Jump to content

Ongoing Discussions Regarding Transformers Collectors Club Security Breach Thread: Update: Breach Occurred, Cancel Cards, Change Passwords


Overbite

Recommended Posts

  • Replies 58
  • Created
  • Last Reply

I received this email from TFCC Friday & thought I would share it here! As a victim, I find it as too little too late. Not only was my credit card breached, my PayPal account was as well, which leads me to believe not only was credit card info stolen, password info as well!

 

Wow,the security breach was a lot worse then I ever imagined it was. I thought paypal members didn't get hacked because paypal takes it's members to a exclusive/secondary paypal site to complete the payment buying process.

 

if paypal members got their info hacked. then I can only think of a few scenarios how this happened. (1)at some point the TFCC site had a download file that all members had to download. this download file was full of adware,pop up or/& key loggers. (2)The TFCC site itself since it was reported to be on google serves. got hacked,has open back doors. the hackers were able to look at members info because they had access to owner/administrator files. (3)Those paypal members who got their paypal accounts hacked. must of had the same exact log in user name & password that they use for both the TFCC site & the paypal site.

 

Personally,The TFCC apology is fruitless/nothing. Because TFCC/Fun in the Apology letter didn't mention two major things: (1)"Sorry,were going to be re-imbursing everyone's credit card money that got stolen by the hackers." (2)TFCC said in the Apology that tracing the hackers is too hard to do. this basically means in un-written words: "We don't have the spare cash nor spare time to look into this matter. we can't afford to waste any money nor time on hiring/paying for the people/companies that specialize in tracing hackers,putting them to justice & trying to recover members stolen money from these hackers.

Link to comment
Share on other sites

I believe these jackholes are the ones that recently pillaged my gmail account. Because I appear to have accidentally used the same password for my TFCC account and Gmail account.

 

 

So I suppose the club AND their processing company was hacked, unless of course funpub thought it would be alright to just store our credit card numbers in a unencrypted file on their server. Which wouldn't surprise me considering how lazy and backwater they are with everything else they do. For example, their forum software has to be the same one they originally installed in the 90's when they first made the club website. Which is probably how the hackers got in, because anyone with common sense knows that the older software gets "especially web forum software" the more exploits are found by hackers.

 

I'm sorry but I just cant trust these guys anymore. No I will not mail you a check, because you would just "misplace" it, and while limited, crooks can still do some sinister s*** with your account and routing number. If Funpub wants me to ever resubscribe they will offer paypal checkout, as its the only sure fire way to prevent this type of crap from happening.

Link to comment
Share on other sites

I received this email from TFCC Friday & thought I would share it here! As a victim, I find it as too little too late. Not only was my credit card breached, my PayPal account was as well, which leads me to believe not only was credit card info stolen, password info as well!

 

Wow,the security breach was a lot worse then I ever imagined it was. I thought paypal members didn't get hacked because paypal takes it's members to a exclusive/secondary paypal site to complete the payment buying process.

 

if paypal members got their info hacked. then I can only think of a few scenarios how this happened. (1)at some point the TFCC site had a download file that all members had to download. this download file was full of adware,pop up or/& key loggers. (2)The TFCC site itself since it was reported to be on google serves. got hacked,has open back doors. the hackers were able to look at members info because they had access to owner/administrator files. (3)Those paypal members who got their paypal accounts hacked. must of had the same exact log in user name & password that they use for both the TFCC site & the paypal site.

 

Personally,The TFCC apology is fruitless/nothing. Because TFCC/Fun in the Apology letter didn't mention two major things: (1)"Sorry,were going to be re-imbursing everyone's credit card money that got stolen by the hackers." (2)TFCC said in the Apology that tracing the hackers is too hard to do. this basically means in un-written words: "We don't have the spare cash nor spare time to look into this matter. we can't afford to waste any money nor time on hiring/paying for the people/companies that specialize in tracing hackers,putting them to justice & trying to recover members stolen money from these hackers.

 

haha. who has ever willingly done this?! Everyone's bank should be FDIC insured so if something like this happens, you get reimbursed. My card was used twice, a week apart, and my bank reimbursed me for both transactions. It's "temporary" as they research it. I called fraud the after the first fraudulent use, and had my card cancelled. not sure how the second transaction went through. i keep an eye on my financials daily.

Link to comment
Share on other sites

As the release stated, nobody should be out on money here. As long as you report to your credit card/bank account in a reasonable time, the bank will reimburse you with no problem.

 

I don't believe FunPub willingly did this (and you shouldn't either) and Brian provided a reasonable explanation as to why they were not reasonably forthcoming about the breach.

 

Let this ride its course, and as Brian did say, nobody should be out on money on this. Keep a close eye on your financials (check once a week on your respective bank/credit card accounts should suffice) just to make sure that everything is in order. If not, please report to the respective site.

Link to comment
Share on other sites

So I suppose the club AND their processing company was hacked, unless of course funpub thought it would be alright to just store our credit card numbers in a unencrypted file on their server. Which wouldn't surprise me considering how lazy and backwater they are with everything else they do. For example, their forum software has to be the same one they originally installed in the 90's when they first made the club website. Which is probably how the hackers got in, because anyone with common sense knows that the older software gets "especially web forum software" the more exploits are found by hackers.

 

Its unfortunate that Authorize.net does not provide (or most companies do not purchase) and end-to-end solution for processing payments. There are two sets of data required to log into an Authorize.net merchant account and one of them can be found in the website code. I've not understood this myself. Either way, if Authorize.net got hacked, you'd find that way more companies than TFCC (MasterCollector) were complaining of problems with their credit cards and banks. Honestly, I'd figure the hackers got in through MasterCollector's auction website, that would be my guess.

 

Either way, its hard to blame "hackers" on this type of situation, since it is also the company (MasterCollector) that had made some bad decisions regarding securing their website.

Link to comment
Share on other sites

I'm not laying blame to FunPub (not yet anyway) bwbm. I just want to let people know that not only has credit card information been compromised, password information as well. I take responsibility for that. I thought I change the alpha/numeric on my TFCC password, but it turned out to be the same as my PayPal password! My credit card has been cancelled & replaced. My PayPal account however, has been locked! Thanks to smartphone technology, I was able to see my emails from PayPal, warning me of what was taking place. Had I relied upon my laptop, I wouldn't have been aware of what was going on until today. Because this was happening almost instantaneously while I was conversing with PayPal security, they feel pretty confident of tracking this individual/individuals!

Link to comment
Share on other sites

As the release stated, nobody should be out on money here. As long as you report to your credit card/bank account in a reasonable time, the bank will reimburse you with no problem.

 

I don't believe FunPub willingly did this (and you shouldn't either) and Brian provided a reasonable explanation as to why they were not reasonably forthcoming about the breach.

 

Let this ride its course, and as Brian did say, nobody should be out on money on this. Keep a close eye on your financials (check once a week on your respective bank/credit card accounts should suffice) just to make sure that everything is in order. If not, please report to the respective site.

 

The font in bold is key. Every bank is different. If you're fortunate enough to have a 'zero fraud liability' card like Capital One, then it's relatively simple. If you get a bank that's more anal, they might require a police report to be filled out so that it's being 'investigated'. That form could take up to 45 days to get, assuming the police department will file it. Since 99.9% of those affected don't live in the same city that Fun Publications (or their processor) does business in, that could be a challenge. If it was a bank debit card... well, prepare for a tug of war.

 

Take it from a person who had to deal with a stolen wallet 3yrs ago. I was fortunate enough that the thieves only tried to use one card before I shut everything down and that one card was Capital One. They took care of everything for me without an issue. Capital One still wanted a polcie report on the back side, and getting that report from my local police department took 30 days.

Link to comment
Share on other sites

I'm not sure why this hasn't been posted already. But it appears the club will not get the online store back online until well after the registration period is over.

 

The Club has issued a pdf file on their website that current and new subscribers can fill out and mail in to sign up for the club. For payment they will only take checks or money orders. If you live in the US the club suggests you have the letter postmarked by the 8th at the latest. If your a international member it needs to go out by THIS WEEK.

 

Also before anyone asks...

 

-No, they do not take paypal and have no plans to take paypal, no matter how inconvenient it is to international subscribers and members that wish to use a credit card.

-No, they cannot delay the due date to subscribe.

-No, they will not take suggestions on how to fix this.

-Yes, the cost of membership has went up and you must use the pdf file to properly fill out your application.

-Yes, they expect international customers to pay extra for a money order and rush shipping to get it to them by the due date.

-Yes, FunPub considers bubble wrap to be a rare variant of gold and charges for it accordingly.

 

 

The club staff has also went on to state that getting the free figure from the shop will be extremely difficult, so were faced with either sending in a check, fighting for it on the club store, paying a scalper on ebay, or just doing without. Although I dunno why since the whole point of the cuttoff is because they need a hard number to order enough figures. So why they cant order extra is beyond me. :shrug

 

 

Anyways, to get to the form simply go to the clubs site and click the "join now" link in the upper right corner. The PDF should load, and all you gotta do is print it, fill it and a check out, sign the check, and mail it in.

 

ALSO A WORD OF ADVICE!

 

If you do not think your membership will arrive and be processed to meet the deadline on the 16th then DO NOT SEND IT IN! You see there is a interesting stipulation that your membership ends a week before the date you originally subscribed. For example I signed up on the 16th last year, but my membership ends on the 8th of this year. A whole week before the march 16th cutoff.

 

So basically the club can screw you out of this years AND next years figure if you get signed up between the 17th and the 22md. This has apparently happened quite a bit and is a constant problem this year, what has happened is the members did not get signed up by the 16th due to store errors and ect, and made the mistake of signing up between the 17th and 22nd of last year. So now the club is telling them that their membership is not eligible for this years free figure because it ends before the 16th, despite the fact they did not get last years figure either due to them signing up after the 16th.

 

 

 

 

 

---------------------------------------------End of Major News---------------------------------------------

 

 

 

 

Also has anyone else seen some of the comments posted on other sites about this same subject? Its quite comical to say the least, especially since Pete is just digging a deeper hole for funpub through his mulish attitude and continuous prodding of already irate members. Needless to say this years botcon Q/A will be reaaaaaally interesting. I have a feeling Hasbro will take action over Funpubs handling of this either through a severe chewing, or by pulling the license from Funpub completely. That's just my 2 cents though.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


  • Posts

    • I'd like to put something into perspective about this set which is further strengthened by the recent leaks. First: This is TARGET's fault this happened, not Hasbro's. Why? Because they're the ones who cancelled the single release to begin with. Just like Walmart cancelled  "pink" Hot Rod in the Velocitron line.  Second: If Hasbro didn't do some sort of multipack for this, Hound wouldn't have been able to come out at all until possibly late 2025. How do I know this? The recent leaks that show that Crasher, Cosmos, Galaxy Shuttle and possibly Shadowstrip and the aforementioned Hot Rod (and hopefully Sideswipe, Mirage, Jazz and Dead End from Toxitron as well) as all being reissued sometime in 2025. It would've taken another year and a half to two years for Hasbro to try and course correct since that's about how far they plan in advance. If Hasbro not done this five pack then the earliest we would've been able to get Hound was 2025. I don't think the crybabies would've been able to wait that long. There's already people crying about having to wait that long for SS Hatchet as it is. That's the quickest they could've course corrected for the main lines. That is however what Generations Selects is for but I would imagine it couldn't have happened any earlier than this due to the licensing issues or whatever's going on that prevents Hasbro from using and/or reissuing new toolings and decos from store exclusives sooner. So there's a lot of behind the scenes stuff going on with this set. Or rather, Hound in particular. However and as others have pointed out over the internet, this didn't need to be a five pack. In all honesty, five packs are a bit much. Even four packs like the Buzzworthy ones were a bit much. Three packs should be where most multipacks should top out at provided there's no actually reason for four or five to be in a set like if they're a team or combiner or something. This should've been two-three packs by adding in Sideswipe as he also has translucent plastic. Then go from there with more. Bumblebee, Prowl, Bluestreak, Red Alert, Smokescreen, Hoist and so on can join these five, Sideswipe and Buzzworthy Cliffjumper in the blue painted window crew.  I'm not saying we should suck the dick of the great and powerful Hasbro for this or anything as it could've and should've been done better, I'm just saying that it's a lose/lose situation for them and that the vast majority of the hate should be directed at Target...and ultimately the fans for not having bought the previous Buzzworthy sets. However whoever designed some of them should get a lot of the blame too as some of them where badly timed, even if I do own all of them and wanted to own them. Terrorsaur did need to be reissued, Dinobot not so much even in toy colors for both. Tow-Line was a horrible mold reuse and the poor sales showed it. Origins Jazz was great. Bumblebee, maybe not quite as much. The four packs were great as well. But then that was counterbalanced by the horrible Cyberverse 1:1 reissues that had their Cyberverse counterparts also clogging shelves at the same time but hey, at least there's different packaging. It's just that there were big hits and big misses and barely anything in the middle. Had Hound and Hatchet gone through as planned, I would expect them to have sold poorly honestly. The only reason why people seem to be clamoring for them now is that they're two years late at this point and one is still another two years away. Were there people excited for them? Sure. However there seemed to be more who couldn't care less. And I'm sure that would've been reflected in the sales. So Target was right for cancelling them even if their shitty stocking and listing practices caused most of the wild sales discrepancies of the Buzzworthy Bumblebee line as a whole. But yeah, I see a lot of GoBots here lol.  
    • Back in the day, Takara's World's Smallest Transformers surprised everyone with their 2-inch Gashapon (capsule toys) sized figures that could actually transform from robot to vehicle. They even managed to make a transforming trailer and repair bay / command center, with tiny Roller for the Autobot Leader, when he needed to recharge. - Read the Full News Story
    • It is that time of year again for Walmart Collector Con 2024 Spring! This year's exclusives event will being going on March 14 & 15, 2023 with various reveals coming on both days. There will be a Sneak Peek starting on March 7th, that may give us some clues. If the leaked listings are any predictor, we could be seeing the Star Seekers capsule series with a cast of pirate characters including Cannonball, Ferel, Filch, Lockdown, Roadpig, and Thundertron figures, see possible listings below. - Read the Full News Story
    • The Missing Link line attempts to answer the question, "What would Generation One toys look and feel like with modern articulation?" With Convoy/Optimus Prime, the answer is fantastic. C-01 and C-02 feel like the original toy, with diecast metal, and rubber tires, it's nearly impossible to see any differences from the original toy. It's the transformation and robot mode that reveals all the new work, articulated hands and wrists, hips and feet. while I find the waist articulation limited and the ab crunch rather useless, it's impressive that they were included. The 40th anniversary of the Transformers brand is off to an excellent start.  
×
  • Create New...
Sign Up For The TNI Newsletter And Have The News Delivered To You!


Entertainment News International (ENI) is the #1 popular culture network for adult fans all around the world.
Get the scoop on all the popular comics, games, movies, toys, and more every day!

Contact and Support

Advertising | Submit News | Contact ENI | Privacy Policy

©Entertainment News International - All images, trademarks, logos, video, brands and images used on this website are registered trademarks of their respective companies and owners. All Rights Reserved. Data has been shared for news reporting purposes only. All content sourced by fans, online websites, and or other fan community sources. Entertainment News International is not responsible for reporting errors, inaccuracies, omissions, and or other liablities related to news shared here. We do our best to keep tabs on infringements. If some of your content was shared by accident. Contact us about any infringements right away - CLICK HERE