Message from TFsource.com to its members

Message from TFsource.com to its members

Friday, January 8th, 2010 4:43pm CST

Categories: Toy News, Sponsor News, Company News
Posted by: Seibertron   Views: 29,057

Topic Options: View Discussion · Sign in or Join to reply

Here is the message received today from Curt, the owner of TFsource.com. TFsource.com is one of Seibertron.com's sponsors.

Dear TFsource Members,

It has come to our attention that some of our customers information may have been compromised based on an attack that resulted in fraudulent charges being attempted on some customers credit card accounts.

We are recommending each customer who has a credit card on file with TFsource to review your statements and contact your credit card issuer immediately. Additionally please contact us if you would like us to remove all of your card data from your account.

Only a sub-segment of our customers so far has been affected, and this could be a larger issue outside of TFsource, but regardless it is our recommendation for all customers of TFsource to be safe and follow the above course of action.

Note: If you make purchases on TFsource via Paypal, Paypal is a trusted 3rd party and not affected, and is always a secure way to pay on TFsource. Also customers who pay with check or money order are not affected.

We are still investigating this matter and have been working diligently adding additional layers of security to our website, as well as with our 3rd party credit card processor regardless of where the issue originated. We will be continuing this process and adding further security to the site over the next few days and looking at long term solutions to restore confidence to all who visit our site and ensure TFsource is always a secure site to shop at.

We realize this is very frustrating for all involved. We at TFsource have always operated this business with the highest level of integrity, and I can personally assure you that no one internally at TFsource was involved in any of these actions.

Finally we would like to thank all that were persistent in bringing this matter to our attention as early as possible. Without the community and support we would not have been able to begin immediately investigating this issue.

Sincerely,
Curt


TFsource.com has been a great asset in the world of online retailers that sell Transformers toys. We hope that you will continue to support TFsource.com by continuing to purchase products from them. If you have a Paypal account, we would recommend that you use that in the meantime when purchasing orders from TFsource.com.

For additional information regarding this unfortunate situation, please read yesterday's news story.

Credit(s): TFsource.com


This article was last modified on Friday, January 8th, 2010 4:47pm CST

News Search

Got Transformers News? Let us know here!

Re: Message from TFsource.com to its members (1034850)
Posted by Narc on January 8th, 2010 @ 5:04pm CST
Called AmEx again to verify my account and it seems to be secure. Just watch your accounts for the meantime, it could happen with anyone. TFsource has done fine by me and I will continue to purchase stuff from them, but this time I'll go through Paypal. I also asked Curt to remove my credit card info from their database just as a safety precaution.

Remember, TFsource is as much a victim here as anyone else, maybe even more because they stand to lose a lot more than any one single person here. It was their 3rd party credit card processor that was compromised, not them directly, but they are now carrying the stigma that this issue has brought about. If it happened with BBTS, I would still patronize them because they are also good people.
Re: Message from TFsource.com to its members (1034878)
Posted by kirbenvost on January 8th, 2010 @ 5:54pm CST
I also asked to have my credit card info removed from my Tfsource account, but I will certainly continue to order from them using Paypal.
Re: Message from TFsource.com to its members (1034888)
Posted by LiKwid on January 8th, 2010 @ 6:46pm CST
Alot of the members here make very good points...The situation is a tough one no doubt for all of those involved..If anything it should just encourage people to use paypal instead of directly using a CC..Personally , after having some time to contact the staff at Tfsource and reaqd up on some of the info here as well, I decided that Tfsource is in fact not the devil here but rather the lil bastids who were behind this..


I decided that I'm gonna give Tfsource another chance.. I hope that many others decide to as well..I have had serveral good convo's with the staff as of late and they have regained my business..I wish the best of luck to Curt and the staff and hope this matter gets resolved .:)
Re: Message from TFsource.com to its members (1034931)
Posted by DevastaTTor on January 8th, 2010 @ 8:42pm CST
I'm really glad to see cooler head prevail in the last few posts.

Look guys (& gals), your data is being compromised all the time. Hell, everytime you hand your credit card to a waiter in a restaurant, you're exposed. Sometimes things like this happen and the credit/data handlers realize they've been hacked. Other times, hackers download tons of data and just walk away. There may be no issues or warning signs for weeks or months. The point is this: for most of us who purchase items online with a credit card, it's a matter of if, not when, you'll be compromised. And in the end, since credit card issuers will not hold you liable for these charges, it's generally not much more than an inconvinience at best. This sucks, I know. But it's sure not going to stop me from buying online, be it BBTS, TFSource, Amazon, or any other online vendor.
Re: Message from TFsource.com to its members (1035113)
Posted by Artakha Prime on January 9th, 2010 @ 9:42am CST
Happy i haven`t used any sites yet. Just shows how much their security system is worth. And that you should use InPrivate when you buy anything.
Re: Message from TFsource.com to its members (1035123)
Posted by muswp1 on January 9th, 2010 @ 10:11am CST
Just got a call from my credit card company about several charges that tried to go through this morning, Itunes and a couple of HK based sites. Fortunately, the CC company stopped all of them and is closing that account.

EDIT: I just tried getting onto TFSource and doublechecking which cards of mine are on there and the whole site is offline.
Re: Message from TFsource.com to its members (1035857)
Posted by kirbenvost on January 11th, 2010 @ 1:52pm CST
Seems to be back up right now. Curt did say that they would be upgrading their security systems and such so that could be why the site was down.

I checked my credit card again and that $1 iTunes charge was unclaimed and has dropped off my account. I'm fairly certain now that my card was not affected and that was iTunes legitimately confirming my card info. Curt also said that the only card info I had on file was from my old expired card, and all my recent orders have been by Paypal.
Re: Message from TFsource.com to its members (1036632)
Posted by God Optimus Prime on January 13th, 2010 @ 12:46pm CST
Man, I just gotta call right now from my credit card company that somebody was trying to purchase Itunes with my debit card. I was checking my card online last week when this news hit. No transactions. But from the phone call, the guy said they tried purchasing Itunes on january 7th and something that's worth $500. I was thinking, I was checking my account last week and nothing happened. The dude said they were just checking to see if the card was working or something. :-x
Re: Message from TFsource.com to its members (1036702)
Posted by chuuzetsu on January 13th, 2010 @ 4:41pm CST
Does TFSource use the same third party company to charge cards that Toy Arena uses?
Re: Message from TFsource.com to its members (1037134)
Posted by Counterpunch on January 15th, 2010 @ 8:12am CST
No charges to my card as of yet.
Re: Message from TFsource.com to its members (1229742)
Posted by darkwingduck13 on May 27th, 2011 @ 9:50pm CDT
I did a search of the forums to see if this was already being discussed, but searching for "TFSource credit card" brought this up as what looked like the most recent thread. It turns out that TFSource has had their credit card records compromised again. Of course there's been no notification to their customer base, and I've been warned to stop talking about it on TFW's forums. You can view the thread here:

http://www.tfw2005.com/boards/transformers-general-discussion/286348-warning-tfsource-account-billing-info-compromised-may-2011-a-114.html#post6089982

If you've done any business with TFSource over the past 6 months (I believe that was the oldest report we got in the thread), or honestly if you've EVER done business with TFSource and they have one of your current cards on record, you should be extremely vigilant in watching your account for suspicious charges!

This is the second time they've been compromised, and when combined with the shady crap they pulled with the Shadow Scyther restock incident, I have decided that I will never purchase from their business again.
Re: Message from TFsource.com to its members (1229789)
Posted by vectorA3 on May 28th, 2011 @ 12:05am CDT
last month I bought a G1 figure from TFsource using an Amex card. Checked it now, no suspicious charges. So far I have no beef with Tfsource, but they should notify people that their 3rd party company who handles the card #s - got hacked. That's the least they can do
Re: Message from TFsource.com to its members (1229806)
Posted by Seibertron on May 28th, 2011 @ 12:52am CDT
Until there is indisputable proof to the contrary, please keep in mind that this discussion is purely speculation at this point. I know some of you feel wronged by this, but I'll take Curt at his word that they were not hacked to the best of his knowledge. He was very forthcoming with information the first time this happened in December 2009/January 2010 so I trust that he would do the same this time.

For those of you who are concerned about your cards, simply call up your bank, have them cancel your current cards and have them send you new ones. Banks should all do this for you free of charge. Yeah, it's a little inconvenient having to update your card number with everyone, but it sure as hell beats waking up and having your account zeroed out.

For those of you who have had your information recently compromised, is there any chance that this is the same card that you had on file with TFsource from 1.5 years ago? Is it possible that your card was part of the hack that affected major retailers such as Target, Zales, etc a month or two back? Is it possible that you used your card recently at Michael's or Aldi's, both stores that recently had their debit card machines hacked?

Just seems like there's too much of this going on elsewhere right now for us to be able to pinpoint this on TFsource at the moment. I've read a lot of the concerns posted at TFW and can come up with conterpoints for most of what people have encountered from my experience as an e-commerce website programmer from the past ten years. I'm not ruling out that TFsource was hacked, I just think people have been too quick to assume that's where this problem came from.
Re: Message from TFsource.com to its members (1229868)
Posted by darkwingduck13 on May 28th, 2011 @ 7:15am CDT
As I stated in the TFW thread, I dealt with the problems for almost 2 weeks before seeing the thread on TFW. My debit card, my wife's credit card, my wife's debit card, and my friend's debit card all got compromised. It wasn't until we were sitting around the kitchen table and they were watching me unwrap my birthday presents that it all came together. I kept saying, "You ordered this online, didn't you?" and they both said they ordered my gifts from TFSource. A little more talking, and it turned out all three of us had cards compromised. That's what led me to start checking for info online, and I found the TFW thread. Now it seems like it's all going to get covered up, judging by TFSource's lack of public comment and the TFW admin trying to censor the thread.

There are also multiple people in the TFW thread who had cards that were used for nothing but TFSource. It's not really a question whether it could be TFSource yet, but more of a question of why they chose not to notify their customer base when the first reports of this were sent to them almost a month ago now. They are (sometimes) responding to complaints by saying that the problem lies with authorize.net, their credit card processor. Odds are that this is the same processor they were using the first time they had this problem...they have not been forthcoming with information, because all they've ever said publicly is that security is important to them and that they're improving it.

If they stuck with the same credit card processor after the first time this happened, then this time the blame rests squarely on their shoulders.

VectorA3, just make sure you keep a close eye on your account. The thing with these security breaches is that the thieves get a whole list of credit card numbers at a a time...they don't pick and choose. Your account looks just fine, business as usual, right up until they finally pick your number off that list and try to do something with it. Charges to places like iTunes or online dating sites are common ways for credit thieves to check and make sure your card is valid. If you have a spouse, and you see some small iTunes charge on your account the first day, don't just assume she bought a song or CD...ask her. The first report of someone having a problem occurred on May 4th. I'm still hearing from people as of yesterday who are just now seeing the fraudulent charges.
Re: Message from TFsource.com to its members (1229880)
Posted by vectorA3 on May 28th, 2011 @ 8:31am CDT
Thanks for the warning. Hope no one else gets screwed. TFsource is either incredibly dumb or really doesn't think they've been breached if they are not sending warning notifications to their customers. Why they don't care about losing customers is beyond me.
Re: Message from TFsource.com to its members (1230127)
Posted by Counterpunch on May 28th, 2011 @ 9:40pm CDT
It finally happened to my card that had been used on TF Source. Though, to be fair, it had also been used on PSN.
Re: Message from TFsource.com to its members (1230182)
Posted by Kibble on May 29th, 2011 @ 1:25am CDT
Amongst my group of local collectors that have used a CC at TFsource, I think about every one of them has been hit now (about 10 people.) Can't really tell you where the fault lies, but if you've used a card at TFsource in the last year and haven't already been hit, I strongly suggest you cancel your card NOW because it's just a matter of time...

BTW, many of those approx. 10 do not use PSN and the card I used for PSN has not been compromised to date...
Re: Message from TFsource.com to its members (1230191)
Posted by Autobot032 on May 29th, 2011 @ 2:21am CDT
darkwingduck13 wrote:As I stated in the TFW thread, I dealt with the problems for almost 2 weeks before seeing the thread on TFW. My debit card, my wife's credit card, my wife's debit card, and my friend's debit card all got compromised. It wasn't until we were sitting around the kitchen table and they were watching me unwrap my birthday presents that it all came together. I kept saying, "You ordered this online, didn't you?" and they both said they ordered my gifts from TFSource. A little more talking, and it turned out all three of us had cards compromised. That's what led me to start checking for info online, and I found the TFW thread. Now it seems like it's all going to get covered up, judging by TFSource's lack of public comment and the TFW admin trying to censor the thread.

There are also multiple people in the TFW thread who had cards that were used for nothing but TFSource. It's not really a question whether it could be TFSource yet, but more of a question of why they chose not to notify their customer base when the first reports of this were sent to them almost a month ago now. They are (sometimes) responding to complaints by saying that the problem lies with authorize.net, their credit card processor. Odds are that this is the same processor they were using the first time they had this problem...they have not been forthcoming with information, because all they've ever said publicly is that security is important to them and that they're improving it.

If they stuck with the same credit card processor after the first time this happened, then this time the blame rests squarely on their shoulders.

VectorA3, just make sure you keep a close eye on your account. The thing with these security breaches is that the thieves get a whole list of credit card numbers at a a time...they don't pick and choose. Your account looks just fine, business as usual, right up until they finally pick your number off that list and try to do something with it. Charges to places like iTunes or online dating sites are common ways for credit thieves to check and make sure your card is valid. If you have a spouse, and you see some small iTunes charge on your account the first day, don't just assume she bought a song or CD...ask her. The first report of someone having a problem occurred on May 4th. I'm still hearing from people as of yesterday who are just now seeing the fraudulent charges.


Glad you mentioned the fact that a TFW admin is trying to censor the thread. Both Kickback, who is notorious for being TFW's version of a corrupt cop, and now Tony Bacala, the owner, are basically telling people to keep their mouths shut. They didn't really step in until people started critiquing TFW for advertising for them and taking money from a disreputable source. Once that was stated publicly, they came in and tried to clean up the mess.

Goes to show you how disgusting they can be. I thought Bacala might have more integrity than Kickback, but I was wrong. Though, to be fair, Kickback has no integrity, so Bacala having even a modicum of it is better than Kickback.

And it should be said that only a few people believe TFSource was hacked, and they're wrong. The rest of the people know that TFSource was not hacked and that they blame it on their processor. Which, as I stated in another thread is supposedly a division of Visa. I sincerely doubt Visa would steal from their own customers.

As for this being a PSN problem, no. Many people have come forward and said the card that got ripped off at TFSource had never been used at PSN, and some even said they don't own a PS3. So saying it's partly to blame on the PSN situation is wrong. Flat out wrong.

Do I think TFSource itself is stealing the numbers and doing all of this? No. Curt's not that low. Besides, it would be happening more frequently if that was the case. There must be something between them and the processor that acts as a middleman/go between, and I'm guessing that's where the problem lies.

However, to be honest... plenty of people keep their credit card information on BBTS's servers and haven't been ripped off. In fact, BBTS requires a credit card for preorders, and I've only heard of one person having a problem with their credit card involving BBTS. Yet I've heard countless complaints over TFSource.

Even if Curt and his crew aren't directly responsible for this issue, it still doesn't look good for them when they don't publicly address it and don't change their current system so this doesn't happen again.

If I was Curt and this happened the first time, people would be calling for my head on a stick. From that point on, I'd make sure I found out the source of the problem and corrected it to the best of my abilities. If it happened a second time, people would want my blood and they'd have every reason to be angry.

If nothing else, Curt should switch to PayPal only and be done with it. He still gets his payment, the people still get their stuff, and there's no direct access to the credit cards. However, that leaves the buyer at a disadvantage in case they need to dispute something.

Do I think Curt and his staff are evil? No. That's ridiculous.
Do I think they're the ones behind it? No.

I do think, however, they should find the source of this problem (no pun intended), and fix it. It'll go a long way towards making amends with the fandom, which they sorely need.

As for TFW and their censoring this issue? Par for the course. It's to be expected, really.
Re: Message from TFsource.com to its members (1230224)
Posted by chrisc4 on May 29th, 2011 @ 6:57am CDT
yeah it happened to me last friday. I had my card my university gave to me stolen. they used $1 amounts on netflix and itunes. the idiot tried to open and ship on a fedex account under my name. i used that card to order the generations wave with megs way back in october at tfsource. i use my regular bank credit card when i order from big bad toystore or amazon. luckily i canceled the card.
Re: Message from TFsource.com to its members (1230294)
Posted by Seibertron on May 29th, 2011 @ 11:52am CDT
Autobot032 wrote:As for TFW and their censoring this issue? Par for the course. It's to be expected, really.


Please do not turn this thread into an anti-TFW thread. Those guys work their butts off on TFW just like the staff here works our butts off on Seibertron.com. TFsource.com is also a sponsor of Seibertron.com. I have a responsibility to the advertisers on my site to be fair to them and to give them the benefit of the doubt.

When I reached out to Curt pertaining to this issue a couple of weeks ago, he assured me that they weren't hacked. I have to take him at his word until we hear otherwise. If you guys wish to present your personal situation related to this in a fair, open-minded, factual, and non-attacking/non-accusatory manner, I will be more than happy to present the information, in its entirety, to TFsource.com. But I need your guys cooperation.

Three words to resolving this situation: cool heads prevail.

Featured Products on Amazon.com

Buy "Transformers MPM04 Optimus Prime" on AMAZON
Buy "Transformers MPM-03 Movie 10th Anniversary Figure Bumblebee" on AMAZON
Buy "Transformers: Bumblebee -- Energon Igniters Nitro Series Barricade" on AMAZON
Buy "Transformers Authentics Megatron" on AMAZON
Buy "Transformers: Bumblebee Movie Toys, Power Charge Bumblebee Action Figure - Spinning Core, Lights and Sounds - Toys for Kids 6 and Up, 10.5-inch" on AMAZON
Buy "Transformers Generations Titans Return Deluxe Misfire and Aimless" on AMAZON
Buy "Transformers: Generations Power of The Primes Evolution Optimal Optimus" on AMAZON
Buy "Transformers Generations Power of The Primes Evolution Nemesis Prime (Amazon Exclusive)" on AMAZON
Buy "Transformers Generations Titans Return Triggerhappy and Blowpipe" on AMAZON
Buy "Transformers Generations Combiner Wars Deluxe Class Prowl Figure" on AMAZON
Buy "Transformers Generations Titans Return Titan Class Fortress Maximus" on AMAZON
Buy "Transformers Generations Combiner Wars Victorion Collection Pack" on AMAZON
Transformers Podcast: Twincast / Podcast #278 - The Return of Rodimus Prime
Twincast / Podcast #278:
"The Return of Rodimus Prime"
MP3 · iTunes · RSS · View · Discuss · Ask
Posted: Sunday, June 13th, 2021

New Items on eBay

Buy "Transformers Rescue Bots Chase Brush Fire Boulder Hasbro" on EBAY
Buy "Transformers Kre-O 30662 Ratchet new sealed hasbro unopened 187 pieces" on EBAY
Buy "ULTRA MAGNUS Transformers Kingdom War For Cybertron Trilogy Leader Class 2021" on EBAY
Buy "KRE-O TRANSFORMERS LOT IRONHIDE & MEGATRON KREON BATTLE CHANGER SEALED" on EBAY
Buy "Transformers Prime Robots in Disguise Autobot Ratchet Deluxe Action Figure " on EBAY
Buy "TRANSFORMERS RESCUE BOTS SALVAGE, Griffin Rock Construction Team Flip Racer 2017" on EBAY
Buy "Transformers DOTM Battle In Moon Light Cyberverse Optimus Prime Trailer Part" on EBAY
Buy "Transformers Prime First Edition Bulkhead Takara Tomy MISB MINT" on EBAY