Hi Everyone,

I am very sorry this has happened to all of you, I truly am.

All of our programmers, the VP, and the owner of the company has scrubbed all files, checked all servers, etc and continue to do it daily to be sure there was not any infiltration on our site.

You could have used your card in September and it could’ve taken some time for them to get to your card if they had others.

My husband’s card was hacked 2 weeks before Christmas and the only place he used it was the gas station. The month before that he ordered something online. We aren’t sure if it was from the gas station or an online purchase since they came up with those skimmers or whatever it’s called. Unfortunately, now days, you just can’t be sure it happened right after you used it somewhere. People are coming up with ways to steal card information everywhere and it is terrible.

The ones who came in following people has nothing to do with cc hacks as it was a bot that ran through following 1,000s of members within seconds. They were all found and banned fairly quickly. There was no CC information they could have gotten because it is not stored on our database.

It still looks like their profiles are there however they ARE banned. The programmer is aware of this issue and will fix it as soon as he can.

If you go to your profile and click on “followers” it will pull the list of people following you, click on the “unfollow” button and this will take them off the list. If you do not see where it reads "unfollow" and it reads "follow" or is completely gone from your list, the programmer got to this quickly and they are no longer on your list at all.

I see, vou deleted my post regarding the non-functional ssl-implementation. It's still un-functional: open Firefox with no-script, allow only renderosity.com and ajax.googleapis.com, whose java-scripts are essential for this site to function, goto https://www.renderosity.com/mod/forumpro/?thread_id=2908517&page_number=2 (this thread) in the address-line and then click on the ssl-indicator left of the address: connection is not safe. I don't do this to blame you or someone else, but for more security on sites where I spent money.

Kentauros posted at 1:56AM Fri, 30 December 2016 - #4293917

I see, vou deleted my post regarding the non-functional ssl-implementation.

I'm sorry: this part of my posting is simply wrong; the posting ist still there. There are so many threads regarding the bot-following-problem that I lost the right thread. The bots are simply using the who's-online-functionality of this side (not that I like it, but that's not a security problem per se).

The rest of my posting regarding the Firefox-ssl-warning remain.

This has happened to me a few weeks ago and now I am to affraid to buy from here. I was lucky my bank picked up on it, but someone had a great time with £ 180 of my money. The money was put back by my bank but my trust has gone out of the window and I am to affraid to buy any products from here so I would have loved to buy one item I had my eye on.

My tip is to always keep on checking your bank accounts after spending money , my card was only used here for the purpose of buyiing 3D products.

I never have my CC stored anywhere because I am super careful.

As I said, I am now to affraid to buy anything from here and that is very sad indeed as I spend quite a lot of money here over the years. :(

@Raindroptheelf - are you saying you have not used your card at any time at any other online Marketplace or anywhere locally such as for food, gas, etc?

I am assuming the bank sent you a new card, is this an accurate statement?

I use CCs for over 25 years and "thankfully" I got only hacked three times in the last years. Do you know what all the hacks had in common? Shortly after I used my card at Renderosity I got hacked... Coincidence?

The first one I had used at some major sides, so Rendo gets the benefit of the doubt (even if I don't think Amazon or Adobe have failed). The second one from last year was finally confirmed by Rendo after weeks of denial. The third one from this year points directly to Rendo because the CC was used for nearly one year exclusively only at Rendo.

So what does it mean for me?

I do believe Rendo does a lot for security but in my opinion this site has some serious security issues and I am not willing to take another hit by hackers. It is not worth the time and effort you have to spent to sort all of this out again after the next hack.

There are some nice vendors here and I spent quite a few thousand dollars on their products over the years but I simply can't buy here any longer. Sad for me, sad for the vendors, sad for Rendo but I can spent my money someplace else.

Unfortunately, there is not a way for us to be able to prove it was not us whose system was infiltrated this time as I really wish there was.

The only think I can say is everything I have been. I have received a few people's information and called their financial institutions and it was confirmed they HAVE used their card other places besides Renderosity.

We will continue to keep our system and our members as secure as we possibly can.

Warmest Regards,

Fredy, you've been an amazing customer over the years... and just know you can note me for anything you want from my store. :) (hugs)

Also, I always use paypal to shop here and have never had a problem.

Well looks like the card I use here has been abused too, dec 5. 2016, where there is a transaction from Sweden I don't recognize. Apparently my bank or VISA discovered it the day after, as the amount has been refunded. They did not inform me though which I've just sent a complaint about.

The card has been used almost exclusively at Renderosity and only a couple of times at other places (not DAZ AFAIR) since I got it some months ago but currently I can't see all the transactions, apparently because of a technical problem, so I'll have to look into that later.

Security is top level here, with Avast Internet Security, Malwarebytes, Zemana anti-keylogger and encrypted password manager.

KristiS posted at 1:04AM Tue, 03 January 2017 - #4293980

@Raindroptheelf - are you saying you have not used your card at any time at any other online Marketplace or anywhere locally such as for food, gas, etc?

I am assuming the bank sent you a new card, is this an accurate statement?

This card I ever only used here for renderosity purchases. Yes, my bank blocked that card and send me a new one. Petra

Sabby posted at 10:32AM Tue, 03 January 2017 - #4294083

Fredy, you've been an amazing customer over the years... and just know you can note me for anything you want from my store. :) (hugs)

Also, I always use paypal to shop here and have never had a problem.

I think PayPal is safe yes because of the way it works, I've used it for many years in lots of different places and never had any problems.

To the admin, please check on this. Google Chrome is telling me this about Rendo:

Obsolete Connection Settings The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).

Obviously something is not right with the site https settings.

Definition of Key exchange: RSA public key exchange is an asymmetric encryption algorithm. RSA can be used with digital signatures, key exchanges and for encryption. The RSA algorithm addresses the issue which the Diffie-Hellman algorithm is known for, by providing authentication as well as encryption.

LaurieA,

Can you please provide a screenshot of that message and the url of the page you are receiving that on? We are aware that one of our advertising providers is sending through some ads via http rather than https, which causes some confusion about site security at times. We are working with them to get this resolved at this time.

We are getting a different message from Google Chrome regarding TLS and the RSA key that states as follows:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Thank you,

Tommy

tutone1234 posted at 7:42PM Wed, 04 January 2017 - #4294330

LaurieA,

Can you please provide a screenshot of that message and the url of the page you are receiving that on? We are aware that one of our advertising providers is sending through some ads via http rather than https, which causes some confusion about site security at times. We are working with them to get this resolved at this time.

We are getting a different message from Google Chrome regarding TLS and the RSA key that states as follows:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Thank you,

Tommy

You must have changed something because now it's showing as secure, so ya did something right ;)

It's in every chrome browser to the left of the web address...there's either the word secure with a closed padlock icon or there's an exclamation point inside a circle. When you click on the icons, it gives you info on what's not secure on the site and what not to share or risk it being seen by others, etc. Right now, it's looking good, but yesterday it was the exclamation point inside the circle on this page.

Laurie

Yes - we have seen the exclamation point display, but that was only in the case where some ad images were being delivered via http instead of https. We have never seen any warnings regarding the RSA key as you mentioned. Ad images and other images being delivered via http would not have caused any issue with the RSA key either.

Tommy

tutone1234 posted at 9:28PM Thu, 05 January 2017 - #4294407

Yes - we have seen the exclamation point display, but that was only in the case where some ad images were being delivered via http instead of https. We have never seen any warnings regarding the RSA key as you mentioned. Ad images and other images being delivered via http would not have caused any issue with the RSA key either.

Tommy

Just telling you what it said. I didn't make the stuff up...lol. In fact, I didn't even know what an RSA key was until I looked it up.

Laurie