12rounds posted at 5:47PM Wed, 26 April 2017 - #4303072

My card was also hacked today (all of my credit line was stolen by Qatar Airways or some such bogus company) and I cancelled it right away. I made the mistake of making one single Credit Card purchase on this site couple of weeks down the road when at the time for some reason I was not able to make a PayPal purchase here. Incidentally my cc statement clearly states I've only used PayPal, Amazon, Spotify and Netflix repeatedly in addition to this one single purchase from Rendo. Quite disturbing.

I'm investigating your account. I'll send you a sitemail for more information. Please respond to it promptly so we can resolve this quickly. If your account was indeed compromised here on Renderosity we want to do everything we can to make it right for you.

12rounds posted at 5:50PM Wed, 26 April 2017 - #4303074

Correction to my above post: I tried to make a PayPal purchase on Mar-16 and wrote to the "Site Technical Issues and Bug Reports" of my problems... then as PayPal purchase didn't work, I tried to purchase with my CC but it didn't work either and in the end I purchased the same item from elsewhere using PayPal leaving me with two "Unpaid order" orders of which Renderosity has been nagging since then. Perhaps that was the weekend in March that the site was attacked? I made the order with my CC but it never went through all the way. I don't recall receiving communication about this, though

Did you receive help with on the other thread?

March 16 was not during the attack window, but I'm still looking into this to make sure.

I've contacted Kristis about your unpaid orders. If you don't hear from her soon, you can send her an email at kristis@renderosity.com or send her a sitemail.

We'll also figure out the email issue over sitemail, so you won't have three conversations to handle at once!

henrikmk posted at 6:11PM Wed, 26 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

Hello henrikmk,

A few other users reported compromised cards around 4 months ago. That incident doesn't appear to have originated at Renderosity.

As for two weeks ago...
Your bank can block your card for any number of reasons. Have you contacted your bank to find out why they blocked your card?
If your bank says they detected fraudulent purchases then I can investigate your account. If your card was blocked for something other than fraud, I wish you the best of luck in resolving the issue.

We sent emails to all users who may have been at risk, but our emails often have trouble getting to everyone's inboxes. (Sneak peek: We're planning some big changes to our email system to address this.) We only sent the messages to at risk users to avoid causing unnecessary concern among users who definitely were not affected. There was a specific window of time when purchases were at risk. That's how we know who was at risk. Member passwords were not compromised in this attack, just payment information that was entered during that window. It might be challenging to imagine how that's possible, but we're absolutely certain of it. I was personally involved in the forensics. While the attack was clever, it wasn't all-powerful.

Again please verify whether your bank detected fraud on your account. If they did, I can investigate your account.

nujazz posted at 1:53AM Thu, 27 April 2017 - #4303626

mazal50 posted at 4:36PM Wed, 26 April 2017 - #4302965

This is exacly the reason why my trust is gone , email from rendo was an answer to my email, now your telling customers to check if there emailadresses are right, raindropthreef has already checked and wrote it was oke . Hornet3d has told you he didn't get an email. These are childisch excuses, take your customers serious.

Mazal,

I promise you we didn't notify everyone because of your email. We had been working on the situation long before we received your email.

I'm dealing with these other users on their issues. We need to find out why they didn't get the email so that we can make sure they receive our communications in the future. We're checking the obvious things first. If we can all remain mature, we can solve the issues at hand.

Please stop getting in the middle of other people's issues. You're hindering our progress by creating noise and accusations. We take all of our customers seriously and our security very seriously. This is why I am here responding to everyone, and trying to clear up the situation. Please know this is your last warning. If you continue to violate the TOS, you will be banned. There will be no more warnings. If you are banned there will be no further communication, and you will not be able to log on to the site.

I'l close my account myself.

hornet3d posted at 6:39PM Wed, 26 April 2017 - #4303120

henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com/ to keep an eye on everything.

I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...

You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.

I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)

Again, I know that's not what you meant, but it's out here in the open so I had to address it.

What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.

truthordare posted at 7:14PM Wed, 26 April 2017 - #4303263

Wise content creators will purvey their goods at other vendors in addition to Rendo. Hopefully, they are not prohibited from doing so by contract. I tried to purchase Silverwind's Nike today using a gift card, which I often do for security reasons, but the transaction was declined. A phone inquiry with the gift card issuer revealed that transactions from here via its cards are being blocked due to the detection of suspicious activity here. It's indeed a pity for the vendors who sell their wears here, because the plummeting consumer confidence in the security of Rendo's e-commerce architecture will ultimately damage them as much as those whose data was compromised.

I'm sending you a sitemail. I'd like more information on this.

jash147 posted at 7:22PM Wed, 26 April 2017 - #4303584

I'm from UK and have had two cards compromised, no email from this site to tell me - and indeed I may be outside the window for the second one. This seems the most likely cause, so alas I will not be buying for the foreseeable future. Sad about that, but £15000 a lot to go in one fell swoop.

jash147,

I'm sorry this happened to you. I'd like to investigate this further to see if it happened here and what we can do about it. I'm sending you a sitemail. Please respond to it promptly so we can get this resolved quickly. If indeed your account was compromised here we'd like to do whatever we can to make it right.

As a note to everyone, you had to make a purchase during the window of March 9th - March 12th to be at risk. If you haven't purchased anything for several months or even years, your payment information has not been lifted from Renderosity. We do not store payment information from past purchases.

mazal50 posted at 7:40PM Wed, 26 April 2017 - #4303593

jash147 posted at 7:23PM Wed, 26 April 2017 - #4303584

I'm from UK and have had two cards compromised, no email from this site to tell me - and indeed I may be outside the window for the second one. This seems the most likely cause, so alas I will not be buying for the foreseeable future. Sad about that, but £15000 a lot to go in one fell swoop.

I really don't understand that customers did not get a warningemail, if customers didn't read the forum they still can loose a lot of money. I won't be bying anytime soon to.

Our privacy policy prevents me from explaining in detail, but I find it HIGHLY unlikely this particular user's account information was lifted from Renderosity.

nujazz posted at 9:49AM Thu, 27 April 2017 - #4303639

hornet3d posted at 6:39PM Wed, 26 April 2017 - #4303120

henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com</https:> to keep an eye on everything.

I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...

You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.

I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)

Again, I know that's not what you meant, but it's out here in the open so I had to address it.

What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.

I totally accept your comments regarding the claim on the 50% failure rate, I was indeed talking from my point of view relating to actual security breaches but I understand why you needed to clarify the situation.

As to "semi-processed" I was using the term to describe the situation a little while ago where orders were greeted with a message that the transactions had been declined but a 'pending' charge was still placed on the card in question. My own fault really, but I tried again thinking I had put my card details incorrectly and when that failed tried another card. The end result was multiple pending charges on my cards. I do understand that the problem appeared to exist due to an error with Paypal but, unfortunately it was your customers that were affected.

On the wider issue I will say that I did not receive a warning email but in my case it is not an issue as I now check my credit cards on a daily basis and had already picked up the fraud and blocked my card. It was only later that I saw a thread here giving the time frame of this issue that I checked back to find I placed an order here right in the middle of the time frame.

I have to admit I was already a reluctant customer of Renderosity for many other reasons than just this issue but I have reached the point, for the second time in two years, that I am no longer buying from here. I am deeply saddened by that for, as a Poser user, there is little for me over at Daz and while I support Hivewire3D they are a very small team and cannot match the pure number of products you have on sale here. If you feel I am just mischief making here, I am not, I am just stating the position I have reluctantly found myself in. I am happy for you to check both my order history and forum history to make up your mind if I am being deceitful or being a troll or not.

One last comment, and I hope you will take this in and spirit that it is meant, which is a positive one, I totally applaud the efforts you have made in trying to help and your concern which is clearly shown in sheer number and content of your recent submissions to this thread. It is my honest belief that efforts like this a few weeks ago would have done a lot to help customer's here rebuild their trust, something I hope will be kept in mind for the future.

hornet3d posted at 12:31PM Thu, 27 April 2017 - #4303665

nujazz posted at 9:49AM Thu, 27 April 2017 - #4303639

hornet3d posted at 6:39PM Wed, 26 April 2017 - #4303120

henrikmk posted at 8:39PM Thu, 20 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com</https:> to keep an eye on everything.

I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...

You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.

I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)

Again, I know that's not what you meant, but it's out here in the open so I had to address it.

What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.

I totally accept your comments regarding the claim on the 50% failure rate, I was indeed talking from my point of view relating to actual security breaches but I understand why you needed to clarify the situation.

As to "semi-processed" I was using the term to describe the situation a little while ago where orders were greeted with a message that the transactions had been declined but a 'pending' charge was still placed on the card in question. My own fault really, but I tried again thinking I had put my card details incorrectly and when that failed tried another card. The end result was multiple pending charges on my cards. I do understand that the problem appeared to exist due to an error with Paypal but, unfortunately it was your customers that were affected.

On the wider issue I will say that I did not receive a warning email but in my case it is not an issue as I now check my credit cards on a daily basis and had already picked up the fraud and blocked my card. It was only later that I saw a thread here giving the time frame of this issue that I checked back to find I placed an order here right in the middle of the time frame.

I have to admit I was already a reluctant customer of Renderosity for many other reasons than just this issue but I have reached the point, for the second time in two years, that I am no longer buying from here. I am deeply saddened by that for, as a Poser user, there is little for me over at Daz and while I support Hivewire3D they are a very small team and cannot match the pure number of products you have on sale here. If you feel I am just mischief making here, I am not, I am just stating the position I have reluctantly found myself in. I am happy for you to check both my order history and forum history to make up your mind if I am being deceitful or being a troll or not.

One last comment, and I hope you will take this in and spirit that it is meant, which is a positive one, I totally applaud the efforts you have made in trying to help and your concern which is clearly shown in sheer number and content of your recent submissions to this thread. It is my honest belief that efforts like this a few weeks ago would have done a lot to help customer's here rebuild their trust, something I hope will be kept in mind for the future.

I know there has been a lot if tension here (justifiably). I only called out mazal for trolling, though. So no worries! You definitely come across as sincere.

Thanks for clarifying the "semi-processed" issue. I misunderstood you when you mentioned it the first time. Yes. We should look into that. At first glance, it seems that a declined transaction ought to cancel the hold on your account, right? I'll put in a ticket for us to look at that.

I'm also going to share your comments with the team. They are very constructive, and they make a great point.

nujazz posted at 9:49PM Thu, 27 April 2017 - #4303731

One of the problems with pin pointing the place where a card is breached is the defrauded information can be sold on the other fraudsters and because of this there could be a long delay from the information being leaked and the card being used for fraud. I have account with a credit agency and they regularly used to report that my email address and password is up for sale. Happily this information is well out of date and, since I started using a password manager I have not had this warning. They also sometimes advised my card information is also for sale at which point I stop by card immediately.

My cards have been done four times in just over a year and these are cards only used for my 3D content purchases. On two of those occasions Rendo have later admitted a breach of the order process and on both occasions I placed orders here during the period of time the breach was identified. That gives a 50% failure rate to Rendo even as a minimum and add to that the period when the payments were so say declined but semi processed and it is clear that buying from here has certainly caused me grief.

I can't prove anything on the other breaches but what I can do is not buy from here for an extended period of time and continue to buy from other 3D marketplaces and see what happens. I can't say I feel at all bothered for Rendo's loss of sales in all this but I do feel for the vendors who also lose out.

You are absolutely right about the time delay. Also, great decision to use a password manager! You can also subscribe to alerts from https://haveibeenpwned.com</https:> to keep an eye on everything.

I know that by "50% failure rate," what you really mean is that half of the trouble you've had came from Renderosity. But since you've used that phrase publicly, I'd like to point out a more accurate way to find such a thing...

You should look at all purchases made and see how many were compromised. Let's be extremely pessimistic and assume that everything purchased anytime from the very first second of March 9th to midnight of March 12th was definitely compromised. Note: this is not what actually happened, but let's run a worst case scenario here. Let's also only consider purchases made this year. We'll completely ignore all those years when nothing was ever compromised.

I'm probably not authorized to publicly post our sales figures for all of the internet to read. But in this extremenly, inaccurately pessimistic scenario we would actually have a "success rate" around 95%. Again that's not counting the many previous years where no payments were compromised. We've been around since 1998. So you're looking at something closer to 99.9%. (Note: These figures are intentionally imprecise, but they are based on real numbers and they make the same point.)

Again, I know that's not what you meant, but it's out here in the open so I had to address it.

What do you mean by "semi-processed?"
If there's an issue with checkout, I'd like to know about it.

I totally accept your comments regarding the claim on the 50% failure rate, I was indeed talking from my point of view relating to actual security breaches but I understand why you needed to clarify the situation.

As to "semi-processed" I was using the term to describe the situation a little while ago where orders were greeted with a message that the transactions had been declined but a 'pending' charge was still placed on the card in question. My own fault really, but I tried again thinking I had put my card details incorrectly and when that failed tried another card. The end result was multiple pending charges on my cards. I do understand that the problem appeared to exist due to an error with Paypal but, unfortunately it was your customers that were affected.

On the wider issue I will say that I did not receive a warning email but in my case it is not an issue as I now check my credit cards on a daily basis and had already picked up the fraud and blocked my card. It was only later that I saw a thread here giving the time frame of this issue that I checked back to find I placed an order here right in the middle of the time frame.

I have to admit I was already a reluctant customer of Renderosity for many other reasons than just this issue but I have reached the point, for the second time in two years, that I am no longer buying from here. I am deeply saddened by that for, as a Poser user, there is little for me over at Daz and while I support Hivewire3D they are a very small team and cannot match the pure number of products you have on sale here. If you feel I am just mischief making here, I am not, I am just stating the position I have reluctantly found myself in. I am happy for you to check both my order history and forum history to make up your mind if I am being deceitful or being a troll or not.

One last comment, and I hope you will take this in and spirit that it is meant, which is a positive one, I totally applaud the efforts you have made in trying to help and your concern which is clearly shown in sheer number and content of your recent submissions to this thread. It is my honest belief that efforts like this a few weeks ago would have done a lot to help customer's here rebuild their trust, something I hope will be kept in mind for the future.

I know there has been a lot if tension here (justifiably). I only called out mazal for trolling, though. So no worries! You definitely come across as sincere.

Thanks for clarifying the "semi-processed" issue. I misunderstood you when you mentioned it the first time. Yes. We should look into that. At first glance, it seems that a declined transaction ought to cancel the hold on your account, right? I'll put in a ticket for us to look at that.

I'm also going to share your comments with the team. They are very constructive, and they make a great point.

Thank you for taking my comments at face value, I have been critical of Renderosity on a number of occasions but I have also always tried to be fair. I also believe if you use your right to complain you should also praise when that too is justified.

I have no wish to see Renderosity fail, nor do I have any ill will towards any individual so when I complain it is with the hope the situation will be addressed and the situation is improved for everyone. It is a real shame that I am in the position that I do not feel easy shopping here when, in the past, I have shopped a couple of times a week. I would like to be able to shop again at some point with a modicum on trust so I wish you every success in your efforts to address the situation.

nujazz posted at 10:49PM Thu, 27 April 2017 - #4303629

Raindroptheelf posted at 5:43PM Wed, 26 April 2017 - #4303037

Excuse me! Do you mean me with * stop trolling and baiting *? If so I do not see why you would say that. I only voiced my worries and concerns as many others have and do. Petra

I was talking to Mazal in that post. It was not directed at you. :)

I thank you for clearing this up :) I also want to say thank you for posting here and caring, it does show and that makes a whole lot of a difference. Thank you. Petra

nujazz posted at 10:51PM Thu, 27 April 2017 - #4303628

Raindroptheelf posted at 5:26PM Wed, 26 April 2017 - #4303001

For me the matter is closed, so no need to send sitemails and whatnot. I have the hassle and I made changes to be more secure all over the net since my card was compromised 2 times on your site. My bank has refundet the stolen money but I am feeling very vulnarable right now when it comes to purchases. Not only here at Renderosity. You ask me what I want to hear? I would like to hear that, from now on you send an email to ALL paying customers/ members at Renderostiy to give a warning so that they might check their account frequently. As someone else already mentioned : If you can send Newsletters to everyone, surly you can send out mails reg. an hacker attack like that. THAT would put a lot of trust back. I am not mad at you personally but we need someone to talk to and you are the one on the frontline as it seems. I wish you a good day. Petra

I understand how you feel right now, and I apologize for the hassle. Good job securing your online presence, though. It's good practice to change passwords every once in and keep a short leash on your financial info.

We have regular team meetings. I'll prompt a discussion on how we can improve communication if/when these kinds of things happen. It would be dishonest of me to make specific promises on behalf everyone, but I can say that I completely understand your concern. I can also say that everyone here really does care, and we want to do the right thing for all of our users.

Thank you for your reply and understanding. Petra

nujazz posted at 7:58PM Fri, 05 May 2017 - #4303635

henrikmk posted at 6:11PM Wed, 26 April 2017 - #4303113

I'll just chime in that my card has been hacked 4 months ago with no email warnings received from Renderosity, even after checking the spam folder. Then again just two weeks ago, the new card was blocked by the bank for no apparent reason, but I have been shopping here a few times with that card in 2017, before it was blocked. Still heard nothing from Renderosity. Then I actively search and find this thread.

I'm not sure what else to say, other than if you think there are problems, it's best to send out emails unconditionally to all users as a safety measure along with changing all passwords.

Hello henrikmk,

A few other users reported compromised cards around 4 months ago. That incident doesn't appear to have originated at Renderosity.

As for two weeks ago...
Your bank can block your card for any number of reasons. Have you contacted your bank to find out why they blocked your card?
If your bank says they detected fraudulent purchases then I can investigate your account. If your card was blocked for something other than fraud, I wish you the best of luck in resolving the issue.

We sent emails to all users who may have been at risk, but our emails often have trouble getting to everyone's inboxes. (Sneak peek: We're planning some big changes to our email system to address this.) We only sent the messages to at risk users to avoid causing unnecessary concern among users who definitely were not affected. There was a specific window of time when purchases were at risk. That's how we know who was at risk. Member passwords were not compromised in this attack, just payment information that was entered during that window. It might be challenging to imagine how that's possible, but we're absolutely certain of it. I was personally involved in the forensics. While the attack was clever, it wasn't all-powerful.

Again please verify whether your bank detected fraud on your account. If they did, I can investigate your account.

Sorry for the late reply. In my conversation with the bank, they could not tell my why the card had been blocked. The block was a "soft block" what ever that means. I had on the same day enabled VISA 3D secure for another site, but that's probably coincidence. The card was blocked at 10 PM that same evening.

I got a new card a few days later. Sorry, this is probably not enough for you to investigate.

I dont think I am going to be making any more purchases at Renderosity. My Renderosity designated cc was compromised here just recently and My credit card company suggested that the security must be so very low at both companies that the risk is high that it will happen again. This is the third time in the last year or so that I have had to cancel and get card reissued. I only use this card for digital content here so that I can keep control of unnecessary spending.

Jollyself posted at 4:05PM Thu, 11 May 2017 - #4304933

I dont think I am going to be making any more purchases at Renderosity. My Renderosity designated cc was compromised here just recently and My credit card company suggested that the security must be so very low at both companies that the risk is high that it will happen again. This is the third time in the last year or so that I have had to cancel and get card reissued. I only use this card for digital content here so that I can keep control of unnecessary spending.

You are not alone and there are reports that some potential customers are trying to use Visa gift cards and they are being declined. When they have checked with the issuing company they say that all transactions here are being blocked due the issues here. I totally accept that is hearsay but when you see this from multiple sources it does tend to lend credibility to the accounts.

There is also the fact that a similar discussions to this one appear in forums on other sites warning potential customers to beware when buying here. Sadly I cannot see how this can do anything but negatively impact both Renderosity and the vendors. Even more concerning is the fact I really cannot see how Rederosity can dig their way out of this. Yes it would help if they were to show they are aware and trying to correct the situation but even with the best security system is not going to have an immediate impact. It is so easy to lose trust, so hard to gain it in the first place and nigh on impossible to gain it back once it has been lost.

Last month was the first month in ten years that I spent nothing on 3D content and my spending here was already less a tenth of what I used to spend here each month. I don't even look in the marketplace here these days as I do not want to see something I like but cannot bring myself to buy. It is the continuation of a downward spiral, I stopped spending here after the 'Prime' debacle and returned tentatively when RDNA crashed and burned (well for a Poser User it did). Within weeks my card is defrauded again, my guardian angel is really trying to tell me something. I honestly do hope that Rendo can turn this around but as I see more, both here and in other forums elsewhere I grow increasingly pessimistic.

Jollyself posted at 11:24AM Fri, 12 May 2017 - #4304933

I dont think I am going to be making any more purchases at Renderosity. My Renderosity designated cc was compromised here just recently and My credit card company suggested that the security must be so very low at both companies that the risk is high that it will happen again. This is the third time in the last year or so that I have had to cancel and get card reissued. I only use this card for digital content here so that I can keep control of unnecessary spending.

Oh my, when did this hapen? I have my CC now with paypal and buying over paypal, but I decided not to buy here now even so I made a few purchases recently. I felt so uneasy and got paranoid checking my bank account 3 times a day and expected a call from my bank telling me that it happend again. I do not like to feel like this.

Raindroptheelf posted at 11:55AM Fri, 12 May 2017 - #4305052

Jollyself posted at 11:24AM Fri, 12 May 2017 - #4304933

I dont think I am going to be making any more purchases at Renderosity. My Renderosity designated cc was compromised here just recently and My credit card company suggested that the security must be so very low at both companies that the risk is high that it will happen again. This is the third time in the last year or so that I have had to cancel and get card reissued. I only use this card for digital content here so that I can keep control of unnecessary spending.

Oh my, when did this hapen? I have my CC now with paypal and buying over paypal, but I decided not to buy here now even so I made a few purchases recently. I felt so uneasy and got paranoid checking my bank account 3 times a day and expected a call from my bank telling me that it happend again. I do not like to feel like this.

I think you have really highlighted the problem for customer's here, it is not just the fraud itself but the anguish it then generates going forward. I hold no malice towards Renderosity and I am sure there would be products I would want to buy if I looked in the marketplace but I am a hobbyist and I do 3D art for fun. Checking my credit card account half expecting unauthorised payments or waiting for a call from the card security department is not my idea of fun and a worry I would rather do without.

It really is a sad situation all round for customers, Renderosity and vendors as we all lose out in the long run.

I was also one of those who purchased here, once on March 10th and once on March 12th. I received no (let me repeat, no) email warning of any kind that there had been a breach and was, therefore, not able to protect myself against fraudulent use of my credit card, which happened on May 5th (apparently--as already mentioned elsewhere in the forum--due to a case of delayed use on the part of the criminals).

Understandably, I am now also one of those who are extremely hesitant to ever shop here again, but if there were a reasonable (which others have said doesn't exist at the moment) way of putting money (using a prepaid card) into Rendo by purchasing a gift certificate which worked like store credit (which others have said is NOT the way things are set up to work), then I would consider coming back.

What's the issue with this? Why can't you guys let people deduct money from gift certificate purchases in the same manner that store credit works? Is this in the works, or will this never happen?

I'm not going to go into ALL THE HASSLES I've had to deal with clearing up this MESS!! The time and frustration dealing with the credit card people has been mind numbing. And the prospect of never being able to shop here again scary because I love the products sold here.

If you want to make this right by me, you could do one minor thing: at least let gift certificates work like store credit.

zuppifix posted at 9:42AM Sat, 13 May 2017 - #4305107

I was also one of those who purchased here, once on March 10th and once on March 12th. I received no (let me repeat, no) email warning of any kind that there had been a breach and was, therefore, not able to protect myself against fraudulent use of my credit card, which happened on May 5th (apparently--as already mentioned elsewhere in the forum--due to a case of delayed use on the part of the criminals).

Understandably, I am now also one of those who are extremely hesitant to ever shop here again, but if there were a reasonable (which others have said doesn't exist at the moment) way of putting money (using a prepaid card) into Rendo by purchasing a gift certificate which worked like store credit (which others have said is NOT the way things are set up to work), then I would consider coming back.

What's the issue with this? Why can't you guys let people deduct money from gift certificate purchases in the same manner that store credit works? Is this in the works, or will this never happen?

I'm not going to go into ALL THE HASSLES I've had to deal with clearing up this MESS!! The time and frustration dealing with the credit card people has been mind numbing. And the prospect of never being able to shop here again scary because I love the products sold here.

If you want to make this right by me, you could do one minor thing: at least let gift certificates work like store credit.

If you really want to shop here and protect your credit cards you could try using a prepaid debit card. There are cards that are fairly cheap to run, if used wisely, and will allow you to top up from your bank account free of charge that way you can just place enough on the card to cover the cost of your order here. If the card is defrauded and you have kept a small balance on the card only that balance is at risk. If you choose one with no credit or overdraft facility there is on ongoing risk. Also, as there is no credit card or overdraft facility there is no credit check required on applying so if one card does get hit you just open another.

I am based in the UK and have a card called 'Pockit' it cost just £1 to have the card issued and it can be used everywhere a Mastercard can be used. I can transfer money from my bank account online at no additional charge and it take less than an hour for the transferred funds to appear on the card. I suspect that the only extra cost I will pay will be in a slightly poorer $-£ exchange but I see that as a small cost to pay for the worry it will save. I say suspect because it was set up with the intention of only using here and I have not used it so far.

The other way is to use Paypal of course, which seems to work for a lot of people I just prefer the idea of the prepaid debt card.

Gift cards work if they are the kind that can be registered after purchase, been doing it off and on for a while. I have recently been hacked for the 4th time and currently in dispute over charges. Since I shopped at three 3D sites I can not say where the breech was for sure so will decline to finger point. On the matter of Rendo notifacation I can say it needs improvement but I have recieved 1 letter "postal" advicing me after the fact. As to continued shopping: I do not plan to let some low life bottom feeders chase me off. There is too much good stuff here. PERIOD In my case better care and disipline must prevail.

As a suggestion you can get a non refillable gift card and make sure it is usable on line. As of late you register your zip code and these cards have been working here. Use the entire card and buy a rendo gift certicicate that theives and the like are not interested in. Use it yourself at your leasure. I have seen requests to combile GCs often enough. I hope this gives y'all an alternitive to allowing low type people from chasing you away from a good thing.

As I said, I made two credit card purchases during a time period when Rendo says it’s systems were compromised. Circumstantially than, It would appear that my credit card info fell into the wrong hands while I was making a purchase at Rendo, but I haven't seen any forensic evidence that proves that. In fact (if I remember correctly), Rendo said that if you didn't get an email, then you weren't involved. I haven't seen the forensic evidence for that either (i.e. that my CC info wasn’t hacked here). And If my CC info was--or if the chance can't be ruled out that it was--compromised at Rendo--I am wondering why I didn't get an email kindly informing me thereof. I imagine that any claim to the effect that something was, in fact, sent out can easily be substantiated by simply forwarding a copy of the original, which presumably has not only the sender’s, but also the recipient’s name with a date/time stamp.

In either case, it would have been of great help if I had known that Rendo was hacked during the days I made purchases here and that the potential existed of my CC info having been compromised. Armed with that knowledge alone, I would definitely have canceled my credit card and had a new one issued to me. In fact, I might just have hit on the idea earlier to get a pre-paid card or use Paypal to avoid further possible problems/disruptions down the line, regardless of their nature or origin. I would also be feeling much better at this point about making future purchases here. As a customer, I would hope to get that kind of erring on the side of caution, immediate, proactive, prophylactic warning. Whether or not every potential or actual victim in this case received such an email remains an open question in my mind.

That having been said, I understand that no site is 100% safe and that people make mistakes. That's why I am not so much interested in what happened, or why it happened, as I am in what Rendo can/will do (and also what I can do) going forward. I really hope this all gets sorted because--as I said--I really like Rendo and it's products/vendors. My dealings have always been pleasant here, and I like the community too. Because I’d like to remain a customer, I am, therefore, wondering if it is possible (as I already asked) for me to put money into my account through a gift certificate and then for that money to be added/transferred into the store credit side of things so that I can withdraw that money just like you would withdraw store credit. I'd appreciate an answer to this.

hornet3d posted at 3:35PM Sun, 14 May 2017 - #4305118

zuppifix posted at 9:42AM Sat, 13 May 2017 - #4305107

I was also one of those who purchased here, once on March 10th and once on March 12th. I received no (let me repeat, no) email warning of any kind that there had been a breach and was, therefore, not able to protect myself against fraudulent use of my credit card, which happened on May 5th (apparently--as already mentioned elsewhere in the forum--due to a case of delayed use on the part of the criminals).

Understandably, I am now also one of those who are extremely hesitant to ever shop here again, but if there were a reasonable (which others have said doesn't exist at the moment) way of putting money (using a prepaid card) into Rendo by purchasing a gift certificate which worked like store credit (which others have said is NOT the way things are set up to work), then I would consider coming back.

What's the issue with this? Why can't you guys let people deduct money from gift certificate purchases in the same manner that store credit works? Is this in the works, or will this never happen?

I'm not going to go into ALL THE HASSLES I've had to deal with clearing up this MESS!! The time and frustration dealing with the credit card people has been mind numbing. And the prospect of never being able to shop here again scary because I love the products sold here.

If you want to make this right by me, you could do one minor thing: at least let gift certificates work like store credit.

If you really want to shop here and protect your credit cards you could try using a prepaid debit card. There are cards that are fairly cheap to run, if used wisely, and will allow you to top up from your bank account free of charge that way you can just place enough on the card to cover the cost of your order here. If the card is defrauded and you have kept a small balance on the card only that balance is at risk. If you choose one with no credit or overdraft facility there is on ongoing risk. Also, as there is no credit card or overdraft facility there is no credit check required on applying so if one card does get hit you just open another.

I am based in the UK and have a card called 'Pockit' it cost just £1 to have the card issued and it can be used everywhere a Mastercard can be used. I can transfer money from my bank account online at no additional charge and it take less than an hour for the transferred funds to appear on the card. I suspect that the only extra cost I will pay will be in a slightly poorer $-£ exchange but I see that as a small cost to pay for the worry it will save. I say suspect because it was set up with the intention of only using here and I have not used it so far.

The other way is to use Paypal of course, which seems to work for a lot of people I just prefer the idea of the prepaid debt card.

I am using paypal only now but I will not shop here until I know that a mail to ALL customers goes out, no matter if they bought on that day something has happened or not. If newsletter to earn money can go to ALL than it should be no problem sending mail to ALL for other things too. I need to know that I am looked after. We are not here for the store, the store is here for us, we are the customers that bring in in the money, our hard earned money and I believe we have the right of information if there are risks. Nothing is 100% safe, we all know it, but what should be 100% is the care for the customers. I do not hold a grudge towards renderosity, I love it here, I still look at the Galery and post my images, but when it comes to shopping, that is another matter and right now I do not have the trust in this store when it comes to shopping.

First post her in a long long time. I have had two cards compromised that were used here. My Bluebird prepaid card which was only used here once on March 8th and my Chase Debit card set up specifically for paying bills and making internet purchases online.(used that card here a bunch of times as well as at Renderortica). It is obvious that Renderosity has had some security issues but everyone has some from time to time including banks and major sites like Amazon, Ebay, etc... Stuff happens. I am only posting here to let the devs know that the cards in question were not used during the time of the breach they detected. I have been security conscious of internet purchases for years which is why I have a separate bank Debit card just for internet purchases and paying bills online. I also have an AMEX Bluebird and a Mastercard prepaid debit card for purchase also. Is it a little bit of a hassle to load them? Yes but it is worth it for security. I now use PayPal exclusively on this site since the Chase card was hacked. I read through all three pages of this thread and it seems like Renderosity did most everything they could to address the issue. For those unwilling to purhcaee her now, it is your loss. Too much good stuff to pass up on this site. People, do as the devs suggested, use PayPal.

billyben posted at 11:04AM Wed, 17 May 2017 - #4305356

First post her in a long long time. I have had two cards compromised that were used here. My Bluebird prepaid card which was only used here once on March 8th and my Chase Debit card set up specifically for paying bills and making internet purchases online.(used that card here a bunch of times as well as at Renderortica). It is obvious that Renderosity has had some security issues but everyone has some from time to time including banks and major sites like Amazon, Ebay, etc... Stuff happens. I am only posting here to let the devs know that the cards in question were not used during the time of the breach they detected. I have been security conscious of internet purchases for years which is why I have a separate bank Debit card just for internet purchases and paying bills online. I also have an AMEX Bluebird and a Mastercard prepaid debit card for purchase also. Is it a little bit of a hassle to load them? Yes but it is worth it for security. I now use PayPal exclusively on this site since the Chase card was hacked. I read through all three pages of this thread and it seems like Renderosity did most everything they could to address the issue. For those unwilling to purhcaee her now, it is your loss. Too much good stuff to pass up on this site. People, do as the devs suggested, use PayPal.

Totally understand where you are coming from but for some the suggestion to use Paypal is not an option, as you say all companies have problems but it is how they deal with it that differentiates the good from the bad, guess which pigeon hole I put Paypal in.

"For those unwilling to purhcaee her now, it is your loss" - Yes it is but it is also a loss for the vendors and Renderosity. There is a saying 'once bitten twice shy' I am not aware of one for twice bitten so, for now at least, it is 'Twice bitten don't buy' so for me at least I don't look in the market place and therefore I am not aware of what I am missing.

Yeah, after hearing from another acquaintance that their CC used here got hacked, I've pretty much decided that I will never renew my Prime membership or buy anything here again. At least, until these security issues get fixed.

It's 2017, Rendo. Get with the times and for God's sake, get your ancient and unsafe infrastructure fixed, especially after this many complaints here and elsewhere on other forums. This kind of laziness is inexcusable in this day and age, especially when cyber security and identity theft are becoming far bigger issues than they were even 5 years ago!

PanzerEmerald posted at 12:02PM Tue, 23 May 2017 - #4305727

Yeah, after hearing from another acquaintance that their CC used here got hacked, I've pretty much decided that I will never renew my Prime membership or buy anything here again. At least, until these security issues get fixed.

It's 2017, Rendo. Get with the times and for God's sake, get your ancient and unsafe infrastructure fixed, especially after this many complaints here and elsewhere on other forums. This kind of laziness is inexcusable in this day and age, especially when cyber security and identity theft are becoming far bigger issues than they were even 5 years ago!

As annoying as credit card hacking is, it is much less bothersome than having your identity stolen, something that can stay with you for a life time. Happily it seems only credit card information has been leaked here but that information alone can help identity theft and I can well understand those not buying from here at present. Identity theft would be a very high price to pay for what for most customers is a hobby, irrespective of the quality of the content.

PanzerEmerald posted at 12:02PM Tue, 23 May 2017 - #4305727

Yeah, after hearing from another acquaintance that their CC used here got hacked, I've pretty much decided that I will never renew my Prime membership or buy anything here again. At least, until these security issues get fixed.

It's 2017, Rendo. Get with the times and for God's sake, get your ancient and unsafe infrastructure fixed, especially after this many complaints here and elsewhere on other forums. This kind of laziness is inexcusable in this day and age, especially when cyber security and identity theft are becoming far bigger issues than they were even 5 years ago!

As annoying as credit card hacking is, it is much less bothersome than having your identity stolen, something that can stay with you for a life time. Happily it seems only credit card information has been leaked here but that information alone can help identity theft and I can well understand those not buying from here at present. Identity theft would be a very high price to pay for what for most customers is a hobby, irrespective of the quality of the content.

And last month I also had to change my card after my account got hacked. It's nice that you've fulfilled your legal obligations, but I'm fulfilling my financial security obligations by not making any more purchases from Renderosity until there is a serious upgrade to site security.

Madbat posted at 10:19AM Thu, 25 May 2017 - #4305806

And last month I also had to change my card after my account got hacked. It's nice that you've fulfilled your legal obligations, but I'm fulfilling my financial security obligations by not making any more purchases from Renderosity until there is a serious upgrade to site security.

I am with you. I am not purchasing here until I hear that changes have been made. Not feeling save is a bad feeling, but that is how I felt with my last purchases after my card had been skimmed twice. Even though I am using paypal for my online shopping, I do not feel save enough here at RMP. Also all those adverts top right and centre do not help. * but that is a different story * I wish RMP the best, do not hold grudges but wish that they would do more to show that they are actually working on making this place secure again and keeping their cutstomers infomed. Sending emails to EVERYONE for advertising new products and prime stuff but failing to send out emails to EVERYONE on the progress of securing this place from fraud. Very sad indeed.