Jump to content


Photo
- - - - -

Chaosium site insecure?


  • Please log in to reply
158 replies to this topic

#141 WiseWolf

WiseWolf

    Lesser Servitor

  • Old Patron
  • PipPipPipPipPip
  • 1,720 posts

Posted 15 June 2011 - 06:26 PM

There is a simple reason of why Chaosium is not sending their customers an "apology", because it will be to accept that the hits on the customers CCs was their fault, and this can result on the CC companies and all the customers suing Chaosium. Not very smart. Smart was to fix the issue saying they were having difficulties. I don't blame them for not apologizing, however they are to blame for letting this happen in the first place.
"For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack”

Listen to us playing in Skype of Cthulhu


Log in to remove this video.

#142 galaga88

galaga88

    Master

  • Member
  • Pip
  • 47 posts

Posted 15 June 2011 - 07:06 PM

There is a simple reason of why Chaosium is not sending their customers an "apology", because it will be to accept that the hits on the customers CCs was their fault, and this can result on the CC companies and all the customers suing Chaosium. Not very smart. Smart was to fix the issue saying they were having difficulties. I don't blame them for not apologizing, however they are to blame for letting this happen in the first place.


Except not disclosing such a breach is a violation of California's data breach notification laws. Not telling customers so they can avoid liability is rightfully illegal. And morally disgusting.

#143 WiseWolf

WiseWolf

    Lesser Servitor

  • Old Patron
  • PipPipPipPipPip
  • 1,720 posts

Posted 15 June 2011 - 07:15 PM

Except not disclosing such a breach is a violation of California's data breach notification laws. Not telling customers so they can avoid liability is rightfully illegal. And morally disgusting.


Fair enough, galaga. I am just saying, don't expect an apology.
"For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack”

Listen to us playing in Skype of Cthulhu

#144 Taavi

Taavi

    3-Dimensional Shambler

  • Patron
  • PipPipPipPip
  • 886 posts
  • LocationPnakotus, Australia

Posted 16 June 2011 - 05:05 AM

In the latest email:
"Chaosium e-minions have been doing some work within the non-euclidian cloud that is our website. Among the issues we addressed:

We enabled a new, secure, credit card processing system that is PCI-compliant. PCI-compliance is an information security standard for organizations that handle cardholder information for the major debit, credit, and prepaid cards. Defined by the Payment Card Industry Security Standard Council, the standard was created to increase controls around cardholder data to reduce credit card fraud.

We make sure that the entire transaction, from the time you begin the check-out process to the end, is encrypted.

We updated our shipping module to stay in-step with the current software."

HOPEFULLY this will deal with the pirates.
"Brainstorming DG/COC things without you would be like trying to hunt badgers with a borzoi." - Panchakahq Avatar from Habitica.com. RPGamify your life today!

#145 GHill

GHill

    Lesser Servitor

  • Old Patron
  • PipPipPipPipPip
  • 1,146 posts

Posted 05 July 2011 - 09:50 AM

So the important thing I guess is has anyone used the site since these updates?

#146 WiseWolf

WiseWolf

    Lesser Servitor

  • Old Patron
  • PipPipPipPipPip
  • 1,720 posts

Posted 05 July 2011 - 02:09 PM

So the important thing I guess is has anyone used the site since these updates?


I did, using Paypal again, and again, I didn't have any problems.
"For the strength of the Pack is the Wolf, and the strength of the Wolf is the Pack”

Listen to us playing in Skype of Cthulhu

#147 yockenthwaite

yockenthwaite

    Breakfast Clubber

  • Patron Premium
  • PipPipPipPipPip
  • 1,309 posts
  • LocationDundee, Scotland

Posted 05 July 2011 - 02:29 PM

I did, using Paypal again, and again, I didn't have any problems.


Me too. And since my credit card was nobbled after a Chaosium purchase last November that took quite a leap of faith. But PayPal payments work well IME :)

#148 Flock Of Panthers

Flock Of Panthers

    Keeper of the Silver Gate

  • Member
  • PipPip
  • 79 posts

Posted 07 July 2011 - 02:08 PM

So, does it seem safe? I do so desperately want to order the 30th Anniversary edition...

#149 merdraut

merdraut

    Community Patron

  • Patron
  • Pip
  • 25 posts

Posted 07 July 2011 - 02:13 PM

It's difficult to tell credit card wise, but if you're happy using Paypal that should be fine. I'm not a fan of paypal but it does the job, your details don't go to the Chaosium site so it bypasses any potential problems.

#150 Flock Of Panthers

Flock Of Panthers

    Keeper of the Silver Gate

  • Member
  • PipPip
  • 79 posts

Posted 07 July 2011 - 02:23 PM

Thanks! The distinction is greatly appreciated, I'll be ordering it in the morning.

#151 yockenthwaite

yockenthwaite

    Breakfast Clubber

  • Patron Premium
  • PipPipPipPipPip
  • 1,309 posts
  • LocationDundee, Scotland

Posted 07 July 2011 - 02:35 PM

I just ordered ($125 free shipping, including the 30th Anniversary edition) and paid by PayPal. Seemed fine. I was quite happy. And I have been nobbled before :)

#152 merdraut

merdraut

    Community Patron

  • Patron
  • Pip
  • 25 posts

Posted 07 July 2011 - 02:42 PM

Thanks! The distinction is greatly appreciated, I'll be ordering it in the morning.


Happy to help, that's what paypal is for, ordering when you're uncomfortable transmitting your details in the wild.

#153 AcesandEights

AcesandEights

    Knight of the Outer Void

  • Old Patron
  • PipPipPip
  • 277 posts

Posted 02 March 2012 - 04:02 PM

Any follow up/new impressions from anyone on the sites security since the upgrade?

With the Gaslight pdf sales and free US shipping for orders over $60, I was thinking of dipping my toe back in.

#154 merdraut

merdraut

    Community Patron

  • Patron
  • Pip
  • 25 posts

Posted 02 March 2012 - 04:18 PM

Any follow up/new impressions from anyone on the sites security since the upgrade?

With the Gaslight pdf sales and free US shipping for orders over $60, I was thinking of dipping my toe back in.


I haven't heard anything since the update, which I think is a pretty good sign, haven't tried it myself though. As much as I loathe endorsing paypal, if you use that to pay, you should be fine (provided you don't use your paypal password elsewhere).

#155 Zadok21

Zadok21

    Master

  • Member
  • Pip
  • 18 posts
  • LocationNew England

Posted 06 April 2012 - 11:55 PM

Well, this comes as a surprise to me. I've been a loyal Chaosium customer for ages. I just purchased the MRP More Adventures in Arkham Country and New Tales of the Miskatonic Valley along with Cthulhu by Gaslight. And then stumbled across this thread......so here's hoping all is well with the Shipping Shoggoth.
"All hope abandon ye who enter here." Dante Canto III

#156 merdraut

merdraut

    Community Patron

  • Patron
  • Pip
  • 25 posts

Posted 07 April 2012 - 12:07 AM

I feel somewhat bad that this keeps cropping up now, admittedly there may have been a problem in the past, but their new cart seems to be secure and fully functional.

Sent using dark forces and my phone

#157 patrick1971

patrick1971

    Knight of the Outer Void

  • Old Patron
  • PipPipPip
  • 179 posts

Posted 07 April 2012 - 01:26 AM

I haven't heard anything since the update, which I think is a pretty good sign, haven't tried it myself though. As much as I loathe endorsing paypal, if you use that to pay, you should be fine (provided you don't use your paypal password elsewhere).


This was started 18 months ago when a bunch of people had issues, since then Chaosium have improved security and no one has had issues for a while, so I assume it's as safe now...

#158 Zadok21

Zadok21

    Master

  • Member
  • Pip
  • 18 posts
  • LocationNew England

Posted 07 April 2012 - 01:44 PM

I'm sure it is ok. I just get very paranoid when it comes to online purchases. I really wish it wasn't an issue anywhere. Hacking and such really upsets me.
"All hope abandon ye who enter here." Dante Canto III

#159 wombat1

wombat1

    Lesser Servitor

  • Old Patron
  • PipPipPipPipPip
  • 1,886 posts

Posted 07 April 2012 - 07:41 PM

The Chaosium site allows you the option of putting the order together on-line, printing it out, and paying by good old fashioned check. I did this once when I had a gift certificate voucher and wished to run over it a bit. It worked just swell. Since it seems that e-commerce is likely to be compromised at odd and irregular intervals (wasn't there just a hacking episode in New York City last week?) the best solution if there is ever the least doubt is to make the money move by snail mail as much as possible.