Forum: MarketPlace Customers


Subject: Low security at Renderosity?

l.croft opened this issue on Apr 11, 2017 ยท 83 posts


nujazz posted Tue, 18 April 2017 at 4:02 PM

mazal50 posted at 3:53PM Tue, 18 April 2017 - #4302942

nujazz posted at 8:57PM Tue, 18 April 2017 - #4302934

Raindroptheelf posted at 12:52PM Tue, 18 April 2017 - #4302478

KristiS posted at 9:58PM Thu, 13 April 2017 - #4302220

Hello,

We are very sorry this is happening to you.

We have taken all the steps we can to be sure Renderosity is as secure as an online store can possibly be.

I suggest completely cancelling the card and getting a new one since it seems someone has gotten ahold of your information.

Thank you for being a valued member of Renderosity and wish you a wonderful week,

I am sorry but the steps you have takine to have a secure store are not good enough. It happend 2 x to me and I am lucky that the bank has put the money that was taken , back in to my account. Right now we have filed a disupute because they got hold of my address, phone number and they set up a monthly subscription apparently with my authorization. So we have to deal with that too. This is not acceptable and I would urge anyone who reads this to use paypal to make purchases here. I added my card to my paypal account and still I do not dare shopping here.

I would suggest you deal with your customers security first before page design and adding tons of adverts. Petra

In response to the second time it happened to you...

There was a weekend in March when Renderosity experienced an isolated security incident. We sent an email to anyone who may have been at risk. If you were affected then you should have received an email from us notifying you about the incident and directing you to alert your bank or credit card company.

After learning of the attack we immediately removed the attacker's work, changed all internal passwords (including admin user accounts), and implemented various protective measures. In the interest of maintaining security I cannot disclose all of the details, but we have added very restrictive filtering on all file uploads and user input as well as new monitoring tools and improvements to existing tools. We stopped all new feature development. We spent 3 weeks intensively reviewing and revising our systems at every level. We were able to trace the attack route, and we closed the vulnerability. We also found a couple other vulnerabilities that the attacker never found. We are continuing to use our new and improved tools to monitor our systems for any suspicious activity.

Since plugging the holes we have seen the attacker come back, but all of his attempts have failed.

I want to re-emphasize: If you believe your account information was compromised (or if you received the email from us), please contact your bank or credit card company and have them send you a new card.

Also, if you paying with PayPal then you are actually safe from anything that could ever happen in Renderosity's checkout. PayPal transactions are processed entirely on their site, and then you return here to confirm and download your files. Not even Renderosity can see your payment information if you checkout with PayPal.

You keep telling customers that they get a warning email if they where affected, this is not true , after the warning from creditcardcompany that data was stolen from RENDEROSITY specific i did send a warning to renderosity and after that i got an email from rendo. And more customers at this forum did not get an email, besides if rendo had a breach all customers should have had a warning, rendo can send newsletters so they also can send warnings.

You're saying yourself that you got the email from us. I'm glad your credit card company alerted you as well.

I understand that it may have appeared that our email was in response to yours, but it was sent to everyone at the same time regardless of any email we received. We sent it only after we were absolutely sure that we had completely resolved the issue, and we were confident that we had could protect against future attacks.

We did in fact send the email out. We sent it everyone who may have been at risk. We even sent it some people who probably were completely safe from it, but we sent it just to be extra safe in case we miscalculated the window. If anyone did not receive the email when they should have, we are asking them to check the email on their user account and make sure it is an address they check regularly. We are also reminding people to check their spam filters and other usual places. If you'd like to help out, please spread the word.