Jump to content
Sign in to follow this  
erickdredd

Chaosium site insecure?

Recommended Posts

yockenthwaite
Perhaps those of you who've contacted them and received no reply should let them know about this thread. If they realise how bad it looks they might post here or something!

 

I included a link to this thread in the 2 emails I sent on 30th November ...

Share this post


Link to post
Share on other sites
yockenthwaite
I'll say that I did contact them and received a reply that they are working on the issue. I don't feel comfortable saying more than that, but suffice to say they are dealing with the issue.

 

Thanks :)

Share this post


Link to post
Share on other sites
Xipuloxx
I included a link to this thread in the 2 emails I sent on 30th November ...

Ah, fair enough then. Though perhaps they haven't looked here and don't realise how many people are reading about it, and how it's affecting their reputation.

 

Also thanks to trevlix for the info that they are actually looking into it, it's just a shame they couldn't announce that here!

 

btw (and off-topic) to yockenthwaite: I believe we've met before on a certain Doctor Who forum. I'll just say "Dark They Were, And Golden-Eyed"! ;) Did it turn out to be the story you were looking for?

Share this post


Link to post
Share on other sites
yockenthwaite
btw (and off-topic) to yockenthwaite: I believe we've met before on a certain Doctor Who forum. I'll just say "Dark They Were, And Golden-Eyed"! ;) Did it turn out to be the story you were looking for?

 

Yes that's me :) I have the book with the short story in beside my chair. It's the right one.

Share this post


Link to post
Share on other sites
K_Peterson

Has anyone who used Paypal at the Chaosium store been hit by fraudulent charges? I've been checking my Paypal and bank account daily, over the past week, and haven't seen anything suspicious yet.

Share this post


Link to post
Share on other sites
WiseWolf
Has anyone who used Paypal at the Chaosium store been hit by fraudulent charges? I've been checking my Paypal and bank account daily, over the past week, and haven't seen anything suspicious yet.

I used Paypal, no hits.

Share this post


Link to post
Share on other sites
patrick1971

Not yet... Putting in another order January, we'll see if anything happens then. But I will always use paypal from now on... and change my password once I'm done

Share this post


Link to post
Share on other sites
Arquebus

I got hit in the beginning of May this year after purchasing from various, online stores, including Chaosium and the again this fall on a cc only used once on, you guessed it, Chaosium.com. Emailed them and got no reply. Good thing this has come to the ligth of day here on the forum.

 

just have to say one thing to the public: DO NOT USE YOUR CREDIT CARD AT CHAOSIUM.COM

Share this post


Link to post
Share on other sites
Sefton

Ok I was also wondering how I got hit, but now I suppose I do have an answer. Sad :(. Second time this year I have to change my credit card.

Share this post


Link to post
Share on other sites
TheHistorian
Has anyone who used Paypal at the Chaosium store been hit by fraudulent charges? I've been checking my Paypal and bank account daily, over the past week, and haven't seen anything suspicious yet.

 

One person said they had, but that shouldn't really be possible, so I don't quite get it. My recent purchase of MoN hc was via paypal and I've had no problems.

Share this post


Link to post
Share on other sites
Frank2769

I had three unauthorized transactions (attempts to steal money directly from my bank account) at my Paypal account after using making a purchase recently at Chaosium's site. At this point I believe that my pc was hacked (damn dirty virus) and that's how the culprit was able to hack my Paypal account (and lock me out of it as well). The frustrating thing is Paypal was seemingly impotent to restrict my account throughout all this misery. They did put a block on it but the crook was able to get around it and do it to me again. :(

Share this post


Link to post
Share on other sites
PoC

A PayPal Security Key may be worth getting hold of, for additional security. It would make a compromised computer far less prone to PayPal exploitation.

Share this post


Link to post
Share on other sites
sunkzero
A PayPal Security Key may be worth getting hold of, for additional security. It would make a compromised computer far less prone to PayPal exploitation.

 

Android phone users can download a free app from the Market called Verisign VIP Access - this can also be used as a Paypal Security Key without the need for an extra widget to keep hold of.

Share this post


Link to post
Share on other sites
Frank2769

They sent me a Paypal Security Key. Going to try it as soon as this mess is cleaned up (in my account). Thanks for the suggestion!

Share this post


Link to post
Share on other sites
TheHistorian
Android phone users can download a free app from the Market called Verisign VIP Access - this can also be used as a Paypal Security Key without the need for an extra widget to keep hold of.

 

There is an iPhone version as well.

Share this post


Link to post
Share on other sites
Af

This reply was sent to me from Charlie Krank at Chaosium.

 

"Hi,

 

I have seen the threads on the various sites. I spent some time fussing with our server providers and with the guys who provide our e-commerce software. After much chatter and investigation each, essentially, told me to talk to the other guy.

 

I found a fellow conversant with our cart software, and he looked into the whole issue, and into how we can improve our security.

 

He went and replaced various modules to cure the problem, and then had me change various FTP passwords for folders we use to send files to authors, artists, and licensees.

 

I am investigating what further steps we can take to enhance security. This may include moving our site to another provider.

 

We at Chaosium appreciate the messages and concern of our customers. We take our web security seriously, and will do whatever we can to improve it.

 

 

In Sanity,

 

 

Charlie Krank

President

Chaosium Inc."

Share this post


Link to post
Share on other sites
StephanieMcAlea

I'd frame that.

 

;)

Share this post


Link to post
Share on other sites
erickdredd

Whatever they're doing to upgrade security... they still don't have https at the account login screen or the checkout page. That is the first and most glaring problem I see, regardless of any other upgrades they perform.

Share this post


Link to post
Share on other sites
trevlix

While I agree on the need for SSL (especially since they do have the cert), I can almost guarantee it has nothing to do with the recent compromises.

Share this post


Link to post
Share on other sites
Fallorn

Well, I just got hit this morning for $900 in charges to the apple store. (I am a die-hard windows/linux man, so it kinda stood out). My last purchase from chaosium was over the thanksgiving weekend for secret shoggoth. I am presuming they are related. I have replaced my card and numbers, and will be opening an investigation into the charges in the next couple of days (need to wait for the charges to finish posting to contest them apparently). I hope that Chaosium gets their security act tightened up as promised.

Share this post


Link to post
Share on other sites
FunGuyfromYuggoth
I'd frame that.

 

;)

 

LOL!

Share this post


Link to post
Share on other sites
Af

Has anyone bought something from chaosium recently without follow up credit card problems?

Share this post


Link to post
Share on other sites
patrick1971

My gut would be to use paypal until Charlie or someone in Chaosium confirms that all the new safeguards are in place...

Share this post


Link to post
Share on other sites
Dyvim_Matt

Hi,

 

I don't know how useful this will be, but I bought some BRP monographs during the Thanksgiving sale, paid by credit card, and I've had no problems since then.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.