I use a prepaid debit card with a balance of <$25 for purchases on Renderosity. I do not use the card elsewhere. A couple days after my last purchase on Renderosity, 4 charges were made against the card on Spotify and Facebook. I do not have accounts on either service. Users should check their credit cards. 'tis the season for fraudsters.

I don't use credit cards here, but both our family Visa and Amex cards got hit with overseas fraud. Yes, season for trouble indeed.

Eternal Hobbyist

 

Hi Badia01,

We have had a few people raise concern and we immediately checked everything and continue to keep an eye on it and nothing has been compromised.

Every one of them have purchased at Daz as well and we are certain the trouble is not on our side.

We did have trouble in the past and we upped everything to the highest security. We do not store credit card information on our servers and we have found a lot of the ones with the trouble have their card stored on Daz's site for the monthly club and or purchases they made elsewhere.

Our system is constantly overwriting files so there is even less of a chance for someone to come in and compromise anything.

I also found that you have used the same card on our site since 2013 with an updated expiration date, I did not realize companies will send a new card with the same number but different expiration date to you. I thought it was only banks and credit card companies that did that.

I am sorry this happened to you and others. It is very sad that people have to steal from others.

Warmest Regards,

Kristi

Community Relations Specialist

This is your life - your platform - your stage - your story  

Hey everyone,

I just want to take a moment to discuss the issue of credit card fraud. We have had about 10 members report to us that they have had their credit card compromised in the past week. Most of those individuals have confirmed shopping at Renderosity and DAZ over the past few weeks. We have found in at least 4 cases so far that the individuals used PayPal for their purchases on Renderosity but used their stored credit card info to purchase at DAZ. When completing your purchase through PayPal, no credit card or bank information is shared with us . Only in the case that you actually pay by submitting your credit card information on Renderosity could any of your credit card data be compromised. We recommend using PayPal to help secure your credit card details for online purchasing when that option is available rather than entering all of your credit card at checkout to make your purchases. We provide that option for all purchases at Renderosity.

In addition, we have spent several hours over the past two days scanning and reviewing all of our systems, processes, and codebase to be absolutely certain everything is 100% secure. At this time, we have no reason to believe anyone's credit card data has been compromised through our checkout process. As a reminder, Renderosity DOES NOT store your credit card data whatsoever in our system or elsewhere. It is only passed through to our gateway provider at the time of checkout and never stored beyond that. We are fully compliant with the latest SSL and TLS requirements as well.

We ask that if you find your credit card has been compromised to do the following:

1.) Immediately contact your financial institution and make them aware.
2.) Review all of the stores that you have used your card recently and contact them. Especially marketplaces that store your credit card information.
3.) If you have used your credit card (not PayPal) to checkout at Renderosity, please contact store@renderosity.com with all of the details, including the date/time you last used your card here, as well as other places you have recently used your card so we can properly investigate the matter as thoroughly as possible.

We appreciate your business and would like to wish you all a happy holiday season.

Regards,

Tommy Lemon
Vice President, Renderosity

Thanks for the information but you I am very sure have been hacked! Again!

After last years hack I use a dedicated pre-paid CC only for Renderosity and no place else.

I used it last time here at the 24th of November. My CC company informed me yesterday about more than 60 purchases on the 3rd of December throughout the world and the card was immediately blocked.

I have up-to-date and active virus scanner, regular scans, I use clean browsers with no "suspicious" add-ons/plug-ins, if in doubt I also use a secure sandbox, security updates are all done,

I am 100% convinced that the problem is with Renderosity.

Hi Fredy,

Please be sure to send the compromised credit card details along with the contact number on the back of the card to store@renderosity.com so we can call the issuer and investigate further.

Thank you,

Tommy

My cc has been hacked as well, I reported the details to Jenn two days ago.

i did NOT purchase with the CC at DAZ. And I did NOT use it in other 3D stores. Only other place I used it was at Amazon (once) and a recurring subscruption at a news site.

The CC number is different from previous cards I used previously at Renderosity, so that is not a problem either.

My last purchase at Renderosity was nov 20.

The fraudulent purchases (many) happened at dec 4. The CC company warned me and reversed the charges after I informed them they were frauds.

wimvdb,

Please forward your credit card details (assuming they are reissuing you a new card since it has been compromised) along with the 800 number on the back of the card to store@renderosity.com so we can contact the card issuer and investigate further.

Thanks so much!

Tommy

@Kristi I have replied to your sitemail

My financial Institution had blocked my creditcard, because someone must have copied my creditcardinfo and had tried to use it to buy stuff, my financial institution has seen it at time and blocked my card and stopped the transmission at time, no harm done, they attempt to use my card on November 25, around that time I bought stuff here at Rendo and at Daz and EvilInnocence. They attemp to fraude came from the USA from a giftcenter don't remember which part of USA , I was to much in panic.

toyyaris

Not this again... I was looking forward to purchasing some things here, too. >:(

I am scared now too to buy some stuff, don't know where I have been hacked , I had bought products at 3 different places, here at Renderosity and at Daz and at EvILInnocence, so I have no idea where it happened.I very glad that the fraude could be stopped at time.

I have been hacked also.

I guess I lucked out, because the only 2 days I used my CC instead of PayPal, were on the 21st and 22nd of November, and I just received my CC statement yesterday, and all is good. It's possible they only hit on one day, and not several days during the month.

_______________

OK . . . Where's my chocolate?

Butterfly Dezignz

My CC# got swiped too. Last I bought here was on the 25th of Nov. Got it all worked out, but it was a very tense thing. It's hard to know where it was that the theft occurred, but I do know where it wasn't. Rendo is one of the places I suspect. I've contacted everyone else as well and they're looking into it too.

Laurie

Rendo doesn't store CC info, correct, but last time it was a 'man-in-the-middle' attack that collected the info as you were paying. Are you absolutely sure that could not be happening again?

Yes, Point of Purchase was the problem last time, and it could very well be the cause this time as well.

_______________

OK . . . Where's my chocolate?

Butterfly Dezignz

What's "man-in-the-middle"?

I believe DreaminGirl means, it wasn't on your end, or Renderosity's end (they don't save CC info), but a Point of Purchase is when, somehow, someone steps in between and grabs the information as soon as you click the button to finalize your purchase.

The "man" of course is virtual, and I don't know how they accomplish this type of hacking, but it's been going on for a while now.

_______________

OK . . . Where's my chocolate?

Butterfly Dezignz

I find the way you are trying to push the blame off to Daz very unprofessional, there was no need for staff to include that information in a public thread. Kristi's insinuations that the problem is at Daz not here is really out of order it was totally uncalled for and shows a lack of professional respect.

This is disappointing. I use paypal but am hesitant to buy anything during these times here. Looks like I'll miss out on sales just for safety's sake.

The dust settled, thinking "what a fine home, at least for now" not realizing that doom would soon be coming in the form of a vacuum cleaner.

tparo posted at 9:43PM Mon, 12 December 2016 - #4292503

I find the way you are trying to push the blame off to Daz very unprofessional, there was no need for staff to include that information in a public thread. Kristi's insinuations that the problem is at Daz not here is really out of order it was totally uncalled for and shows a lack of professional respect.

Agreed 100%. BTW, they did the SAME thing last time this happened, in spite of plenty of people telling them that they only used their CC on Renderosity.

Edit: Okay, looking over the posts, I do not see any which said this, weird, I could have sworn that I saw 3 who said that they only used their CC here...

My card was hacked on December 4th. The last time I made a purchase here was September 30th, but it is saved at DAZ and four other stores.

KristiS posted at 7:12AM Tue, 13 December 2016 - #4291989

We did have trouble in the past and we upped everything to the highest security. We do not store credit card information on our servers and we have found a lot of the ones with the trouble have their card stored on Daz's site for the monthly club and or purchases they made elsewhere.

Not storing card information didn't prevent the last breach, so what makes you think that hackers haven't developed tools to overcome your "highest security" (nothing on the internet is 100% secure), and done something similar to last time?

Trying to pass the blame is rather unprofessional, and does nothing to comfort affected individuals. A better response would simply state you don't believe the site was hacked, but will be looking into the matter to find out.

________________________________________________________________

If you're joking that's just cruel, but if you're being sarcastic, that's even worse.

just to add to this: I was hacked as well. This was a brand new card from a new bank account because I had recently switched banks. I used the card here at Renderosity, Hivewire and Propellerheads. My account number was used on 12-3-16 for some small $1 purchases then they used it In France at the Paris Hilton to the tune of $218. Just curious if using PayPal would be safer? Could they not hack into may paypal account and rip me off there?

W10, Ryzen 5 1600x, 16Gb,RTX2060Super+GTX980, PP11, 11.3.740

It's been a long while, but I've had my info stolen from Pay Pal too. Nothing is 100% safe. What I did after this last theft was to get a prepaid debit card that I can load with an amount I'm comfortable with losing should anything happen. I'd rather lose maybe one or two hundred than thousands if it comes to it. They can only take what is left on the card and have no access to your bank account. It's a pain in the ass, but it was the best thing I could come up with.

Laurie

That's why I took out a second checking account specifically for use with PayPal. I never have more than $300 in the account, and I only move $100 at a time to PayPal, so even if they got access to that checking account, they can't get to my main checking account.

_______________

OK . . . Where's my chocolate?

Butterfly Dezignz

so... good i thought of looking here finally... looks like i might have been hacked as well. or anyways, i just happen to have trouble with my debit card right now.

i got this weird sms last night at 3am, with the kinda code you need for contact with your debit card account - however, i didn't touch that card in the last days, maybe 1 week, more, dunno, have to control where/when exactly. then i got another sms from my card company saying something about security and card blocked - then i got an email from them, again security, need to fill a form and send an ID copy to get a new card (which ofc i didn't do!). since my card is empty, nothing got stolen and if someone tried to pay online, they'd hit a wall i guess. i hope!

not knowing if this was phishing or what, like they suddenly changed their rules and got greedy for info - and their hotline costs a fortune plus they suck - i contacted not them directly, but the company who retails those cards instead, where competent people work for a normal phone call price. after 2hrs, they sent me a mail telling me "it was phishing", i should delete sms and mail.

funny is, those who sent me 2 sms and 1 (probably) fake but perfect looking mail had: my full name, my phone nr, my mail addy, and they knew which card i have. i wonder where they got the info from anyway, i.e. who's been hacked - rendo (you do have exactly those infos) or daz (they have those infos too) or rdna (still old phone nr) or content paradise (seems no phone stored) OR the card company itself (they also have full infos)... since i paid stuff in those places in the last month or so...

so now reading this here, i'm not even sure any more the whole thing was really fake, or maybe there really was a security breach... and it seems my card company tried to call me in the late afternoon, i was busy and also didn't pick since i didn't know the number, but i checked it later online, it's them. wonder what they wanted to say.

anyways, when i know more, and if rendo could be involved, i'll write another post.

---

IN THE END, MERITOCRACY HAS NOT ONLY PERMEATED OUR DAILY LIVES AND WORK, BUT ALSO OUR HEARTS, OUR MINDS AND OUR PERCEPTION OF ART...

UPDATE: i have been hacked too, it's definitive. the whole drama described above was actually my ccard company really trying to contact me. they blocked my card - in other words, it's gone, fucked, deleted, finished - because their systems noticed an uncanny transaction (the one at 3am). and since their servers haven't been at fault... IT'S ONE OF YOU GUYS, ONE OF THE 4 BIG 3D SHOPS: RENDO, DAZ, RDNA OR CP, WHO FUCKED UP WITH SECURITY. because i only use this card for 3d schtuff, and i did purchase in all 4 between september and now. according to my banker, my private info was probably not involved, e.g. name, mail etc, since the warning sms/mail came from the bank. luckily (tho' not guaranteed). but ofc, the thieves had my ccard number. luck in unluck, card was empty, so they couldn't steal/buy nada, and trying to was maybe what ticked the bank server security.

anyways, i lost a card that costed me 40$ and was still valid a while :((( if i want to order anything anywhere soon, i'll have to purchase another ccard first. maybe those thieves actually saved me money, hahaha, because right now, I DON'T FEEL AT ALL LIKE SPENDING ANY MONEY ON BUYING A NEW CARD OR SHOPPING AT ANY 3D SITE, SINCE I DUNNO WHOM I CAN TRUST. and even if i wanted to shop, the price of a new card would obliterate my budget for 1-2 months. fuck, way to go just end of the year when there are nice bargains.... :(((

---

IN THE END, MERITOCRACY HAS NOT ONLY PERMEATED OUR DAILY LIVES AND WORK, BUT ALSO OUR HEARTS, OUR MINDS AND OUR PERCEPTION OF ART...

Since the last problem a while back, I put both my CC's on PayPal...and feel VERY SAFE that way! I would NEVER use a cc or worse, a DEBIT card itself... Now.... although I spend too much I am safe.... ;)

Life Requires Assembly and we all know how THAT goes!

Add me to the list of people who have been hacked around the 3rd of December. The only place I had purchased from recently was here.

However my bank did say it is possible for them to autogenerate numbers now but given the number of people who are saying they bought here just before it happening I don't think that is likely.

I too have a credit card with a small amount just for my online purchases...luckily they have credited the disputed transactions but it has meant I've been unable to purchase things recently.

UPDATE: daz support confirmed there has been no breach on their end.

still waiting for an answer from rdna, tho with the hassle they understandably must have with the site closing, dunno when/if i'll get one. contacting CP support is a biatch, not done yet.

---

IN THE END, MERITOCRACY HAS NOT ONLY PERMEATED OUR DAILY LIVES AND WORK, BUT ALSO OUR HEARTS, OUR MINDS AND OUR PERCEPTION OF ART...

There are already people here who stated that they only used their CC on Rendo. And yeah, good luck getting a response from Content Paradise...

wrote twice to the mail addy following twotone's advice

tutone1234 posted at 3:41PM Wed, 21 December 2016 - #4291991

Hey everyone, ...... 3.) If you have used your credit card (not PayPal) to checkout at Renderosity, please contact store@renderosity.com with all of the details, including the date/time you last used your card here, as well as other places you have recently used your card so we can properly investigate the matter as thoroughly as possible.

but both mails bounced back and i got a maildaemon msg - so finally i forwarded ev'thing to admin@renderosity.com. this didn't bounce back. still waiting for an answer though, sent the mail to admin 47 hrs ago... luck in unluck, since i can't purchase anything at all atm - daz has been over-generous and has been offering store-items freebies bunchwise, every day 1 more! counting today, i could pick freely from 4000+ products normally priced up to at least 15$: 1+2+3+4+5 = 15 free store quality items!! (let's say average 7-10$, makes 105-150$ worth!)

while i'm still waiting for someone here to acknowledge my issue, and maybe possibly admit a fuck up, and maybe possibly offer some kind of compensation if it's the case.

---

IN THE END, MERITOCRACY HAS NOT ONLY PERMEATED OUR DAILY LIVES AND WORK, BUT ALSO OUR HEARTS, OUR MINDS AND OUR PERCEPTION OF ART...

I was "hacked" also - right around the time as everyone else. I was also "hacked" a couple of times during the previous Renderosity trouble.

I have spent thousands of dollars at this store, but I am afraid I might never buy here again.

There is a SERIOUS hole in your security and you seem to unable to fix it.

I actually came to the forum to check if there was anything on a HollySmith8 who is following me (blush my first follower; I'm a relative newbie). There is no profile info on her & has no wishlist itmes; "she" joined 20 Dec 2016 and is now following 8089 people. Some kind of tiny url on her page takes one to porn asking if you'd like to share nude photos with "her" (you've been warned).

I was hacked December 5 & temporarily lost money. My last rendo purchase was Nov 26. My card is now gone (replaced). Three interactions were "Donations" (not very helpful) and two were to a crowd funding site. The bank had already caught two and reversed them before I even noticed, which leads me to wonder if my hack and (if there is something going on at Rendo) what is going on at Rendo may have been a coincidence.

sdobson. Similar experience here. I made a small purchase on Dec 3 from Rederosity. Unauthorized charges started the same day. Then a new follower -- CandicePeterson2 -- started following me out of the blue. Her Renderosity join date was Dec 20, 2016 and she reputedly has 7,700 followers. Tiny URL (that I did not click on) on her (assuming it is a her, probably cybercriminals) profile page. Any idea how to remove a follower?

hello Badia01 -- I just searched the forum and as far as I can tell we can only delete notifications manually (there are others who have noticed the follower problem). If anyone knows of a way to remove followers that I have missed, it would be great to learn about it

Badia01 posted at 12:43PM Thu, 22 December 2016 - #4293261

sdobson. Similar experience here. I made a small purchase on Dec 3 from Rederosity. Unauthorized charges started the same day. Then a new follower -- CandicePeterson2 -- started following me out of the blue. Her Renderosity join date was Dec 20, 2016 and she reputedly has 7,700 followers. Tiny URL (that I did not click on) on her (assuming it is a her, probably cybercriminals) profile page. Any idea how to remove a follower?

Thanks, sdobson. I started a new thread to ping the community for similar experiences. This kinda looks like a "Man in the Middle" attack. This Wikipedia article has a description of such malware. https://en.wikipedia.org/wiki/Man-in-the-middle_attack

I had a notification of a follower. I never posted here. I never posted in the galleries. I never did anything but buying products (926, not as much as elsewhere, but quite a bit). Gladfully with Paypal since the last cc-hack.

Your database is hacked.

And no official at Rendo is answering in this thread for 14 days?

I weep for Rendo, and I weep double for the poor vendors here....

Hello,

I am so sorry this has happened to you.

Can you please tell me if you have your card number stored anywhere (Daz, Amazon, etc)?

For all those who have been compromised, since your cards are cancelled now, we will need your credit card details, who the card is through, and the contact details so I can contact them.Please send the information to kristis@renderosity.com

This is so we can work with the bank to get as many details as we possibly can about the charges and try to help find out where the hacks came from..

We have scrubbed ALL files over the last few days and continue to do so to be absolutely certain it’s not us and have not found anything that looks even a tiny bit suspicious.

As of August 2015, we have upped our security to the highest level of security. Files get overwritten with each update (which can be up to 3 times a day), we added the secure https to every web page, we store all files on the cloud so they are not on our database, and we go through paypal to process ALL payments whether it be credit card or paypal.

Warmest Regards, Kristi

Kristi

Community Relations Specialist

This is your life - your platform - your stage - your story  

Kristi -- Thanks for looking into this. Being an on-line merchant is hard in these days of cybercriminals. My card that was compromised was not stored anywhere else, but I use a very low balance debit card for on-line purchases to minimize potential losses. From the comments in this thread, it does not look like an isolated event. A "man in the middle" hacking attack -- where purchases and related info are relayed through a hacker hiding in malware and posing as Rendo -- seems the most reasonable explanation since Rendo does not store cards on its site and all the unauthorized purchases seem to have happened around the same dates. If this is a man in middle attack, (and I have no idea whether that's true) and the man in the middle malware remains undiscovered on Rendo's servers, then wouldn't sending card and personal details to you through e-mail also send it to the hacker?

Kristi -- Just an afterthought. If it was me, I'd start by looking at the source of the bots that appeared around Dec 20 and began following customers with a tiny URL link in their profile and 7-8,000 followers (all Rendo customers??)

I just found out money was taken out of my account by someone else, a month after buying P11 from here (a long wait I know).

I'm I in the same boat as everyone else here?

I do not know where to put this but there is someone named "JenniferBrown7" who followed me and 7064 other people on December 20th. with a tinyurl link in her profile. I think this account should be removed.

Here https://www.renderosity.com/mod/forumpro/?thread_id=2908927

Or here

https://www.renderosity.com/mod/forumpro/?thread_id=2908894

Rendo is currently suffering from a bot plague. Many of the Tinyurl links will send you to porn, so beware if your curiosity gets the best of you.

The business CC and my personal debit card were hit within a week of each other. Bank of America keeps placing holds on any purchases from Rendo (even with the new cards). Fortunately, my debit was hit before the direct deposit hit so they didn't get anything. This is a real pain as I have to take time out to go over to the branch with hard copies to compare to their transaction list. It is slowing down projects to a crawl.

Much as I sympathize with Rendo, the security failed. I am careful regarding CC's. Even if Windows stores the card info on the home system, I always make sure that either numbers are left out or transposed so I have to add or correct them when making the actual purchase. I don't use paypal and I have no social media accounts. It didn't come from DAZ because we use a card there that we do not use here and it is fine. It isn't Amazon because I they were the first merchant I went after. Granted, they didn't get much because LifeLock caught the weird charges on the business card and alerted me but don't put your fail in the cloud. It is in no way secure.

I dont shop at DAZ and my Paypal account is not up to date, but I also got hack and also got a weird message on renderosity to visit a porn site the same day I was hack in rendorosity. My account got charge 3 times on the 19th of Dec, and the girl who send me a private message to look at her porn site joined on the 20th by the name "JennaMakki6"

I do not store password in my computer. and have loads of virus protection.

Please get rid of this follower from my account: I am having the same problem with a follower who I recently discovered and my Credit Card has been hacked twice:

**TiffanyStanley10 **

Please can you ensure she is removed and let me know how I can block this person?

Thanks!

Hi Everyone,

I am very sorry this has happened to all of you, I truly am.

All of our programmers, the VP, and the owner of the company has scrubbed all files, checked all servers, etc and continue to do it daily to be sure there was not any infiltration on our site.

You could have used your card in September and it could’ve taken some time for them to get to your card if they had others.

My husband’s card was hacked 2 weeks before Christmas and the only place he used it was the gas station. The month before that he ordered something online. We aren’t sure if it was from the gas station or an online purchase since they came up with those skimmers or whatever it’s called. Unfortunately, now days, you just can’t be sure it happened right after you used it somewhere. People are coming up with ways to steal card information everywhere and it is terrible.

The ones who came in following people has nothing to do with cc hacks as it was a bot that ran through following 1,000s of members within seconds. They were all found and banned fairly quickly. There was no CC information they could have gotten because it is not stored on our database.

It still looks like their profiles are there however they ARE banned. The programmer is aware of this issue and will fix it as soon as he can.

If you go to your profile and click on “followers” it will pull the list of people following you, click on the “unfollow” button and this will take them off the list. If you do not see where it reads "unfollow" and it reads "follow" or is completely gone from your list, the programmer got to this quickly and they are no longer on your list at all.

Kristi

Community Relations Specialist

This is your life - your platform - your stage - your story  

I see, vou deleted my post regarding the non-functional ssl-implementation. It's still un-functional: open Firefox with no-script, allow only renderosity.com and ajax.googleapis.com, whose java-scripts are essential for this site to function, goto https://www.renderosity.com/mod/forumpro/?thread_id=2908517&page_number=2 (this thread) in the address-line and then click on the ssl-indicator left of the address: connection is not safe. I don't do this to blame you or someone else, but for more security on sites where I spent money.

Kentauros posted at 1:56AM Fri, 30 December 2016 - #4293917

I see, vou deleted my post regarding the non-functional ssl-implementation.

I'm sorry: this part of my posting is simply wrong; the posting ist still there. There are so many threads regarding the bot-following-problem that I lost the right thread. The bots are simply using the who's-online-functionality of this side (not that I like it, but that's not a security problem per se).

The rest of my posting regarding the Firefox-ssl-warning remain.

This has happened to me a few weeks ago and now I am to affraid to buy from here. I was lucky my bank picked up on it, but someone had a great time with £ 180 of my money. The money was put back by my bank but my trust has gone out of the window and I am to affraid to buy any products from here so I would have loved to buy one item I had my eye on.

My tip is to always keep on checking your bank accounts after spending money , my card was only used here for the purpose of buyiing 3D products.

I never have my CC stored anywhere because I am super careful.

As I said, I am now to affraid to buy anything from here and that is very sad indeed as I spend quite a lot of money here over the years. :(

@Raindroptheelf - are you saying you have not used your card at any time at any other online Marketplace or anywhere locally such as for food, gas, etc?

I am assuming the bank sent you a new card, is this an accurate statement?

Kristi

Community Relations Specialist

This is your life - your platform - your stage - your story  

I use CCs for over 25 years and "thankfully" I got only hacked three times in the last years. Do you know what all the hacks had in common? Shortly after I used my card at Renderosity I got hacked... Coincidence?

The first one I had used at some major sides, so Rendo gets the benefit of the doubt (even if I don't think Amazon or Adobe have failed). The second one from last year was finally confirmed by Rendo after weeks of denial. The third one from this year points directly to Rendo because the CC was used for nearly one year exclusively only at Rendo.

So what does it mean for me?

I do believe Rendo does a lot for security but in my opinion this site has some serious security issues and I am not willing to take another hit by hackers. It is not worth the time and effort you have to spent to sort all of this out again after the next hack.

There are some nice vendors here and I spent quite a few thousand dollars on their products over the years but I simply can't buy here any longer. Sad for me, sad for the vendors, sad for Rendo but I can spent my money someplace else.

Unfortunately, there is not a way for us to be able to prove it was not us whose system was infiltrated this time as I really wish there was.

The only think I can say is everything I have been. I have received a few people's information and called their financial institutions and it was confirmed they HAVE used their card other places besides Renderosity.

We will continue to keep our system and our members as secure as we possibly can.

Warmest Regards,

Kristi

Community Relations Specialist

This is your life - your platform - your stage - your story  

Fredy, you've been an amazing customer over the years... and just know you can note me for anything you want from my store. :) (hugs)

Also, I always use paypal to shop here and have never had a problem.

Renderosity Store :: Daz3D Store :: Facebook

Well looks like the card I use here has been abused too, dec 5. 2016, where there is a transaction from Sweden I don't recognize. Apparently my bank or VISA discovered it the day after, as the amount has been refunded. They did not inform me though which I've just sent a complaint about.

The card has been used almost exclusively at Renderosity and only a couple of times at other places (not DAZ AFAIR) since I got it some months ago but currently I can't see all the transactions, apparently because of a technical problem, so I'll have to look into that later.

Security is top level here, with Avast Internet Security, Malwarebytes, Zemana anti-keylogger and encrypted password manager.

KristiS posted at 1:04AM Tue, 03 January 2017 - #4293980

@Raindroptheelf - are you saying you have not used your card at any time at any other online Marketplace or anywhere locally such as for food, gas, etc?

I am assuming the bank sent you a new card, is this an accurate statement?

This card I ever only used here for renderosity purchases. Yes, my bank blocked that card and send me a new one. Petra

Sabby posted at 10:32AM Tue, 03 January 2017 - #4294083

Fredy, you've been an amazing customer over the years... and just know you can note me for anything you want from my store. :) (hugs)

Also, I always use paypal to shop here and have never had a problem.

I think PayPal is safe yes because of the way it works, I've used it for many years in lots of different places and never had any problems.

To the admin, please check on this. Google Chrome is telling me this about Rendo:

Obsolete Connection Settings The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).

Obviously something is not right with the site https settings.

Definition of Key exchange: RSA public key exchange is an asymmetric encryption algorithm. RSA can be used with digital signatures, key exchanges and for encryption. The RSA algorithm addresses the issue which the Diffie-Hellman algorithm is known for, by providing authentication as well as encryption.

LaurieA,

Can you please provide a screenshot of that message and the url of the page you are receiving that on? We are aware that one of our advertising providers is sending through some ads via http rather than https, which causes some confusion about site security at times. We are working with them to get this resolved at this time.

We are getting a different message from Google Chrome regarding TLS and the RSA key that states as follows:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Thank you,

Tommy

tutone1234 posted at 7:42PM Wed, 04 January 2017 - #4294330

LaurieA,

Can you please provide a screenshot of that message and the url of the page you are receiving that on? We are aware that one of our advertising providers is sending through some ads via http rather than https, which causes some confusion about site security at times. We are working with them to get this resolved at this time.

We are getting a different message from Google Chrome regarding TLS and the RSA key that states as follows:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Thank you,

Tommy

You must have changed something because now it's showing as secure, so ya did something right ;)

It's in every chrome browser to the left of the web address...there's either the word secure with a closed padlock icon or there's an exclamation point inside a circle. When you click on the icons, it gives you info on what's not secure on the site and what not to share or risk it being seen by others, etc. Right now, it's looking good, but yesterday it was the exclamation point inside the circle on this page.

Laurie

Yes - we have seen the exclamation point display, but that was only in the case where some ad images were being delivered via http instead of https. We have never seen any warnings regarding the RSA key as you mentioned. Ad images and other images being delivered via http would not have caused any issue with the RSA key either.

Tommy

tutone1234 posted at 9:28PM Thu, 05 January 2017 - #4294407

Yes - we have seen the exclamation point display, but that was only in the case where some ad images were being delivered via http instead of https. We have never seen any warnings regarding the RSA key as you mentioned. Ad images and other images being delivered via http would not have caused any issue with the RSA key either.

Tommy

Just telling you what it said. I didn't make the stuff up...lol. In fact, I didn't even know what an RSA key was until I looked it up.

Laurie