hornet3d posted at 6:39PM Wed, 26 April 2017 - #4303120

henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com/ to keep an eye on everything.

I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...

You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.

I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)

Again, I know that's not what you meant, but it's out here in the open so I had to address it.

What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.