-party vendor that provides marketing services to a number of companies, including Citi. The information obtained was limited to the customer name and email address of some credit card customers. No account information or other information was compromised and therefore there is no reason to re-issue a new card.
Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers of the following:
Citi Cards uses an Email Security Zone in all of our email to help you recognize that the email was sent by us. Customers should check the Email Security Zone to verify that the email you received is from Citi and reduce the risk of personal information being "phished." To help you recognize that the email was sent by Citi we will always include the following in the Email Security Zone in the top headline portion of all our emails:
Your first name and last name
Last four digits of your Citi card account number
And recently to increase security, we have added your “member since” date located on the front of your card, where available.
More information about phishing is available here: learn more
Important steps that you can take to protect your security online:
Don't provide your Online User ID or password in an e-mail.
Don't reply to e-mails that require you to enter personal information directly into an e-mail or URL.
Don't reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
It is not recommended to use your e-mail address as a login ID or password.
If you suspect that you’ve received a fraudulent e-mail message, please forward it to us.
Forward suspicious e-mails to: spoof@citicorp.com
If you have any questions or concerns about emails that you may receive that look suspicious, we encourage you to contact Citi Customer Service at the phone number on the back of your card.
Target affected by Epsilon security breach
by Nancy Lebens, Minnesota Public Radio
April 4, 2011
St. Paul, Minn. — Target Corporation is now among the companies notifying customers that their email addresses may be used by in Internet scams.
Target says it was told about the security breach by marketing firm Epsilon, but didn't say when. Two other Minnesota companies, Best Buy and US Bank also sent email notices to customers warning them not to respond to emails asking for personal information.
Epsilon reported a security breach in which the email addresses of customers were released. The 20-plus companies affected include Amazon.com, Walgreens, TiVo, and the College Board, the organization that runs the SATs.
Seibertron wrote:darkwingduck13 wrote:Seibertron wrote:darkwingduck13 wrote:Makes me wonder just how many board owners are in Curt's pocket.
Keep this topic fair please. I am more than happy to help where I can as long as you guys aren't on a witch hunt.
Then how about making a front-page news item to help let people who haven't been in the General Discussion forum know that they need to keep an eye on their accounts (or even better, just go ahead and request new cards now)?
Don't get me wrong, I'm not pissed at site owners personally, but when a business like TFSource repeatedly screws over the fanbase and you guys keep supporting it by advertising for it, it's like you're saying that it's all okay. And as long as people think it's all okay, and can be swept under the rug, then nothing is ever going to change.
We didn't have a surge of people posting about this problem on Seibertron.com. In fact, not a single member contacted me about this problem (only a small handful of staff members alerted me to the situation on TFW regarding this, and a couple of TFW members who felt they weren't getting fair treatment on TFW about this).
I am continuing to analyze the situation and gather information from various people so that I can make a case for everyone if needed and, if necessary, encourage TFsource.com to make a statement. I thought it was odd that the majority of people who've had a problem with this post on TFW2005 but not on Seibertron.com, which makes me think that this problem goes back to the original hack from around December 2009 (meaning TFsource had a significantly higher customer base ratio from TFW prior to TFsource advertising on Seibertron.com) and people who never changed their cards (though I am aware of a few people saying that it was a new card so that, in some situations, would contradict my theory possibly).
It seems like if there was a major hack in the past couple of months, we'd have people here posting about this problem as well (30,000 to 50,000 people per day visit Seibertron.com and TFsource.com has been advertising on this site for almost 2 years). Doesn't that strike you guys as odd also?
If other people post here and factually present their situation, I'm more than happy to look over everything to figure out what actions might need to take place, if any at all. So far, I haven't heard from but a small handful of Seibertronians which isn't enough for me to rule out all of the fraud that has been reported by the news media over the past couple of months (i.e. Sony, Michael's, Chase, Target, Zales, etc).Chase wrote:Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.
As a reminder, we recommend that you:
Don't give your Chase OnlineSM User ID or password in e-mail.
Don't respond to e-mails that require you to enter personal information directly into the e-mail.
Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don't reply to e-mails asking you to send personal information.
Don't use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive OfficeZales wrote:Recently, Citi was notified of a system breach at Epsilon, a third-party vendor that provides marketing services to a number of companies, including Citi. The information obtained was limited to the customer name and email address of some credit card customers. No account information or other information was compromised and therefore there is no reason to re-issue a new card.
Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers of the following:
Citi Cards uses an Email Security Zone in all of our email to help you recognize that the email was sent by us. Customers should check the Email Security Zone to verify that the email you received is from Citi and reduce the risk of personal information being "phished." To help you recognize that the email was sent by Citi we will always include the following in the Email Security Zone in the top headline portion of all our emails:
Your first name and last name
Last four digits of your Citi card account number
And recently to increase security, we have added your “member since” date located on the front of your card, where available.
More information about phishing is available here: learn more
Important steps that you can take to protect your security online:
Don't provide your Online User ID or password in an e-mail.
Don't reply to e-mails that require you to enter personal information directly into an e-mail or URL.
Don't reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
It is not recommended to use your e-mail address as a login ID or password.
If you suspect that you’ve received a fraudulent e-mail message, please forward it to us.
Forward suspicious e-mails to: spoof@citicorp.com
If you have any questions or concerns about emails that you may receive that look suspicious, we encourage you to contact Citi Customer Service at the phone number on the back of your card.
(I swore I have the following email or something similar from when Target notified me, but I can't find that email oddly. Here it is from another website at http://minnesota.publicradio.org/displa ... rity-leak/ )Target affected by Epsilon security breach
by Nancy Lebens, Minnesota Public Radio
April 4, 2011
St. Paul, Minn. — Target Corporation is now among the companies notifying customers that their email addresses may be used by in Internet scams.
Target says it was told about the security breach by marketing firm Epsilon, but didn't say when. Two other Minnesota companies, Best Buy and US Bank also sent email notices to customers warning them not to respond to emails asking for personal information.
Epsilon reported a security breach in which the email addresses of customers were released. The 20-plus companies affected include Amazon.com, Walgreens, TiVo, and the College Board, the organization that runs the SATs.
Here's a list according to this website of companies affected by the breach at Epsilon: Chase Bank, Citi Bank, AbeBooks, Disney, Krogers, Brookstone, Hilton Honors, LL Bean, Capital One Financial Corp., Barclays Bank, U.S. Bancorp, JPMorgan Chase & Co., Ameriprise Financial Inc. a, Best Buy Co., TiVo Inc., New York & Co., Walgreen, The College Board (CollegeBoard.com), Marks & Spencer,
More about the various companies affected by the breach at Epsilon: http://www.google.com/#sclient=psy&hl=en&source=hp&q=%22companies+affected%22+epsilon&aq=f&aqi=g-c1&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=19a59778de2c65e2&biw=1920&bih=961
What if the information compromised from major banks and retailers wasn't limited to personal and email information? I can't help but think that somehow this could be related and until I can rule that out to the best of my abilities, I can't point any fingers at one of this site's sponsors, especially after I inquired about it and was informed that there was no compromise of customer information to the best of their knowledge.
darkwingduck13 wrote:3. By going out and gathering all this extraneous information and posting it here after your previous post (where you said you'd be happy to help), it's become clear that what you really meant is that you're happy to try to help TFSource, not the people who are affected by their unconscionable way of doing business.
I understand that running a website is an expense. I and many other fans appreciate having places to congregate and talk about our hobby. However, the way this has gone down has ended up exposing some major flaws in the way that the sponsorship system apparently works.
vectorA3 wrote:I've been trying to remain neutral on this, but can no longer turn a blind eye to this. In the last 15 posts, two more people reported they'd been hit, including Counterpunch. What more proof do we need? I've checked my Amex again, and no suspicious activity. I should probably cancel/change my # before anything goes down. While TFSource can say they were not hacked directly, the 3rd party company they use had to have been. Very bad business to not acknowledge for the customers, even if the neither of the sites were hacked. Bestbuy/bestbuy.com sent me an email this year warning of a potential breach to Epsilon. Fortunately no suspicious charges. I think I got a similar email from Chase when they were hit too. The least Tfsource & vendor could provide is a warning. Wth?
If they're not careful both of them are gonna wind up in some nasty lawsuits.
Authorize.Net is a payment gateway service provider allowing merchants to accept credit card and electronic checks payments through their Web site and over an IP (Internet Protocol) connection. Authorize.Net claims a user base of over 305,000 merchants, which would make them the Internet's largest payment gateway service provider.[citation needed]
darkwingduck13 wrote:More and more people keep coming forward, and still no word from TFSource. Tomorrow will mark June 4th, a full month from May 4th when Soundwave2 first noticed charges on his account, notified them, and bumped this thread subject on TFW2005. More people have come forward on the threads on TFW2005 and Seibertron, too. I've been warned by the administrators of each of these sites not to talk about or threaten the status quo, so my involvement in this is more or less at an end.
I urge the TF fan community to at least attempt to hold TFSource responsible for their (repeated) mistakes/misdeeds. At this point, the only way we can hope to make a difference is to cut into their financial bottom line by shopping elsewhere. It'll take a major word-of-mouth push to make up for the positive portrayal of TFSource given off by the enormous advertising presence on the community sites, but maybe we can keep at least a few people from making the same mistake those of us who have been burned this latest go-round have made.
Counterpunch wrote:I'm not on the side of TF Source and I'll openly admit they are my least liked online retailer due to several bad impressions I have had with them personally.
However, no one on Staff is doing anything to make people be quiet or to suppress them from making statements on the matter. Where this site is concerned and where its Staff members are concerned, please refrain from painting us in any kind of unfair light. We simply don't censor this kind of stuff unless it becomes obvious beyond doubt that someone is fabricating a story or their own "facts".
We're an honest broker in all this.
SmokeStack wrote:I posted this on TFW2005 thread, too. I was also hit with fraudulent charges on a credit card of mine. But instead of Itunes, they decided to open up a fedex account with my credit card and then proceeded to send out multiple checks from a bank based in washington dc. Luckily, it wasn't from my bank, but I kept getting multiple phone calls from the people that received these checks asking what they were for. I was able to get the fedex account closed, closed out my credit card, and will not do business with TFSource again. It was the first time I had ever done business with them, too.
Return to Transformers General Discussion
Registered users: Bing [Bot], Google [Bot], Google Adsense [Bot], Majestic-12 [Bot], Nemesis Destron, trailbreaker