l.croft opened this issue on Apr 11, 2017 ยท 83 posts
Raindroptheelf posted Tue, 18 April 2017 at 1:44 PM
nujazz posted at 7:19PM Tue, 18 April 2017 - #4302934
Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478
KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220
Hello,
We are very sorry this is happening to you.
We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.
I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.
Thank you for being a valued member of Renderosity and wish you a wonderful week,
I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.
I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra
In response to the second time it happened to you...
There was a weekend when Renderosity experienced an isolated security incident. We have sent an email to everyone who was at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.
After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.
Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.
I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.
Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.
I only started using paypal a short while back, after the SECOND time my card and account information was skimmed. You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *. So it is really just luck that not even more harm to us the customers has been caused. You are responsible for the security in your store and you have a responsibility to your paying customes AND if those things happend you should inform ALL customers via email asap regardless if they have shopped on that day or not.
So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.
And it is not just getting a new card, for me , for example it is filing a dispute with visa over an subscription for some xbox stuff that the lowlifes did with my CC and telling them they got my authorization. Also got a call reg. the rollex watch that I ordered... It is a LONG BIG ratstail of things that happens even after you get a new card.