I only make internet purchases at Daz 3D and Renderosity and today is the second time somone has stolen money from my card. A few months ago someone made a internet purchase using my cardnumber so after that I blocked the card and got a new one. I have my card locked for internet purchases after that and only open for the brief time it takes to shop at Daz or here, and close it after. Today when my card was closed somone managed to make a purchase of about 200 swedish crowns (about 22 dollars) . I have blocked my card but I when I called the bank they told me that somone had made 50 tries to make purchases on my card with sums up to 500 dollars at a time. I don't know what to do, I can't stop shop here, I'm addicted to making 3D art.

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

KristiS posted at 12:26AM Wed, 12 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

Hello Kristi

I find that Renderosity thinks very easy about the safety from customers creditcard, few weeks ago people already complained about the safety, i got a message from the creditcardcompany that creditcarddata was stolen from Renderosity not from any other website and more people also contacted you about the same issue. I got an email from renderosity (see below)

Dear Renderosity Customer,

Recently, we became aware of a potential compromise to our store check-out process that may have exposed personal information such as customer name, address, and credit card. After a thorough investigation, our team has determined that the exposure began on March 9, 2017 at approximately 4:39pm (cst) and was resolved by staff on March 12, 2017 at approximately 1:28pm (cdt). Renderosity does not store credit card information as a matter of policy so this only affected orders placed during the time-frame detailed above.

Renderosity deeply regrets that this incident occurred. We have implemented additional security measures as a result of this event. Also, we continue to offer an alternative checkout process via the PayPal service that is widely used and highly secure.

For your protection, we recommend that you contact your bank or credit card company and make them aware that your card details may have been compromised.

For further information and assistance, please contact store@renderosity.com.

Regards, Tommy Lemon VP of Renderosity
You ceep telling customers that steps have been taken to make it safe but it happens over and over again. People can get in a lot of trouble bying here.

@l.croft

Developer here. Perhaps I can provide some clarification. When exactly did you make those purchases on Renderosity with that card?

nujazz posted at 1:42AM Wed, 12 April 2017 - #4302252

@l.croft

Developer here. Perhaps I can provide some clarification. When exactly did you make those purchases on Renderosity with that card?

Order #: 112993823 · Purchased on Mar 11, 2017 93.28 USD Order #: 112969055 · Purchased on Jan 15, 2017 23.50 USD My son Always payes for me with his creditcard. After the purchase in Januari he had to get a new creditcard because someone was trying to bye things with the card. In march he got a message from his creditcardcompany that data was stolen from Renderosity (not another website) so his card got blocked again. In the forum i saw that more people have this problem and they only use there card here and daz. Now i see that it has happend again, I'm very dissapointed because i like doing this , however i don't want to get in trouble for a hobby.



I had 2 instances during the last 6 months of 2016 where I had to get a new credit card each time because of hacking on this site.

Since December I have been using my PayPal account to make my purchases here, and since deciding to do that, I have not had any additional problems with my credit card. If you folks have a PayPal account, it would be a good idea to put a certain amount of money in your account, depending on your budget of course, and when it gets used up, add more money. I'm finding it the only way I can continue shopping here without having to deal with hackers.

Miss B posted at 4:50PM Wed, 12 April 2017 - #4302272

I had 2 instances during the last 6 months of 2016 where I had to get a new credit card each time because of hacking on this site.

Since December I have been using my PayPal account to make my purchases here, and since deciding to do that, I have not had any additional problems with my credit card. If you folks have a PayPal account, it would be a good idea to put a certain amount of money in your account, depending on your budget of course, and when it gets used up, add more money. I'm finding it the only way I can continue shopping here without having to deal with hackers.

Maybee its safer with PayPal but hackers can still get all your information. Its not a nice idea. Also i feel that Renderosity has to do more about its safety, i don't have the feeling they are taking this problem serious. Its happening over and over again. My children and other family shop all over the world and they have never changed there card.

Have a nice day

See my comments in the 'Check-out' Thread here at Renderosity: https://www.renderosity.com/mod/forumpro/?thread_id=2911300

I really like Renderosity as one of my favorite sites but I agree with you all; I don't feel comfortable using my credit card here and as you can see in the thread, I'm trying to find ways around it, even if it costs a premium.

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

Raindroptheelf posted at 7:10PM Fri, 14 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

I,m sorry for you this has happend, hope you don't have to pay. Renderosity keeps telling there customers that there are no more problems but thats not true. It keeps happening over and over again, i won't purchase here anymore. Very dissapointed because i had a big wishlist but they don't seem to care about safety for there customers. My family shop all over the world and they never had there cards blocked. Don't understand that renderosity is not working with a good specialist to get this problem solved. This is costing the vendors and renderosity income to.

Raindroptheelf posted at 7:20PM Fri, 14 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

I'm with you on that !!!

Raindroptheelf posted at 3:12PM Fri, 14 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

Hi Petra -

We did indeed send out communications to all customers who made a purchase during the short amount of time there was a possible breach.

I urge you to check the email address you have on file with us to be sure you receive all communications. If your information is correct and you did not get a communication, it was because you were not included in the possible breach so therefor you were not affected and the hack to your card happened elsewhere.

We have done this the last 2 times there was a potential breach.

We emailed all those who potentially were affected and took a lot of extra measures to ensure our customer's security. There is someone here in this thread who's card was hacked and they stated they ONLY used that card at Daz. I know it is easy for those to point the fingers in our direction because it has happened twice now however, my credit card recently got hacked and I never used it here. So did another co-worker's.

I am very sorry this has happened and we are doing everything in our power to try and be as secure as a business can be. We did look into it as soon as it was reported and took action.

We care about all of our customers, members, and vendors very much and will do whatever we can to keep them happy.

Warmest Regards,

KristiS posted at 11:39PM Fri, 14 April 2017 - #4302610

Raindroptheelf posted at 3:12PM Fri, 14 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

Hi Petra -

We did indeed send out communications to all customers who made a purchase during the short amount of time there was a possible breach.

I urge you to check the email address you have on file with us to be sure you receive all communications. If your information is correct and you did not get a communication, it was because you were not included in the possible breach so therefor you were not affected and the hack to your card happened elsewhere.

We have done this the last 2 times there was a potential breach.

We emailed all those who potentially were affected and took a lot of extra measures to ensure our customer's security. There is someone here in this thread who's card was hacked and they stated they ONLY used that card at Daz. I know it is easy for those to point the fingers in our direction because it has happened twice now however, my credit card recently got hacked and I never used it here. So did another co-worker's.

I am very sorry this has happened and we are doing everything in our power to try and be as secure as a business can be. We did look into it as soon as it was reported and took action.

We care about all of our customers, members, and vendors very much and will do whatever we can to keep them happy.

Warmest Regards,

Hello Kristi

It is not true that everyone who was included in the breech did get a warning email, i was included in the breech creditcardcompany gave me a warning data was stolen from renderosity (not another website). I contacted renderosity about the warning and after that i got an email not before so that was to late. This also worries me.

No I did not get an email either, even though I did place an order in the time frame and my card was defrauded.

I also note the other problem appeared again, where system states and order has been declined but still places a pending charge on your credit card. It all comes right after a few days so no harm done right?. Well only to your reputation as a trusted market place and another customer might think hard before they order again.

KristiS posted at 2:03AM Mon, 17 April 2017 - #4302610

Raindroptheelf posted at 3:12PM Fri, 14 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

Hi Petra -

We did indeed send out communications to all customers who made a purchase during the short amount of time there was a possible breach.

I urge you to check the email address you have on file with us to be sure you receive all communications. If your information is correct and you did not get a communication, it was because you were not included in the possible breach so therefor you were not affected and the hack to your card happened elsewhere.

We have done this the last 2 times there was a potential breach.

We emailed all those who potentially were affected and took a lot of extra measures to ensure our customer's security. There is someone here in this thread who's card was hacked and they stated they ONLY used that card at Daz. I know it is easy for those to point the fingers in our direction because it has happened twice now however, my credit card recently got hacked and I never used it here. So did another co-worker's.

I am very sorry this has happened and we are doing everything in our power to try and be as secure as a business can be. We did look into it as soon as it was reported and took action.

We care about all of our customers, members, and vendors very much and will do whatever we can to keep them happy.

Warmest Regards,

My email address is the correct one and it was indeed here at renderosity that my card and information was compromised. I use paypal now, feel a lot saver, but not because you made changes, no, because I made changes and that is sad, it should be the other way round. We put our trust in you with EVERY penny we spend here. Please do not tell me just because I was not send an email that the problem that I had was not with your store when it was. And you know, an email should have been send to ALL of your customers so that they might check their account more often JUST IN CASE. I am not at all mad at your, it is not your fault and I feel sorry that your guys here on the forums get it in the neck when the once that are responsible for the security sit in a cosy corner. It is NOT acceptable that this keeps on happening and as I said in an earlier post, your main priority should be with the security for your paying customers and not page design and tons of adverts. Kind regards Petra

Well I have now set up a prepaid debit card and charged it with a small amount of money but now I have done this I am not sure I want to use even that here. I am not pointing at any individual more at the corporate structure but it appears they are unwilling or incapable of improving the security here.

There is more than one thread here where customer's have stated that they are very concerned about buying from the marketplace here and yet there appears to be little being done to address their concerns. Not everyone who placed an order in the time frame admitted by Rendo got any email and many had to find out from other customers adding the email details to the forum. Yes, the have said that actions have been taken to improve the security, but that was said last time and clearly the measures were not enough.

In this digital age we have to accept that credit card fraud is a fact of life but you also expect the companies to do their best to protect you and inform you when things go wrong. The fact that a breach has happened twice (that they admit to, I believe there were others) in a relatively short period is not acceptable and their response is, in my opinion, not good enough.

I will continue to visit the forums to see if there is a change of heart but I have decided not to reward a company for their apparent lack of understanding of how this affects their customers. Despite the fact I have a prepaid card set up I do not intend to even look inside the market place here until I see some indication that Rendo, as a company, has a better grip on this situation.

Raindroptheelf posted at 11:19PM Mon, 17 April 2017 - #4302784

KristiS posted at 2:03AM Mon, 17 April 2017 - #4302610

Raindroptheelf posted at 3:12PM Fri, 14 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

Hi Petra -

We did indeed send out communications to all customers who made a purchase during the short amount of time there was a possible breach.

I urge you to check the email address you have on file with us to be sure you receive all communications. If your information is correct and you did not get a communication, it was because you were not included in the possible breach so therefor you were not affected and the hack to your card happened elsewhere.

We have done this the last 2 times there was a potential breach.

We emailed all those who potentially were affected and took a lot of extra measures to ensure our customer's security. There is someone here in this thread who's card was hacked and they stated they ONLY used that card at Daz. I know it is easy for those to point the fingers in our direction because it has happened twice now however, my credit card recently got hacked and I never used it here. So did another co-worker's.

I am very sorry this has happened and we are doing everything in our power to try and be as secure as a business can be. We did look into it as soon as it was reported and took action.

We care about all of our customers, members, and vendors very much and will do whatever we can to keep them happy.

Warmest Regards,

My email address is the correct one and it was indeed here at renderosity that my card and information was compromised. I use paypal now, feel a lot saver, but not because you made changes, no, because I made changes and that is sad, it should be the other way round. We put our trust in you with EVERY penny we spend here. Please do not tell me just because I was not send an email that the problem that I had was not with your store when it was. And you know, an email should have been send to ALL of your customers so that they might check their account more often JUST IN CASE. I am not at all mad at your, it is not your fault and I feel sorry that your guys here on the forums get it in the neck when the once that are responsible for the security sit in a cosy corner. It is NOT acceptable that this keeps on happening and as I said in an earlier post, your main priority should be with the security for your paying customers and not page design and tons of adverts. Kind regards Petra

I do agree with you !!!

I agree wit Petra and Hornet3d. I will also follow the forums to see what is happing. My trust is completely gone and won't be purchasing anytime soon.

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend in March when Renderosity experienced an isolated security incident. We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

nujazz posted at 7:19PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend when Renderosity experienced an isolated security incident. We have sent an email to everyone who was at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

I only started using paypal a short while back, after the SECOND time my card and account information was skimmed. You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *. So it is really just luck that not even more harm to us the customers has been caused. You are responsible for the security in your store and you have a responsibility to your paying customes AND if those things happend you should inform ALL customers via email asap regardless if they have shopped on that day or not.

So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.

And it is not just getting a new card, for me , for example it is filing a dispute with visa over an subscription for some xbox stuff that the lowlifes did with my CC and telling them they got my authorization. Also got a call reg. the rollex watch that I ordered... It is a LONG BIG ratstail of things that happens even after you get a new card.

MattGreenfield posted at 1:38PM Tue, 18 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

You have stated that your card details have in fact been used without your permission. I'd like to remind you to please call your bank or credit card company and have them replace your card. I recommend that you stop using the compromised card immediately. Also, many banks and credit card companies provide "fraud protect," and will refund unauthorized charges if your account has been stolen.

We are always improving. We continue to use new and improved tools to monitor our systems for any suspicious activity.

For added protection, you can checkout with PayPal on any site that offers it, as Renderosity does. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal, so you are completely safe from anything that could ever happen in Renderosity's checkout.

nujazz posted at 8:57PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend in March when Renderosity experienced an isolated security incident. We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

You keep telling customers that they get a warning email if they where affected, this is not true , after the warning from creditcardcompany that data was stolen from RENDEROSITY specific i did send a warning to renderosity and after that i got an email from rendo. And more customers at this forum did not get an email, besides if rendo had a breach all customers should have had a warning, rendo can send newsletters so they also can send warnings.

Raindroptheelf posted at 1:54PM Tue, 18 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

If account information is stolen, the only thing that can be done is to cancel the card. All the security measures in the world will not secure information that has already been stolen.

Stolen information isn't used immediately. Most likely, it will be used after a couple weeks. It could even be several months. Furthermore, Matt said he "found out" that morning, not that it actually happened that morning. Again, no security measure will prevent stolen (and still active) information from being used, and it certainly won't make someone aware sooner.

So I'm not sure how you came to that conclusion...

nujazz posted at 9:38PM Tue, 18 April 2017 - #4302944

Raindroptheelf posted at 1:54PM Tue, 18 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

If account information is stolen, the only thing that can be done is to cancel the card. All the security measures in the world will not secure information that has already been stolen.

Stolen information isn't used immediately. Most likely, it will be used after a couple weeks. It could even be several months. Furthermore, Matt said he "found out" that morning, not that it actually happened that morning. Again, no security measure will prevent stolen (and still active) information from being used, and it certainly won't make someone aware sooner.

So I'm not sure how you came to that conclusion...

Thats the reason renderosity had to give a warning to all their customers , so they could check there cc acounts !!!

mazal50 posted at 3:47PM Tue, 18 April 2017 - #4302865

I agree wit Petra and Hornet3d. I will also follow the forums to see what is happing. My trust is completely gone and won't be purchasing anytime soon.

Ditto. Made lots of purchases in the past, but security has been shot since December. I made my last purchase March 11 (never received notice from Rendo regarding the breach during that time frame) using a prepaid debit card that I intentionally exhausted so there was no money left on the card.

hornet3d posted at 2:38PM Tue, 18 April 2017 - #4302662

No I did not get an email either, even though I did place an order in the time frame and my card was defrauded.

I also note the other problem appeared again, where system states and order has been declined but still places a pending charge on your credit card. It all comes right after a few days so no harm done right?. Well only to your reputation as a trusted market place and another customer might think hard before they order again.

The email would have been sent to the address on your account. Could you please verify that here: https://www.renderosity.com/settings/?saccount. Please make sure it is an address that you check regularly.

If you are having problems with checkout, please contact Kristis by sitemailing her or sending an email to kristis@renderosity.com. We will want to know what the exact error message is. Sometime, it is incorrect payment information that triggers our fraud protection, but we can tell for sure if you contact Kristis with that error message.

As for the hold on your account, that actually protects both you and us during the checkout process. It is a common (and recommended) practice among online merchants. I can explain the details in another post if you're interested.

hornet3d posted at 2:59PM Tue, 18 April 2017 - #4302803

Well I have now set up a prepaid debit card and charged it with a small amount of money but now I have done this I am not sure I want to use even that here. I am not pointing at any individual more at the corporate structure but it appears they are unwilling or incapable of improving the security here.

There is more than one thread here where customer's have stated that they are very concerned about buying from the marketplace here and yet there appears to be little being done to address their concerns. Not everyone who placed an order in the time frame admitted by Rendo got any email and many had to find out from other customers adding the email details to the forum. Yes, the have said that actions have been taken to improve the security, but that was said last time and clearly the measures were not enough.

In this digital age we have to accept that credit card fraud is a fact of life but you also expect the companies to do their best to protect you and inform you when things go wrong. The fact that a breach has happened twice (that they admit to, I believe there were others) in a relatively short period is not acceptable and their response is, in my opinion, not good enough.

I will continue to visit the forums to see if there is a change of heart but I have decided not to reward a company for their apparent lack of understanding of how this affects their customers. Despite the fact I have a prepaid card set up I do not intend to even look inside the market place here until I see some indication that Rendo, as a company, has a better grip on this situation.

The two incidents were this past March and sometime two years ago.

I was not here for the one two years ago, but I know one of the things they did was to completely offload credit card processing. We no longer store credit card information. This defeated any attack that tried to get account information from past purchases.

The only thing they could do is eavesdrop on purchases as they happen. That happened this past March. We have closed that vulnerability. We have also found a few ways to protect against other attacks that have not even been attempted yet.

From previous posts:

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

Raindroptheelf posted at 3:11PM Tue, 18 April 2017 - #4302938

nujazz posted at 7:19PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend when Renderosity experienced an isolated security incident. We have sent an email to everyone who was at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

I only started using paypal a short while back, after the SECOND time my card and account information was skimmed. You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *. So it is really just luck that not even more harm to us the customers has been caused. You are responsible for the security in your store and you have a responsibility to your paying customes AND if those things happend you should inform ALL customers via email asap regardless if they have shopped on that day or not.

So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.

And it is not just getting a new card, for me , for example it is filing a dispute with visa over an subscription for some xbox stuff that the lowlifes did with my CC and telling them they got my authorization. Also got a call reg. the rollex watch that I ordered... It is a LONG BIG ratstail of things that happens even after you get a new card.

I am curious about the first time your account information was skimmed. Please send me a sitemail with details, so I can look into this for you.

You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *.

How is this not reassuring? Fending off the attacker is a success. It's the exact purpose of security. Keep in mind that unscrupulous people are constantly looking for holes in your favorite sites. Fortunately, they usually do not succeed at getting through. And this time the attacker's failure was a direct result of our improved security. I must say it was a pretty good feeling to see him come back, try his old tricks in vain, and then leave. :)

I think I should also clarify something: We patched the "couple of vulnerabilities" we found immediately (before the attacker returned). There's no luck here, just lots of hard work and long nights. This is a natural part of computer security; all websites and software should be improving constantly.

Even if the attacker had found them, it wouldn't have helped him do anything beyond what he was already capable of. Further still, exploiting them would have required insider information and we would have been aware of the activity. So there really is no "luck" here. And our users were at no extra risk. If anything there is even less risk.

That was my point: We solved more than just the issue at hand. We preemptively protected our users against something that hadn't even been tried. Security is all about outsmarting your opponent.

So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.

I don't know what you want to hear, but the truth is that the attack was started at a specific time and it was defeated at a specific time. Only purchases during that time were at risk of possibly being compromised. Not even all purchases during that time were at risk, because the attack had bugs! To be extra safe we emailed everyone that made a purchase during that time or even near that time.

I know how having personal information can affect more than just the account, and I understand how much of a hassle it can be to fix that (from personal experience with a family member). Once you have replaced your card, please send a sitemail to Krisitis or myself. Include the stolen and closed card number, so we can investigate it. At this point we have fulfilled all of our legal obligations. However, we would like to go above and beyond to make it right for you however we can.

Also, if you did not receive our email please verify the address you have on your account and make sure you check it regularly. Please also check you spam filters and all the other common email issues. https://www.renderosity.com/settings/?saccount

mazal50 posted at 3:53PM Tue, 18 April 2017 - #4302942

nujazz posted at 8:57PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend in March when Renderosity experienced an isolated security incident. We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

You keep telling customers that they get a warning email if they where affected, this is not true , after the warning from creditcardcompany that data was stolen from RENDEROSITY specific i did send a warning to renderosity and after that i got an email from rendo. And more customers at this forum did not get an email, besides if rendo had a breach all customers should have had a warning, rendo can send newsletters so they also can send warnings.

You're saying yourself that you got the email from us. I'm glad your credit card company alerted you as well.

I understand that it may have appeared that our email was in response to yours, but it was sent to everyone at the same time regardless of any email we received. We sent it only after we were absolutely sure that we had completely resolved the issue, and we were confident that we had could protect against future attacks.

We did in fact send the email out. We sent it everyone who may have been at risk. We even sent it some people who probably were completely safe from it, but we sent it just to be extra safe in case we miscalculated the window. If anyone did not receive the email when they should have, we are asking them to check the email on their user account and make sure it is an address they check regularly. We are also reminding people to check their spam filters and other usual places. If you'd like to help out, please spread the word.

mazal50 posted at 4:04PM Tue, 18 April 2017 - #4302950

nujazz posted at 9:38PM Tue, 18 April 2017 - #4302944

Raindroptheelf posted at 1:54PM Tue, 18 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

If account information is stolen, the only thing that can be done is to cancel the card. All the security measures in the world will not secure information that has already been stolen.

Stolen information isn't used immediately. Most likely, it will be used after a couple weeks. It could even be several months. Furthermore, Matt said he "found out" that morning, not that it actually happened that morning. Again, no security measure will prevent stolen (and still active) information from being used, and it certainly won't make someone aware sooner.

So I'm not sure how you came to that conclusion...

Thats the reason renderosity had to give a warning to all their customers , so they could check there cc acounts !!!

Please see my previous response to you. We notified users who were possibly at risk via email. If they did not get it, we have requested they check their user settings and spam folder. You have stated yourself that you received the email, so I'm not sure what you're trying to accomplish here.

I have also requested information from you so that I can personally investigate your account and see what I can do to help your specific case.

At this point we have fulfilled our legal obligations, and I have offered extra information and "extra mile" help for you specifically.

Please stop trolling and baiting.

Badia01 posted at 4:10PM Tue, 18 April 2017 - #4302955

mazal50 posted at 3:47PM Tue, 18 April 2017 - #4302865

I agree wit Petra and Hornet3d. I will also follow the forums to see what is happing. My trust is completely gone and won't be purchasing anytime soon.

Ditto. Made lots of purchases in the past, but security has been shot since December. I made my last purchase March 11 (never received notice from Rendo regarding the breach during that time frame) using a prepaid debit card that I intentionally exhausted so there was no money left on the card.

I am sorry you didn't receive our email regarding the security incident. Please verify the email address you have on your account here: https://www.renderosity.com/settings/?saccount. Make sure it is an address you check regularly. Also check your spam filter.

Please also send me or Kristis a sitemail with the details of your compromised account so we can investigate it. At this point we have fulfilled all of our legal obligations, but we would like to go above and beyond and make it right for you however we can.

nujazz posted at 11:21PM Tue, 18 April 2017 - #4302961

mazal50 posted at 3:53PM Tue, 18 April 2017 - #4302942

nujazz posted at 8:57PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend in March when Renderosity experienced an isolated security incident. We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

You keep telling customers that they get a warning email if they where affected, this is not true , after the warning from creditcardcompany that data was stolen from RENDEROSITY specific i did send a warning to renderosity and after that i got an email from rendo. And more customers at this forum did not get an email, besides if rendo had a breach all customers should have had a warning, rendo can send newsletters so they also can send warnings.

You're saying yourself that you got the email from us. I'm glad your credit card company alerted you as well.

I understand that it may have appeared that our email was in response to yours, but it was sent to everyone at the same time regardless of any email we received. We sent it only after we were absolutely sure that we had completely resolved the issue, and we were confident that we had could protect against future attacks.

We did in fact send the email out. We sent it everyone who may have been at risk. We even sent it some people who probably were completely safe from it, but we sent it just to be extra safe in case we miscalculated the window. If anyone did not receive the email when they should have, we are asking them to check the email on their user account and make sure it is an address they check regularly. We are also reminding people to check their spam filters and other usual places. If you'd like to help out, please spread the word.

This is exacly the reason why my trust is gone , email from rendo was an answer to my email, now your telling customers to check if there emailadresses are right, raindropthreef has already checked and wrote it was oke . Hornet3d has told you he didn't get an email. These are childisch excuses, take your customers serious.

nujazz posted at 2:25PM Wed, 19 April 2017 - #4302960

Raindroptheelf posted at 3:11PM Tue, 18 April 2017 - #4302938

nujazz posted at 7:19PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend when Renderosity experienced an isolated security incident. We have sent an email to everyone who was at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

I only started using paypal a short while back, after the SECOND time my card and account information was skimmed. You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *. So it is really just luck that not even more harm to us the customers has been caused. You are responsible for the security in your store and you have a responsibility to your paying customes AND if those things happend you should inform ALL customers via email asap regardless if they have shopped on that day or not.

So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.

And it is not just getting a new card, for me , for example it is filing a dispute with visa over an subscription for some xbox stuff that the lowlifes did with my CC and telling them they got my authorization. Also got a call reg. the rollex watch that I ordered... It is a LONG BIG ratstail of things that happens even after you get a new card.

I am curious about the first time your account information was skimmed. Please send me a sitemail with details, so I can look into this for you.

You write since you checked and changed everyting to make the store save the Attacker came back and tried and failed * ALL of his attempts *. Now that is not reassuring and I am sure glad the attacker did not find * the other 2 vulnerabilities *.

How is this not reassuring? Fending off the attacker is a success. It's the exact purpose of security. Keep in mind that unscrupulous people are constantly looking for holes in your favorite sites. Fortunately, they usually do not succeed at getting through. And this time the attacker's failure was a direct result of our improved security. I must say it was a pretty good feeling to see him come back, try his old tricks in vain, and then leave. :)

I think I should also clarify something: We patched the "couple of vulnerabilities" we found immediately (before the attacker returned). There's no luck here, just lots of hard work and long nights. This is a natural part of computer security; all websites and software should be improving constantly.

Even if the attacker had found them, it wouldn't have helped him do anything beyond what he was already capable of. Further still, exploiting them would have required insider information and we would have been aware of the activity. So there really is no "luck" here. And our users were at no extra risk. If anything there is even less risk.

That was my point: We solved more than just the issue at hand. We preemptively protected our users against something that hadn't even been tried. Security is all about outsmarting your opponent.

So again, please do not tell me just because I did not shop on that day the * attack * happened or because I did not get an mail that it did not happend here when it happened 2 times.

I don't know what you want to hear, but the truth is that the attack was started at a specific time and it was defeated at a specific time. Only purchases during that time were at risk of possibly being compromised. Not even all purchases during that time were at risk, because the attack had bugs! To be extra safe we emailed everyone that made a purchase during that time or even near that time.

I know how having personal information can affect more than just the account, and I understand how much of a hassle it can be to fix that (from personal experience with a family member). Once you have replaced your card, please send a sitemail to Krisitis or myself. Include the stolen and closed card number, so we can investigate it. At this point we have fulfilled all of our legal obligations. However, we would like to go above and beyond to make it right for you however we can.

Also, if you did not receive our email please verify the address you have on your account and make sure you check it regularly. Please also check you spam filters and all the other common email issues. https://www.renderosity.com/settings/?saccount

For me the matter is closed, so no need to send sitemails and whatnot. I have the hassle and I made changes to be more secure all over the net since my card was compromised 2 times on your site. My bank has refundet the stolen money but I am feeling very vulnarable right now when it comes to purchases. Not only here at Renderosity. You ask me what I want to hear? I would like to hear that, from now on you send an email to ALL paying customers/ members at Renderostiy to give a warning so that they might check their account frequently. As someone else already mentioned : If you can send Newsletters to everyone, surly you can send out mails reg. an hacker attack like that. THAT would put a lot of trust back. I am not mad at you personally but we need someone to talk to and you are the one on the frontline as it seems. I wish you a good day. Petra

nujazz posted at 8:36PM Wed, 19 April 2017 - #4302962

mazal50 posted at 4:04PM Tue, 18 April 2017 - #4302950

nujazz posted at 9:38PM Tue, 18 April 2017 - #4302944

Raindroptheelf posted at 1:54PM Tue, 18 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

If account information is stolen, the only thing that can be done is to cancel the card. All the security measures in the world will not secure information that has already been stolen.

Stolen information isn't used immediately. Most likely, it will be used after a couple weeks. It could even be several months. Furthermore, Matt said he "found out" that morning, not that it actually happened that morning. Again, no security measure will prevent stolen (and still active) information from being used, and it certainly won't make someone aware sooner.

So I'm not sure how you came to that conclusion...

Thats the reason renderosity had to give a warning to all their customers , so they could check there cc acounts !!!

Please see my previous response to you. We notified users who were possibly at risk via email. If they did not get it, we have requested they check their user settings and spam folder. You have stated yourself that you received the email, so I'm not sure what you're trying to accomplish here.

I have also requested information from you so that I can personally investigate your account and see what I can do to help your specific case.

At this point we have fulfilled our legal obligations, and I have offered extra information and "extra mile" help for you specifically.

Please stop trolling and baiting.

Excuse me! Do you mean me with * stop trolling and baiting *? If so I do not see why you would say that. I only voiced my worries and concerns as many others have and do. Petra

Raindroptheelf posted at 10:11PM Wed, 19 April 2017 - #4303037

nujazz posted at 8:36PM Wed, 19 April 2017 - #4302962

mazal50 posted at 4:04PM Tue, 18 April 2017 - #4302950

nujazz posted at 9:38PM Tue, 18 April 2017 - #4302944

Raindroptheelf posted at 1:54PM Tue, 18 April 2017 - #4302508

MattGreenfield posted at 3:59AM Fri, 14 April 2017 - #4302481

I just found out that this morning that my card was hacked, most likely as a result of the last breech. $2,200.00 in charges made in the U.K. before we caught it.

This is also the second time the card I use at Rendo has been hacked in 6 months, so I'm seriously going to have to consider how, if I ever want to spend money at Renderosity again, how to do it safely.

Matt I am so sorry to hear this. I can honestly say, for now, for me , the best option was to add my card to my paypal account. But as I said before, I still worry to shop here and I think this will not go away. I never got a mail or anthting reg. those security breaches that occured and that also does not help to have trust.

I am so mad at all this, those hackers get to our account info also which includes our shipping address and all the rest of it.

Now that this happened to you this morning , or you found out this morning shows that quote :* We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.* it has not worked and the shop is still not save.

If account information is stolen, the only thing that can be done is to cancel the card. All the security measures in the world will not secure information that has already been stolen.

Stolen information isn't used immediately. Most likely, it will be used after a couple weeks. It could even be several months. Furthermore, Matt said he "found out" that morning, not that it actually happened that morning. Again, no security measure will prevent stolen (and still active) information from being used, and it certainly won't make someone aware sooner.

So I'm not sure how you came to that conclusion...

Thats the reason renderosity had to give a warning to all their customers , so they could check there cc acounts !!!

Please see my previous response to you. We notified users who were possibly at risk via email. If they did not get it, we have requested they check their user settings and spam folder. You have stated yourself that you received the email, so I'm not sure what you're trying to accomplish here.

I have also requested information from you so that I can personally investigate your account and see what I can do to help your specific case.

At this point we have fulfilled our legal obligations, and I have offered extra information and "extra mile" help for you specifically.

Please stop trolling and baiting.

Excuse me! Do you mean me with * stop trolling and baiting *? If so I do not see why you would say that. I only voiced my worries and concerns as many others have and do. Petra

Think he ment me (lol)

My card was also hacked today (all of my credit line was stolen by Qatar Airways or some such bogus company) and I cancelled it right away. I made the mistake of making one single Credit Card purchase on this site couple of weeks down the road when at the time for some reason I was not able to make a PayPal purchase here. Incidentally my cc statement clearly states I've only used PayPal, Amazon, Spotify and Netflix repeatedly in addition to this one single purchase from Rendo. Quite disturbing.

12rounds posted at 9:45AM Thu, 20 April 2017 - #4303072

My card was also hacked today (all of my credit line was stolen by Qatar Airways or some such bogus company) and I cancelled it right away. I made the mistake of making one single Credit Card purchase on this site couple of weeks down the road when at the time for some reason I was not able to make a PayPal purchase here. Incidentally my cc statement clearly states I've only used PayPal, Amazon, Spotify and Netflix repeatedly in addition to this one single purchase from Rendo. Quite disturbing.

Well they have fulfilled their legal obligations so there is not a problem anymore. Eventually this will all die down, until the next time, but this is not the only place such discussions are taking place, the difference is that, elsewhere you hear from those who have already given up and don't come here anymore. Hard to quantify exact numbers but it would appear from those threads that the number of people not buying here, or seriously limiting their purchases is growing. I can only assume that Rendo are happy with the profits they are making as they are certainly not maximising their potential.

If all else fails they could abandon the 3D market place and start a taxi service, why a taxi service? Well it is the only service I can think of where driving away your customers is a positive advantage.

Correction to my above post: I tried to make a PayPal purchase on Mar-16 and wrote to the "Site Technical Issues and Bug Reports" of my problems... then as PayPal purchase didn't work, I tried to purchase with my CC but it didn't work either and in the end I purchased the same item from elsewhere using PayPal leaving me with two "Unpaid order" orders of which Renderosity has been nagging since then. Perhaps that was the weekend in March that the site was attacked? I made the order with my CC but it never went through all the way. I don't recall receiving communication about this, though

12rounds posted at 10:04AM Thu, 20 April 2017 - #4303074

Correction to my above post: I tried to make a PayPal purchase on Mar-16 and wrote to the "Site Technical Issues and Bug Reports" of my problems... then as PayPal purchase didn't work, I tried to purchase with my CC but it didn't work either and in the end I purchased the same item from elsewhere using PayPal leaving me with two "Unpaid order" orders of which Renderosity has been nagging since then. Perhaps that was the weekend in March that the site was attacked? I made the order with my CC but it never went through all the way. I don't recall receiving communication about this, though

Incomplete, or so say declined purchases have been another issue here. The date of this particular breach was 9th to 12th of March, according to Rendo, certainly my purchase was on the 10th. If this is correct the order for March 16th should have been OK, but who really knows.

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

Wise content creators will purvey their goods at other vendors in addition to Rendo. Hopefully, they are not prohibited from doing so by contract. I tried to purchase Silverwind's Nike today using a gift card, which I often do for security reasons, but the transaction was declined. A phone inquiry with the gift card issuer revealed that transactions from here via its cards are being blocked due to the detection of suspicious activity here. It's indeed a pity for the vendors who sell their wears here, because the plummeting consumer confidence in the security of Rendo's e-commerce architecture will ultimately damage them as much as those whose data was compromised.

truthordare posted at 10:56AM Sun, 23 April 2017 - #4303263

Wise content creators will purvey their goods at other vendors in addition to Rendo. Hopefully, they are not prohibited from doing so by contract. I tried to purchase Silverwind's Nike today using a gift card, which I often do for security reasons, but the transaction was declined. A phone inquiry with the gift card issuer revealed that transactions from here via its cards are being blocked due to the detection of suspicious activity here. It's indeed a pity for the vendors who sell their wears here, because the plummeting consumer confidence in the security of Rendo's e-commerce architecture will ultimately damage them as much as those whose data was compromised.

Ok, so it is still not a good Idea to buy here. I really hope they can get that sorted for the sake of the Customers as much as for the vendors.

truthordare posted at 6:30PM Sun, 23 April 2017 - #4303263

Wise content creators will purvey their goods at other vendors in addition to Rendo. Hopefully, they are not prohibited from doing so by contract. I tried to purchase Silverwind's Nike today using a gift card, which I often do for security reasons, but the transaction was declined. A phone inquiry with the gift card issuer revealed that transactions from here via its cards are being blocked due to the detection of suspicious activity here. It's indeed a pity for the vendors who sell their wears here, because the plummeting consumer confidence in the security of Rendo's e-commerce architecture will ultimately damage them as much as those whose data was compromised.

Sorry to hear this, customers can still get into a lot of trouble. Sorry for the vendors who are missing out !!!

I'm from UK and have had two cards compromised, no email from this site to tell me - and indeed I may be outside the window for the second one. This seems the most likely cause, so alas I will not be buying for the foreseeable future. Sad about that, but £15000 a lot to go in one fell swoop.

jash147 posted at 7:23PM Wed, 26 April 2017 - #4303584

I'm from UK and have had two cards compromised, no email from this site to tell me - and indeed I may be outside the window for the second one. This seems the most likely cause, so alas I will not be buying for the foreseeable future. Sad about that, but £15000 a lot to go in one fell swoop.

I really don't understand that customers did not get a warningemail, if customers didn't read the forum they still can loose a lot of money. I won't be bying anytime soon to.

mazal50 posted at 4:36PM Wed, 26 April 2017 - #4302965

This is exacly the reason why my trust is gone , email from rendo was an answer to my email, now your telling customers to check if there emailadresses are right, raindropthreef has already checked and wrote it was oke . Hornet3d has told you he didn't get an email. These are childisch excuses, take your customers serious.

Mazal,

I promise you we didn't notify everyone because of your email. We had been working on the situation long before we received your email.

I'm dealing with these other users on their issues. We need to find out why they didn't get the email so that we can make sure they receive our communications in the future. We're checking the obvious things first. If we can all remain mature, we can solve the issues at hand.

Please stop getting in the middle of other people's issues. You're hindering our progress by creating noise and accusations. We take all of our customers seriously and our security very seriously. This is why I am here responding to everyone, and trying to clear up the situation. Please know this is your last warning. If you continue to violate the TOS, you will be banned. There will be no more warnings. If you are banned there will be no further communication, and you will not be able to log on to the site.

Raindroptheelf posted at 5:26PM Wed, 26 April 2017 - #4303001

For me the matter is closed, so no need to send sitemails and whatnot. I have the hassle and I made changes to be more secure all over the net since my card was compromised 2 times on your site. My bank has refundet the stolen money but I am feeling very vulnarable right now when it comes to purchases. Not only here at Renderosity. You ask me what I want to hear? I would like to hear that, from now on you send an email to ALL paying customers/ members at Renderostiy to give a warning so that they might check their account frequently. As someone else already mentioned : If you can send Newsletters to everyone, surly you can send out mails reg. an hacker attack like that. THAT would put a lot of trust back. I am not mad at you personally but we need someone to talk to and you are the one on the frontline as it seems. I wish you a good day. Petra

I understand how you feel right now, and I apologize for the hassle. Good job securing your online presence, though. It's good practice to change passwords every once in and keep a short leash on your financial info.

We have regular team meetings. I'll prompt a discussion on how we can improve communication if/when these kinds of things happen. It would be dishonest of me to make specific promises on behalf everyone, but I can say that I completely understand your concern. I can also say that everyone here really does care, and we want to do the right thing for all of our users.

Raindroptheelf posted at 5:43PM Wed, 26 April 2017 - #4303037

Excuse me! Do you mean me with * stop trolling and baiting *? If so I do not see why you would say that. I only voiced my worries and concerns as many others have and do. Petra

I was talking to Mazal in that post. It was not directed at you. :)