Thanks Vaskania. 

Can we get you on staff soon?  You are most helpful and I appreciate ya.

Got three prepaid Visa cards now with very little money and they get used in specific places only. As for the rest, I have a little bit of money in my PP account if I want to buy 3D stuff, but I got so disheartened by all this that I simply stopped spending any cash on 3D sites...I might check in once a week for freebies mainly...There is too many of us for me to feel safe...no matter which site.

Any news from Rendo's IT team?  Any idea how the criminals attacked us here? Is there anything we can do to support you?

Just to add to the saga. I had my card compromised after using Renderosity on Feb 21st. Luckily charges were stopped by the card company. I put it down to something at my end and although I take care etc I re-scanned, ran anti-malware etc and found nothing. I got a new card issued and used it only once, at Renderosity on Mar 14th, and immediately afterwards it was used fraudulently. At least this thread reassures me the problem isn't my end but there does seem to a complacent attitude from Renderosity over this so despite having used the site for years I will avoid it for the immediate future at least.

@zicsov Same here and also nearly at the same time. First card end of February, second card mid of March. First card after using it at Rendo but I used for a lot of stuff, second card used it only for three shops (Amazon, Paypal and Rendo) and the last one was Rendo and after using it here I got my card compromised.

My system is clean due intense scanning with two different anti-virus-tools and anti-virus is of course always active.
I am also always checking for HTTPS connection before entering any credit card info.

I am a long time user and shopper here at Rendo but I will consider it multiple times before I enter any credit card info again here.
At the moment I have too much trouble because of this lack of security here.

Just fell across this thread and it has been a revelation.  My Credit Cards have been done 5 times in seven months and I was beginning to take it personal.  Both of these cards are only used for purchases at three sites, here, e-on software and RDNA.  One card I had re-issued and I did not use it for two weeks.  I then used it at here at Rendo and within 48 hours I have the fraud prevention on the phone because it has been hacked again.   Tried a separate card and used it only at Rendo, hacked again.  Now those that know about these things may well be able to explain many different ways that this can happen but another card that does not go online and is used for face to face purchases has remained secure.

 Wherever this problem is I know that as soon as I have spent my upcoming bonus for my purchases in March I am taking a three month break from buying anything here.   

If any of you are on wifi, also note that an unsecured connection (or even a badly secured one) can also be compromised, which can lead to a CC hijacking.

If any of you are on wifi, also note that an unsecured connection (or even a badly secured one) can also be compromised, which can lead to a CC hijacking.

I understand that and that is good advice but in my case the modem is not only password protected but it also runs a blacklist with the only exceptions being my PCs and Kindles.  In addition I also do all my banking online but never use my debit card for purchases, online or otherwise, just for ATM withdrawals.  My wife uses the same network and the only card that have been hacked are mine and only the ones used for 3D related purposes.  After the third occasion I only used the cards for purchases here at Rendo and I was hacked twice more.  I did however use the other accounts for Amazon purchases and they have stayed secure so far.  I am not blaming Rendo as I have no proof and so it would be wrong for me to do so.  Having said that it does seem a wise precaution for me to stop spending here for at least a few months.  Of course, if I take a break and then come back and I get hacked again, despite what anyone might say, my spending ban will become permanent.  To do otherwise be rather foolish under the circumstances.

One final thought, the people who post here are a small proportion of those who shop here, plus, I only found this thread after another thread I was interested in was moved from the Poser forum.  Given this information I wonder just how many people who shop here have had their cards hacked recently. 

If any of you are on wifi, also note that an unsecured connection (or even a badly secured one) can also be compromised, which can lead to a CC hijacking.

...and all of us here in this thread have an unsecured connection? Come on! I for example are not shopping through Wifi, I have a closed network, firewall and whitelist (only devices I know are allowed in my network).

All the statements you can read in this thread point to major security issue here at Rendo. 

Kindly quote me where I said in exact words that it's not Rendo? You seem to have missed where I said IF and gave a possibility. Did I say it was a certainty? Did I say it was everyone?

Just because YOU'RE not shopping from an internet cafe doesn't mean someone else isn't. Good, great, I'm glad your shit's secure. Not everyone is tech savvy enough to Fort Knox their wifi.

I merely offered a possibility for those that MIGHT fit that situation. Please don't read more into it than that.

Well you can add me to the growing list as well.. My card was hacked just this Tuesday the 24th-25th. And I have the same list of shopping places as well,Rendo, Daz, RDNA, and Amazon.

I've caught two charges so far that seem to have made it through. One was a calling card service and another for airfare. So I have a claim to dispute them. But again, I now have to wait the 10 full business days for my new card to arrive.. This is the second time i have had this happen not even in a 6 month span. It's very disheartening. I keep checking my computer for any spyware, but I am getting nothing.

Sorry, you're right Vaskania!
I have read more into your reply as you really stated. Sorry!

But to be honest an open Wifi is a VERY unlikely option for all the shit that is happening to Rendo's customers in this thread.

It would be nice to get some kind offical statement from Rendo's side about the current progress of their investigations and what they are doing to prevent something like this in the future.

I just received the customer notice regarding this issue.

Thanks a lot, very much appreciated.

After the notification I've been in contact with my bank and my card has been hacked too. I have to wait 7-14 days for a new card.You are right it is very disheartening, maybe I'll give online shopping a miss in future.

Yes, I got the notice too... at least NOW I have more information to show my bank that it was indeed HACKED...it will help with my on-going "dispute" !  I have the $521 charge to EtheopianAir in UGANDA that slipped through before Visa called me on a declined $1000 charge. :(  I am STILL in the resolution of this charge... how CAN they believe I would charge such a thing?!  grrrrr!!  

I WILL USE PAY PAL AS A GATEWAY WITH A NEW CARD!!! THEY CAN NOT WIN!!!  I WILL SHOP!   

Well you have a right to complain when something goes wrong but it should be balanced by praise when a company does something right.  Thank you Renderosity for being upfront and admitting that the Renderosity site had their security breached.  Not only that, they have given dates and tried to explain how it happened.  They could have kept their heads down and said nothing.  OK, the hacking was still annoying but it puts my mind at ease knowing that the this site was the source of the problem and that it has been dealt with.

That's terrible Lyne, I'm waiting to find out if mine gets refunded. At £70 it's not as much as yours but money is money.

Yes, I got the notice too... at least NOW I have more information to show my bank that it was indeed HACKED...it will help with my on-going "dispute" !  I have the $521 charge to EtheopianAir in UGANDA that slipped through before Visa called me on a declined $1000 charge. :(  I am STILL in the resolution of this charge... how CAN they believe I would charge such a thing?!  grrrrr!!  

I WILL USE PAY PAL AS A GATEWAY WITH A NEW CARD!!! THEY CAN NOT WIN!!!  I WILL SHOP!   

I don't use Pay Pal due to the fact I have had that account hacked in the past and they were a lot harder to deal with than the banks.  On the other hand that was a few years ago now and they may be better on both fronts, I just don't want to take the gamble.

Thank you for the NOTICE that Renderosity sent me today!  It explaines a lot what happened with my card...  BTW -I've got a new card from my bank.

Anyhow I'll avoid to make payments with it online, PayPal will be my first option for purchaising here.

I'll take annoyance over theft any day.  Might be a pain to get a new card, but better that than having to get a new card and losing a hundred bucks like what happened to me previously.  (That money was eventually returned, but the inconvenience was very frustrating.)  Thanks to Renderosity for letting their customers know there is a problem.  I'll have to be more cautious. :)

Thanks for the Notice . I am glad that the breech was found and listed the dates in which it did occur. At least this gives some sort of relief to know where it originated from. I do believe PayPal will be implemented from this point out as a extra safe guard. So far I am 70 bucks in the hole, but the investigation is taking place so hopefully all will be resolved.

As for your situation  Lyne, I do hope they refund you every single amount.At least you now have concrete proof as to where it started from. Sending you best wishes in the recovery and refund as soon as possible.

My credit card was used for two large unauthorized purchases on Mach 14th and 16th. It was the same credit card I used here for purchases on March 3rd, 9th and 14th. The March 16th purchase was flagged by my credit card company as possibly fraudulent and they contact me. They canceled that credit card and issued me a new one.

The March 16 transaction was rejected by the credit card company, but I may need to dispute the March 14th one if it makes it to the bill. We already told the credit card company it was fraudulent.

It is good to find out where the problem was and that it is now fixed. 

Thanks for the notice, too bad I did not get this a week ago, my credit card was also hacked, now like the others I have an official letter to show the bank.  Such a pain. Again I appreciate the official letter. On my statement 6 charges of 300 and more, approximately 2000.00, I am in dispute for all charges. 

I received the notification but I guess I was one of the lucky ones as nothing was taken from my accounts, no fraudulent charges that could be found in my purchases.  However, to be on the safe side, I called the Bank (BofA) to ask them to cancel the card and issue a new one, with a new number.  The customer service representative was confused as he said that the Bank hadn't been notified of the breach, that he had never run across a site that notified the customers like this first before even the bank was notified of a potentially compromised card. 

So, kudos, Renderosity for going the extra step to give us notification so we could proactively protect ourselves from potential fraud.  I know it makes me more willing to purchase from here, knowing that our security is being taken seriously.

I was hacked at also and I found out on Feb 27th.  I had to get a new card and whole thing

  I think they raided Steam punk so watch it out there folks. 

Skip 

Count me is as hacked twice too.  I did a purchase here on Feb 23rd and again on March 3 with a new replacement card.  Both were hacked.  At that time I had no idea

the origin of the problem.  To be honest, I'm quite hesitant to purchase another product here after all that stress.  I like renderosity a lot but that was a huge headache for me.

hankstr 

Yep my CC was hacked as well.  Over $1300 was attempted to be charged at Walmart.com.  Luckily my CC Company realized what was going on and declined the transaction, and then notified me immediately asking if I was the person placing the transaction.  I told them I was not, and they have cancelled the card and are sending me a new one.  Though I guess I'm glad it was only the one transaction, which didn't go through.  All of this happened last week, and now today I receive the notice.  At least now I know what and how it happened, but I'm still disappointed.  I'm going to spend some time weighing whether or not to continue to do business with Renderosity, which is too bad since the vendors here are top notch.  If I do decide to continue I will only use Paypal going forward.  

Can someone please post a copy of the "Notice" that explains where/how this breach occurred.  This topic has been at the top of the thread board for numerous days now and now some sort of discovery/resolution has been found and there hasn't been any public statement made about it other than a reference to some "notification".

Greetings,

@keppel - If you go to your messages (the 'Sitemail' inbox icon at the top of the screen), there may or may not be a message 'Renderosity Customer Notice' in your inbox.  This was apparently sent to everyone who made a credit card transaction on 'Rosity during the period of February 9th and March 18th of this year, which was the vulnerability window.  If you didn't make a purchase during that time, you're likely in the clear.  They don't explain in any detail how/where the breach occurred; they don't store credit card numbers themselves, but apparently there was a way for the bad guys to pull the credit card information from the checkout process itself.  They've left that detail unclear, and it's reasonable as I don't think we need the technical details.  (As much as I, as a software security developer, would love to know the gory details, I very much understand that choice.)

But the important thing is that if you DON'T have that email, then you are likely not exposed.

Personally, I'm nervous, as I used my replacement card once on the VERY last day of that time frame. :(

--  Morgan

Only members who made purchases during Feb 9  to March 18th were notified, but there should be posted on the homepage in case emails were not delivered, or sent to spam.

I had only a single fraud charge of $600 to Best Buy Online and my card company blocked it and notified me within minutes. Four days later I got my Card and used it here only to find out the new card number may be in the wind as well..  for now I'll do a wait and see as no further attempts to use my card has been been made and I check my online account every other day.  I have been assured that any fraudulent purchases will not be charged to my account   

I've had three cards hacked lately after using them here! First two were caught by the card issuer (AMEX), the last one by myself since I had put up safeguards (email alert for any purchase over $100). The three events were so close to each other I knew the problem could only be here, for I hadn't had the time to use the newly issued card anywhere else... Now I use Paypal. With the largest password possible (only 20 characters allowed, the darn idiots).

The "message" is a newsletter sent by Rendo today (at least for me), and it reads:

This correspondence is to notify you that Renderosity has concluded an investigation into unauthorized access to payment card data on our website. Unfortunately, our investigation found that between February 9th and March 18th of this year, there was an intermittent attack that resulted in the exposure of some payment card information to an unauthorized third party.

By policy, Renderosity does not store credit card information. However, the nature of this attack resulted in the capture of sensitive information during the check-out process itself. Only customers that used a payment card directly on the site during this time-frame were at risk. PayPal orders were not at risk.

Renderosity has since increased security for all of our production servers, implemented a new IDS (Intrusion Detection System) to insure real-time alerting and active response to such attacks going forward. In addition, we have engaged a third-party to perform a complete security analysis of our hosts and applications in addition to regular PCI (Payment Card Industry) scanning as required by our payment processor to be certain we have rectified all potential security issues.

Since you placed an order using your credit card during this time frame, we urge you to immediately contact the issuer of your credit card to have it replaced for your protection.

We want to emphasize that Renderosity takes the security of our customers very seriously. We sincerely apologize for this inconvenience and appreciate your continued support. If you have any additional concerns or questions, please feel free to contact store@renderosity.com and we will address them quickly and professionally.

Sincerely,

Tommy Lemon

Vice-President, Renderosity

I'm happy they eventually caught that problem. I sure hope they will be a little more vigilant in the future. Hacking paying systems is common nowadays, and there are only two kind of targets; The easy ones, and the very easy ones...

@rty

Thanks for posting the message.  This hacking didn't affect me as I don't use my credit card here hence why I didn't receive the message,  however due to the number of people this did affect and the indication that many responders would not be purchasing here with their credit card here again I would have thought Rendo would have come out on the front foot and made a public statement rather than just a message to those stung by the hackers.  With the Community Center Forum being a public forum and with this thread receiving 1299+ views I think an "Announcement" is warranted.

Happened to my hubby too last week (seems someone bought bus tickets to an airport in Sweden via an on-line site!), although he did get a call from his bank before the Rendo e-mail.  Again, this happened just after a purchase he made on here, so there is something somewhere going on between events there.

Personally I never use my actual card online, but what my bank provides that they call e-card -- you specify allowed amount and a valid-until date -- but foremost PayPal.  Never had an issue with them, so can't say much about support or lack thereof, but I've had them for over 10 years now.

Gee Whiz I was reading Kristi mention of how secure and impossible it is to steal data ..

Hi Lyne,

We do not store credit card numbers in our database and after the number is entered, it gets heavily encrypted so it cannot be accessed.

We are very sorry this has happened to you and can assure you it did not happen on our site.

Warmest Regards,

Kristi

Renderosity Admin

Which is real funny cause I got an Email from them today that reads…….

This correspondence is to notify you that Renderosity has concluded an investigation into unauthorized access to payment card data on our website. Unfortunately, our investigation found that between February 9th and March 18th of this year, there was an intermittent attack that resulted in the exposure of some payment card information to an unauthorized third party.

* By policy, Renderosity does not store credit card information. However, the nature of this attack resulted in the capture of sensitive information during the check-out process itself. Only customers that used a payment card directly on the site during this time-frame were at risk. PayPal orders were not at risk.*

* Renderosity has since increased security for all of our production servers, implemented a new IDS (Intrusion Detection System) to insure real-time alerting and active response to such attacks going forward. In addition, we have engaged a third-party to perform a complete security analysis of our hosts and applications in addition to regular PCI (Payment Card Industry) scanning as required by our payment processor to be certain we have rectified all potential security issues.*

* Since you placed an order using your credit card during this time frame, we urge you to immediately contact the issuer of your credit card to have it replaced for your protection.*

We want to emphasize that Renderosity takes the security of our customers very seriously. We sincerely apologize for this inconvenience and appreciate your continued support. If you have any additional concerns or questions, please feel free to contact store@renderosity.com and we will address them quickly and professionally.

Sincerely,

* Tommy Lemon*

* Vice-President, Renderosity*

So it seems Mr. Lemon Disagrees

Yes...I am relieved that it has finally been looked into properly as I was saddened by how this was handled so far. A whole month though between the first complaints and the constant warnings from the customers that it had to be here is a true shame, especially as I felt we weren't taken seriously. I hope we can speak about lessons learned on both sides now and move on.

Also happened to me, with two credit cards.  The second card was only used on Amazon, Daz, and here, so it has to be one of those three sites.  Sorry, Rendo, but because I refuse to use the vile company known as Paypal, this breach means that I will never be shopping here again-- you've left me with no choice, which is heart-breaking, because there is so much good stuff here.

I had my bank call me two weeks ago about attempted fraud on my card. Thankfully I only had the inconvenience of dealing with being without my card for a week and a half. On the other hand, I'm now getting calls on my phone from "card service" scammers. Two this week already. Now that they know there's a card associated with that phone number, they're trying to get a hold of the number again so that they can try to clean me out again.

Also, I noted that there was a mention of having a security audit done. Can we please have an announcement of when that's been finished, and the result and actions taken based on it?

BTW, I don't trust Paypal (they need to be regulated as a bank, because they effectively are)... and until I know the status of the security audit, I don't plan on using anything other than a prepaid gift-card here. (I'm actually considering just doing that online period.)

Forgot to mention that my card was skimmed on the 23rd.  So anyone who used their CC here up to that date should check with their CC company for possible fraudulent charges.

Everyone is going to have their FEELINGS about the trustworthiness of PAYPAL, banks, companies, and so on... the thing is my cards have been hacked by those hackers who get at orders DURING THE CHECK OUT PROCESS, AT ANY SITE, NOT JUST HERE.... and it HAS to be noted that while I have been "afraid" of PAYPAL for YEARS, they ARE the ONLY ones who (so far) have not been hacked...it DOES add a layer of "invisibility" to simply hook up a credit card to pay pal, and use them as a "gate way" TO your card, in checking out....it's like putting an "invisibility cloak" on your card! (NOT keeping any money IN paypal) so the process of checking out becomes hidden... I'm going that route...what other choice do I have? I WANT TO SHOP....so I have to FIGHT BACK and TRY.  It still COSTS to use a gift cert...?!

 Good luck everyone... !! It's an evil world with hackers in it...but we need to fight back. 

HI all. Just received and talked with someone at my credit card company. An individual/s tried to buy airline tickets with my card and they were denied. Also other things were denied that  I had bought just recently, (couple of books), so the operator and I went back two weeks,  this is still ongoing. I don't blame anyone except the person, (note I really restrained myself here), that did this. I hope they catch them. Thank you Rendo, for your recent email sent out also. 

You didn't have to restrain yourself that much.  This isn't the DAZ forums-- things aren't so strict that you can't call the ass bastards who did this a few choice names.  Just have to keep all but the mildest profanities out of it :)

I have multiple problems with paypal-- someone mentioned that if someone manages to steal your CC AND get a hold of your paypal account, that it's incredibly difficult to clear things up with them, apparently.  They also have a terrible habit of shutting down your account if they think its activity looks suspicious, which doesn't take much.  When my mom and I have used it, they've tacked on hidden fees. 

I also agree with someone else in this or a similar thread that they need to be regulated as a bank-- as do all other online transaction companies based on the Paypal model.

I also take exception to the way that they put the burden on the seller/vendor side of the transaction, among other things that they do to the vendor.

They also have a nasty history with the treatment of NPOs and freezing their funds on a whim.  This is due largely to their "automated fraud monitoring system"-- this same system also hurts vendors.

Personally the only company I would use for e-transactions is Amazon-- my mom has used it a lot without problems, unlike with Paypal.  I would not expect Rendo to ever offer that as an option however as the company is completely inflexible on the vendor-end.

Well you can add me to the growing list as well.. My card was hacked just this Tuesday the 24th-25th. And I have the same list of shopping places as well,Rendo, Daz, RDNA, and Amazon.

I've caught two charges so far that seem to have made it through. One was a calling card service and another for airfare. So I have a claim to dispute them. But again, I now have to wait the 10 full business days for my new card to arrive.. This is the second time i have had this happen not even in a 6 month span. It's very disheartening. I keep checking my computer for any spyware, but I am getting nothing.

Is it safe to purchase again on Renderosity with a CC?  Has the problem been totally resolved? 

Is it safe to purchase again on Renderosity with a CC?  Has the problem been totally resolved? 

Who really knows, but I can say that I have used my third card here at Rendo after the date mentioned in the message and it is all fine so far.  In the past I was hit within 24-48 hours after using it here.  That said I am still sticking with the idea of making a big dent in my wish list with my render rewards this month and than giving Rendo a break for three months.  As I said in another thread, Rendo will not miss my spend but the $200 - $300 I will save will go some way in making up for all the time I wasted dealing with fraud departments in the last few weeks.

I for myself will never use my standard credit card again here at Rendo. I had too much trouble and I still have to fight for 800 Euros with my credit card company due to the lack of security in the last weeks here. Maybe Paypal, maybe a prepaid card with a low amount of money, but normal credit card, never. 

My card was hacked and the new card they gave me was hacked immediately. What a mess!!!! I only download from Rendo and haven't even been online much. Now I have a nasty virus on my two main art PCs. It shutdown my virus scanner and wiped Windows system restore points off the PC. Now I have to reformat my two PCs. Luckily, all my runtimes are on an external drive that did not get infected. It's been one nasty thing after the other. I am really upset.

Unfortunately, my PayPal account is now locked, too.

Hello,

its very bad, but change all passwords between 7 days. and keep safe passwords.

thanks,

http://www.thecheesyanimation.com/Interior-Design-&-Rendering.html

I just want to say thank you to the Renderosity Staff for not only providing one of the most unpleasant but now insecure shopping experiences on the internet. Thank for the inconvenience of having my only card hacked leaving me unable to buy anything, pay any of my bills, and now having to wait a week for a replacement. Thank you for making me feel like I can no longer trust your site.Thank you for the late fees I now have to face. Thank you for always knowing just how to make me feel unwelcome on your site. Thank you for always knowing how not to make me feel like a valued customer of several years. Thank you for never taking responsibility for when you have done something wrong. Thank you for never fixing any of the problems your site has had over the years.

Let me add to the list.  I was hacked too!  

I now have been getting weird text messages on my phone and phone calls in the middle of the night from these people who stole our credit info.  Now I have to change my phone number.  Has anyone else experienced this?

Anyways, I don't think I will trust this site to make a purchase again, especially if others here have stated that they have had this happen to them more than once.  No biggie to them because I'm not a big spender here anyways.