I use a prepaid debit card with a balance of <$25 for purchases on Renderosity. I do not use the card elsewhere. A couple days after my last purchase on Renderosity, 4 charges were made against the card on Spotify and Facebook. I do not have accounts on either service. Users should check their credit cards. 'tis the season for fraudsters.

I don't use credit cards here, but both our family Visa and Amex cards got hit with overseas fraud. Yes, season for trouble indeed.

Hi Badia01,

We have had a few people raise concern and we immediately checked everything and continue to keep an eye on it and nothing has been compromised.

Every one of them have purchased at Daz as well and we are certain the trouble is not on our side.

We did have trouble in the past and we upped everything to the highest security. We do not store credit card information on our servers and we have found a lot of the ones with the trouble have their card stored on Daz's site for the monthly club and or purchases they made elsewhere.

Our system is constantly overwriting files so there is even less of a chance for someone to come in and compromise anything.

I also found that you have used the same card on our site since 2013 with an updated expiration date, I did not realize companies will send a new card with the same number but different expiration date to you. I thought it was only banks and credit card companies that did that.

I am sorry this happened to you and others. It is very sad that people have to steal from others.

Warmest Regards,

Hey everyone,

I just want to take a moment to discuss the issue of credit card fraud. We have had about 10 members report to us that they have had their credit card compromised in the past week. Most of those individuals have confirmed shopping at Renderosity and DAZ over the past few weeks. We have found in at least 4 cases so far that the individuals used PayPal for their purchases on Renderosity but used their stored credit card info to purchase at DAZ. When completing your purchase through PayPal, no credit card or bank information is shared with us . Only in the case that you actually pay by submitting your credit card information on Renderosity could any of your credit card data be compromised. We recommend using PayPal to help secure your credit card details for online purchasing when that option is available rather than entering all of your credit card at checkout to make your purchases. We provide that option for all purchases at Renderosity.

In addition, we have spent several hours over the past two days scanning and reviewing all of our systems, processes, and codebase to be absolutely certain everything is 100% secure. At this time, we have no reason to believe anyone's credit card data has been compromised through our checkout process. As a reminder, Renderosity DOES NOT store your credit card data whatsoever in our system or elsewhere. It is only passed through to our gateway provider at the time of checkout and never stored beyond that. We are fully compliant with the latest SSL and TLS requirements as well.

We ask that if you find your credit card has been compromised to do the following:

1.) Immediately contact your financial institution and make them aware.
2.) Review all of the stores that you have used your card recently and contact them. Especially marketplaces that store your credit card information.
3.) If you have used your credit card (not PayPal) to checkout at Renderosity, please contact store@renderosity.com with all of the details, including the date/time you last used your card here, as well as other places you have recently used your card so we can properly investigate the matter as thoroughly as possible.

We appreciate your business and would like to wish you all a happy holiday season.

Regards,

Tommy Lemon
Vice President, Renderosity

Thanks for the information but you I am very sure have been hacked! Again!

After last years hack I use a dedicated pre-paid CC only for Renderosity and no place else.

I used it last time here at the 24th of November. My CC company informed me yesterday about more than 60 purchases on the 3rd of December throughout the world and the card was immediately blocked.

I have up-to-date and active virus scanner, regular scans, I use clean browsers with no "suspicious" add-ons/plug-ins, if in doubt I also use a secure sandbox, security updates are all done,

I am 100% convinced that the problem is with Renderosity.

Hi Fredy,

Please be sure to send the compromised credit card details along with the contact number on the back of the card to store@renderosity.com so we can call the issuer and investigate further.

Thank you,

Tommy

My cc has been hacked as well, I reported the details to Jenn two days ago.

i did NOT purchase with the CC at DAZ. And I did NOT use it in other 3D stores. Only other place I used it was at Amazon (once) and a recurring subscruption at a news site.

The CC number is different from previous cards I used previously at Renderosity, so that is not a problem either.

My last purchase at Renderosity was nov 20.

The fraudulent purchases (many) happened at dec 4. The CC company warned me and reversed the charges after I informed them they were frauds.

wimvdb,

Please forward your credit card details (assuming they are reissuing you a new card since it has been compromised) along with the 800 number on the back of the card to store@renderosity.com so we can contact the card issuer and investigate further.

Thanks so much!

Tommy

@Kristi I have replied to your sitemail

My financial Institution had blocked my creditcard, because someone must have copied my creditcardinfo and had tried to use it to buy stuff, my financial institution has seen it at time and blocked my card and stopped the transmission at time, no harm done, they attempt to use my card on November 25, around that time I bought stuff here at Rendo and at Daz and EvilInnocence. They attemp to fraude came from the USA from a giftcenter don't remember which part of USA , I was to much in panic.

toyyaris

Not this again... I was looking forward to purchasing some things here, too. >:(

I am scared now too to buy some stuff, don't know where I have been hacked , I had bought products at 3 different places, here at Renderosity and at Daz and at EvILInnocence, so I have no idea where it happened.I very glad that the fraude could be stopped at time.

I have been hacked also.

I guess I lucked out, because the only 2 days I used my CC instead of PayPal, were on the 21st and 22nd of November, and I just received my CC statement yesterday, and all is good. It's possible they only hit on one day, and not several days during the month.

My CC# got swiped too. Last I bought here was on the 25th of Nov. Got it all worked out, but it was a very tense thing. It's hard to know where it was that the theft occurred, but I do know where it wasn't. Rendo is one of the places I suspect. I've contacted everyone else as well and they're looking into it too.

Laurie

Rendo doesn't store CC info, correct, but last time it was a 'man-in-the-middle' attack that collected the info as you were paying. Are you absolutely sure that could not be happening again?

Yes, Point of Purchase was the problem last time, and it could very well be the cause this time as well.

What's "man-in-the-middle"?

I believe DreaminGirl means, it wasn't on your end, or Renderosity's end (they don't save CC info), but a Point of Purchase is when, somehow, someone steps in between and grabs the information as soon as you click the button to finalize your purchase.

The "man" of course is virtual, and I don't know how they accomplish this type of hacking, but it's been going on for a while now.

I find the way you are trying to push the blame off to Daz very unprofessional, there was no need for staff to include that information in a public thread. Kristi's insinuations that the problem is at Daz not here is really out of order it was totally uncalled for and shows a lack of professional respect.

This is disappointing. I use paypal but am hesitant to buy anything during these times here. Looks like I'll miss out on sales just for safety's sake.

tparo posted at 9:43PM Mon, 12 December 2016 - #4292503

I find the way you are trying to push the blame off to Daz very unprofessional, there was no need for staff to include that information in a public thread. Kristi's insinuations that the problem is at Daz not here is really out of order it was totally uncalled for and shows a lack of professional respect.

Agreed 100%. BTW, they did the SAME thing last time this happened, in spite of plenty of people telling them that they only used their CC on Renderosity.

Edit: Okay, looking over the posts, I do not see any which said this, weird, I could have sworn that I saw 3 who said that they only used their CC here...

My card was hacked on December 4th. The last time I made a purchase here was September 30th, but it is saved at DAZ and four other stores.

KristiS posted at 7:12AM Tue, 13 December 2016 - #4291989

We did have trouble in the past and we upped everything to the highest security. We do not store credit card information on our servers and we have found a lot of the ones with the trouble have their card stored on Daz's site for the monthly club and or purchases they made elsewhere.

Not storing card information didn't prevent the last breach, so what makes you think that hackers haven't developed tools to overcome your "highest security" (nothing on the internet is 100% secure), and done something similar to last time?

Trying to pass the blame is rather unprofessional, and does nothing to comfort affected individuals. A better response would simply state you don't believe the site was hacked, but will be looking into the matter to find out.

just to add to this: I was hacked as well. This was a brand new card from a new bank account because I had recently switched banks. I used the card here at Renderosity, Hivewire and Propellerheads. My account number was used on 12-3-16 for some small $1 purchases then they used it In France at the Paris Hilton to the tune of $218. Just curious if using PayPal would be safer? Could they not hack into may paypal account and rip me off there?

It's been a long while, but I've had my info stolen from Pay Pal too. Nothing is 100% safe. What I did after this last theft was to get a prepaid debit card that I can load with an amount I'm comfortable with losing should anything happen. I'd rather lose maybe one or two hundred than thousands if it comes to it. They can only take what is left on the card and have no access to your bank account. It's a pain in the ass, but it was the best thing I could come up with.

Laurie

That's why I took out a second checking account specifically for use with PayPal. I never have more than $300 in the account, and I only move $100 at a time to PayPal, so even if they got access to that checking account, they can't get to my main checking account.

so... good i thought of looking here finally... looks like i might have been hacked as well. or anyways, i just happen to have trouble with my debit card right now.

i got this weird sms last night at 3am, with the kinda code you need for contact with your debit card account - however, i didn't touch that card in the last days, maybe 1 week, more, dunno, have to control where/when exactly. then i got another sms from my card company saying something about security and card blocked - then i got an email from them, again security, need to fill a form and send an ID copy to get a new card (which ofc i didn't do!). since my card is empty, nothing got stolen and if someone tried to pay online, they'd hit a wall i guess. i hope!

not knowing if this was phishing or what, like they suddenly changed their rules and got greedy for info - and their hotline costs a fortune plus they suck - i contacted not them directly, but the company who retails those cards instead, where competent people work for a normal phone call price. after 2hrs, they sent me a mail telling me "it was phishing", i should delete sms and mail.

funny is, those who sent me 2 sms and 1 (probably) fake but perfect looking mail had: my full name, my phone nr, my mail addy, and they knew which card i have. i wonder where they got the info from anyway, i.e. who's been hacked - rendo (you do have exactly those infos) or daz (they have those infos too) or rdna (still old phone nr) or content paradise (seems no phone stored) OR the card company itself (they also have full infos)... since i paid stuff in those places in the last month or so...

so now reading this here, i'm not even sure any more the whole thing was really fake, or maybe there really was a security breach... and it seems my card company tried to call me in the late afternoon, i was busy and also didn't pick since i didn't know the number, but i checked it later online, it's them. wonder what they wanted to say.

anyways, when i know more, and if rendo could be involved, i'll write another post.

UPDATE: i have been hacked too, it's definitive. the whole drama described above was actually my ccard company really trying to contact me. they blocked my card - in other words, it's gone, fucked, deleted, finished - because their systems noticed an uncanny transaction (the one at 3am). and since their servers haven't been at fault... IT'S ONE OF YOU GUYS, ONE OF THE 4 BIG 3D SHOPS: RENDO, DAZ, RDNA OR CP, WHO FUCKED UP WITH SECURITY. because i only use this card for 3d schtuff, and i did purchase in all 4 between september and now. according to my banker, my private info was probably not involved, e.g. name, mail etc, since the warning sms/mail came from the bank. luckily (tho' not guaranteed). but ofc, the thieves had my ccard number. luck in unluck, card was empty, so they couldn't steal/buy nada, and trying to was maybe what ticked the bank server security.

anyways, i lost a card that costed me 40$ and was still valid a while :((( if i want to order anything anywhere soon, i'll have to purchase another ccard first. maybe those thieves actually saved me money, hahaha, because right now, I DON'T FEEL AT ALL LIKE SPENDING ANY MONEY ON BUYING A NEW CARD OR SHOPPING AT ANY 3D SITE, SINCE I DUNNO WHOM I CAN TRUST. and even if i wanted to shop, the price of a new card would obliterate my budget for 1-2 months. fuck, way to go just end of the year when there are nice bargains.... :(((

Since the last problem a while back, I put both my CC's on PayPal...and feel VERY SAFE that way! I would NEVER use a cc or worse, a DEBIT card itself... Now.... although I spend too much I am safe.... ;)

Add me to the list of people who have been hacked around the 3rd of December. The only place I had purchased from recently was here.

However my bank did say it is possible for them to autogenerate numbers now but given the number of people who are saying they bought here just before it happening I don't think that is likely.

I too have a credit card with a small amount just for my online purchases...luckily they have credited the disputed transactions but it has meant I've been unable to purchase things recently.

UPDATE: daz support confirmed there has been no breach on their end.

still waiting for an answer from rdna, tho with the hassle they understandably must have with the site closing, dunno when/if i'll get one. contacting CP support is a biatch, not done yet.

There are already people here who stated that they only used their CC on Rendo. And yeah, good luck getting a response from Content Paradise...

wrote twice to the mail addy following twotone's advice

tutone1234 posted at 3:41PM Wed, 21 December 2016 - #4291991

Hey everyone, ...... 3.) If you have used your credit card (not PayPal) to checkout at Renderosity, please contact store@renderosity.com with all of the details, including the date/time you last used your card here, as well as other places you have recently used your card so we can properly investigate the matter as thoroughly as possible.

but both mails bounced back and i got a maildaemon msg - so finally i forwarded ev'thing to admin@renderosity.com. this didn't bounce back. still waiting for an answer though, sent the mail to admin 47 hrs ago... luck in unluck, since i can't purchase anything at all atm - daz has been over-generous and has been offering store-items freebies bunchwise, every day 1 more! counting today, i could pick freely from 4000+ products normally priced up to at least 15$: 1+2+3+4+5 = 15 free store quality items!! (let's say average 7-10$, makes 105-150$ worth!)

while i'm still waiting for someone here to acknowledge my issue, and maybe possibly admit a fuck up, and maybe possibly offer some kind of compensation if it's the case.

I was "hacked" also - right around the time as everyone else. I was also "hacked" a couple of times during the previous Renderosity trouble.

I have spent thousands of dollars at this store, but I am afraid I might never buy here again.

There is a SERIOUS hole in your security and you seem to unable to fix it.

I actually came to the forum to check if there was anything on a HollySmith8 who is following me (blush my first follower; I'm a relative newbie). There is no profile info on her & has no wishlist itmes; "she" joined 20 Dec 2016 and is now following 8089 people. Some kind of tiny url on her page takes one to porn asking if you'd like to share nude photos with "her" (you've been warned).

I was hacked December 5 & temporarily lost money. My last rendo purchase was Nov 26. My card is now gone (replaced). Three interactions were "Donations" (not very helpful) and two were to a crowd funding site. The bank had already caught two and reversed them before I even noticed, which leads me to wonder if my hack and (if there is something going on at Rendo) what is going on at Rendo may have been a coincidence.

sdobson. Similar experience here. I made a small purchase on Dec 3 from Rederosity. Unauthorized charges started the same day. Then a new follower -- CandicePeterson2 -- started following me out of the blue. Her Renderosity join date was Dec 20, 2016 and she reputedly has 7,700 followers. Tiny URL (that I did not click on) on her (assuming it is a her, probably cybercriminals) profile page. Any idea how to remove a follower?

hello Badia01 -- I just searched the forum and as far as I can tell we can only delete notifications manually (there are others who have noticed the follower problem). If anyone knows of a way to remove followers that I have missed, it would be great to learn about it

Badia01 posted at 12:43PM Thu, 22 December 2016 - #4293261

sdobson. Similar experience here. I made a small purchase on Dec 3 from Rederosity. Unauthorized charges started the same day. Then a new follower -- CandicePeterson2 -- started following me out of the blue. Her Renderosity join date was Dec 20, 2016 and she reputedly has 7,700 followers. Tiny URL (that I did not click on) on her (assuming it is a her, probably cybercriminals) profile page. Any idea how to remove a follower?

Thanks, sdobson. I started a new thread to ping the community for similar experiences. This kinda looks like a "Man in the Middle" attack. This Wikipedia article has a description of such malware. https://en.wikipedia.org/wiki/Man-in-the-middle_attack

I had a notification of a follower. I never posted here. I never posted in the galleries. I never did anything but buying products (926, not as much as elsewhere, but quite a bit). Gladfully with Paypal since the last cc-hack.

Your database is hacked.

And no official at Rendo is answering in this thread for 14 days?

I weep for Rendo, and I weep double for the poor vendors here....

Hello,

I am so sorry this has happened to you.

Can you please tell me if you have your card number stored anywhere (Daz, Amazon, etc)?

For all those who have been compromised, since your cards are cancelled now, we will need your credit card details, who the card is through, and the contact details so I can contact them.Please send the information to kristis@renderosity.com

This is so we can work with the bank to get as many details as we possibly can about the charges and try to help find out where the hacks came from..

We have scrubbed ALL files over the last few days and continue to do so to be absolutely certain it’s not us and have not found anything that looks even a tiny bit suspicious.

As of August 2015, we have upped our security to the highest level of security. Files get overwritten with each update (which can be up to 3 times a day), we added the secure https to every web page, we store all files on the cloud so they are not on our database, and we go through paypal to process ALL payments whether it be credit card or paypal.

Warmest Regards, Kristi

Kristi -- Thanks for looking into this. Being an on-line merchant is hard in these days of cybercriminals. My card that was compromised was not stored anywhere else, but I use a very low balance debit card for on-line purchases to minimize potential losses. From the comments in this thread, it does not look like an isolated event. A "man in the middle" hacking attack -- where purchases and related info are relayed through a hacker hiding in malware and posing as Rendo -- seems the most reasonable explanation since Rendo does not store cards on its site and all the unauthorized purchases seem to have happened around the same dates. If this is a man in middle attack, (and I have no idea whether that's true) and the man in the middle malware remains undiscovered on Rendo's servers, then wouldn't sending card and personal details to you through e-mail also send it to the hacker?

Kristi -- Just an afterthought. If it was me, I'd start by looking at the source of the bots that appeared around Dec 20 and began following customers with a tiny URL link in their profile and 7-8,000 followers (all Rendo customers??)

I just found out money was taken out of my account by someone else, a month after buying P11 from here (a long wait I know).

I'm I in the same boat as everyone else here?

I do not know where to put this but there is someone named "JenniferBrown7" who followed me and 7064 other people on December 20th. with a tinyurl link in her profile. I think this account should be removed.

Here https://www.renderosity.com/mod/forumpro/?thread_id=2908927

Or here

https://www.renderosity.com/mod/forumpro/?thread_id=2908894

Rendo is currently suffering from a bot plague. Many of the Tinyurl links will send you to porn, so beware if your curiosity gets the best of you.

The business CC and my personal debit card were hit within a week of each other. Bank of America keeps placing holds on any purchases from Rendo (even with the new cards). Fortunately, my debit was hit before the direct deposit hit so they didn't get anything. This is a real pain as I have to take time out to go over to the branch with hard copies to compare to their transaction list. It is slowing down projects to a crawl.

Much as I sympathize with Rendo, the security failed. I am careful regarding CC's. Even if Windows stores the card info on the home system, I always make sure that either numbers are left out or transposed so I have to add or correct them when making the actual purchase. I don't use paypal and I have no social media accounts. It didn't come from DAZ because we use a card there that we do not use here and it is fine. It isn't Amazon because I they were the first merchant I went after. Granted, they didn't get much because LifeLock caught the weird charges on the business card and alerted me but don't put your fail in the cloud. It is in no way secure.

I dont shop at DAZ and my Paypal account is not up to date, but I also got hack and also got a weird message on renderosity to visit a porn site the same day I was hack in rendorosity. My account got charge 3 times on the 19th of Dec, and the girl who send me a private message to look at her porn site joined on the 20th by the name "JennaMakki6"

I do not store password in my computer. and have loads of virus protection.

Please get rid of this follower from my account: I am having the same problem with a follower who I recently discovered and my Credit Card has been hacked twice:

**TiffanyStanley10 **

Please can you ensure she is removed and let me know how I can block this person?

Thanks!