l.croft opened this issue on Apr 11, 2017 ยท 83 posts
nujazz posted Thu, 27 April 2017 at 12:40 PM
hornet3d posted at 12:31PM Thu, 27 April 2017 - #4303665
nujazz posted at 9:49AM Thu, 27 April 2017 - #4303639
hornet3d posted at 6:39PM Wed, 26 April 2017 - #4303120
henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113
I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.
I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.
One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.
My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.
I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.
You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com</https:> to keep an eye on everything.
I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...
You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.
I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)
Again, I know that's not what you meant, but it's out here in the open so I had to address it.
What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.I totally accept your comments regarding the claim on the 50% failure rate, I was indeed talking from my point of view relating to actual security breaches but I understand why you needed to clarify the situation.
As to "semi-processed" I was using the term to describe the situation a little while ago where orders were greeted with a message that the transactions had been declined but a 'pending' charge was still placed on the card in question. My own fault really, but I tried again thinking I had put my card details incorrectly and when that failed tried another card. The end result was multiple pending charges on my cards. I do understand that the problem appeared to exist due to an error with Paypal but, unfortunately it was your customers that were affected.
On the wider issue I will say that I did not receive a warning email but in my case it is not an issue as I now check my credit cards on a daily basis and had already picked up the fraud and blocked my card. It was only later that I saw a thread here giving the time frame of this issue that I checked back to find I placed an order here right in the middle of the time frame.
I have to admit I was already a reluctant customer of Renderosity for many other reasons than just this issue but I have reached the point, for the second time in two years, that I am no longer buying from here. I am deeply saddened by that for, as a Poser user, there is little for me over at Daz and while I support Hivewire3D they are a very small team and cannot match the pure number of products you have on sale here. If you feel I am just mischief making here, I am not, I am just stating the position I have reluctantly found myself in. I am happy for you to check both my order history and forum history to make up your mind if I am being deceitful or being a troll or not.
One last comment, and I hope you will take this in and spirit that it is meant, which is a positive one, I totally applaud the efforts you have made in trying to help and your concern which is clearly shown in sheer number and content of your recent submissions to this thread. It is my honest belief that efforts like this a few weeks ago would have done a lot to help customer's here rebuild their trust, something I hope will be kept in mind for the future.
I know there has been a lot if tension here (justifiably). I only called out mazal for trolling, though. So no worries! You definitely come across as sincere.
Thanks for clarifying the "semi-processed" issue. I misunderstood you when you mentioned it the first time. Yes. We should look into that. At first glance, it seems that a declined transaction ought to cancel the hold on your account, right? I'll put in a ticket for us to look at that.
I'm also going to share your comments with the team. They are very constructive, and they make a great point.