Jump to content

Ongoing Discussions Regarding Transformers Collectors Club Security Breach Thread: Update: Breach Occurred, Cancel Cards, Change Passwords


Overbite

Recommended Posts

  • Replies 58
  • Created
  • Last Reply

I received this email from TFCC Friday & thought I would share it here! As a victim, I find it as too little too late. Not only was my credit card breached, my PayPal account was as well, which leads me to believe not only was credit card info stolen, password info as well!

 

Wow,the security breach was a lot worse then I ever imagined it was. I thought paypal members didn't get hacked because paypal takes it's members to a exclusive/secondary paypal site to complete the payment buying process.

 

if paypal members got their info hacked. then I can only think of a few scenarios how this happened. (1)at some point the TFCC site had a download file that all members had to download. this download file was full of adware,pop up or/& key loggers. (2)The TFCC site itself since it was reported to be on google serves. got hacked,has open back doors. the hackers were able to look at members info because they had access to owner/administrator files. (3)Those paypal members who got their paypal accounts hacked. must of had the same exact log in user name & password that they use for both the TFCC site & the paypal site.

 

Personally,The TFCC apology is fruitless/nothing. Because TFCC/Fun in the Apology letter didn't mention two major things: (1)"Sorry,were going to be re-imbursing everyone's credit card money that got stolen by the hackers." (2)TFCC said in the Apology that tracing the hackers is too hard to do. this basically means in un-written words: "We don't have the spare cash nor spare time to look into this matter. we can't afford to waste any money nor time on hiring/paying for the people/companies that specialize in tracing hackers,putting them to justice & trying to recover members stolen money from these hackers.

Link to comment
Share on other sites

I believe these jackholes are the ones that recently pillaged my gmail account. Because I appear to have accidentally used the same password for my TFCC account and Gmail account.

 

 

So I suppose the club AND their processing company was hacked, unless of course funpub thought it would be alright to just store our credit card numbers in a unencrypted file on their server. Which wouldn't surprise me considering how lazy and backwater they are with everything else they do. For example, their forum software has to be the same one they originally installed in the 90's when they first made the club website. Which is probably how the hackers got in, because anyone with common sense knows that the older software gets "especially web forum software" the more exploits are found by hackers.

 

I'm sorry but I just cant trust these guys anymore. No I will not mail you a check, because you would just "misplace" it, and while limited, crooks can still do some sinister s*** with your account and routing number. If Funpub wants me to ever resubscribe they will offer paypal checkout, as its the only sure fire way to prevent this type of crap from happening.

Link to comment
Share on other sites

I received this email from TFCC Friday & thought I would share it here! As a victim, I find it as too little too late. Not only was my credit card breached, my PayPal account was as well, which leads me to believe not only was credit card info stolen, password info as well!

 

Wow,the security breach was a lot worse then I ever imagined it was. I thought paypal members didn't get hacked because paypal takes it's members to a exclusive/secondary paypal site to complete the payment buying process.

 

if paypal members got their info hacked. then I can only think of a few scenarios how this happened. (1)at some point the TFCC site had a download file that all members had to download. this download file was full of adware,pop up or/& key loggers. (2)The TFCC site itself since it was reported to be on google serves. got hacked,has open back doors. the hackers were able to look at members info because they had access to owner/administrator files. (3)Those paypal members who got their paypal accounts hacked. must of had the same exact log in user name & password that they use for both the TFCC site & the paypal site.

 

Personally,The TFCC apology is fruitless/nothing. Because TFCC/Fun in the Apology letter didn't mention two major things: (1)"Sorry,were going to be re-imbursing everyone's credit card money that got stolen by the hackers." (2)TFCC said in the Apology that tracing the hackers is too hard to do. this basically means in un-written words: "We don't have the spare cash nor spare time to look into this matter. we can't afford to waste any money nor time on hiring/paying for the people/companies that specialize in tracing hackers,putting them to justice & trying to recover members stolen money from these hackers.

 

haha. who has ever willingly done this?! Everyone's bank should be FDIC insured so if something like this happens, you get reimbursed. My card was used twice, a week apart, and my bank reimbursed me for both transactions. It's "temporary" as they research it. I called fraud the after the first fraudulent use, and had my card cancelled. not sure how the second transaction went through. i keep an eye on my financials daily.

Link to comment
Share on other sites

As the release stated, nobody should be out on money here. As long as you report to your credit card/bank account in a reasonable time, the bank will reimburse you with no problem.

 

I don't believe FunPub willingly did this (and you shouldn't either) and Brian provided a reasonable explanation as to why they were not reasonably forthcoming about the breach.

 

Let this ride its course, and as Brian did say, nobody should be out on money on this. Keep a close eye on your financials (check once a week on your respective bank/credit card accounts should suffice) just to make sure that everything is in order. If not, please report to the respective site.

Link to comment
Share on other sites

So I suppose the club AND their processing company was hacked, unless of course funpub thought it would be alright to just store our credit card numbers in a unencrypted file on their server. Which wouldn't surprise me considering how lazy and backwater they are with everything else they do. For example, their forum software has to be the same one they originally installed in the 90's when they first made the club website. Which is probably how the hackers got in, because anyone with common sense knows that the older software gets "especially web forum software" the more exploits are found by hackers.

 

Its unfortunate that Authorize.net does not provide (or most companies do not purchase) and end-to-end solution for processing payments. There are two sets of data required to log into an Authorize.net merchant account and one of them can be found in the website code. I've not understood this myself. Either way, if Authorize.net got hacked, you'd find that way more companies than TFCC (MasterCollector) were complaining of problems with their credit cards and banks. Honestly, I'd figure the hackers got in through MasterCollector's auction website, that would be my guess.

 

Either way, its hard to blame "hackers" on this type of situation, since it is also the company (MasterCollector) that had made some bad decisions regarding securing their website.

Link to comment
Share on other sites

I'm not laying blame to FunPub (not yet anyway) bwbm. I just want to let people know that not only has credit card information been compromised, password information as well. I take responsibility for that. I thought I change the alpha/numeric on my TFCC password, but it turned out to be the same as my PayPal password! My credit card has been cancelled & replaced. My PayPal account however, has been locked! Thanks to smartphone technology, I was able to see my emails from PayPal, warning me of what was taking place. Had I relied upon my laptop, I wouldn't have been aware of what was going on until today. Because this was happening almost instantaneously while I was conversing with PayPal security, they feel pretty confident of tracking this individual/individuals!

Link to comment
Share on other sites

As the release stated, nobody should be out on money here. As long as you report to your credit card/bank account in a reasonable time, the bank will reimburse you with no problem.

 

I don't believe FunPub willingly did this (and you shouldn't either) and Brian provided a reasonable explanation as to why they were not reasonably forthcoming about the breach.

 

Let this ride its course, and as Brian did say, nobody should be out on money on this. Keep a close eye on your financials (check once a week on your respective bank/credit card accounts should suffice) just to make sure that everything is in order. If not, please report to the respective site.

 

The font in bold is key. Every bank is different. If you're fortunate enough to have a 'zero fraud liability' card like Capital One, then it's relatively simple. If you get a bank that's more anal, they might require a police report to be filled out so that it's being 'investigated'. That form could take up to 45 days to get, assuming the police department will file it. Since 99.9% of those affected don't live in the same city that Fun Publications (or their processor) does business in, that could be a challenge. If it was a bank debit card... well, prepare for a tug of war.

 

Take it from a person who had to deal with a stolen wallet 3yrs ago. I was fortunate enough that the thieves only tried to use one card before I shut everything down and that one card was Capital One. They took care of everything for me without an issue. Capital One still wanted a polcie report on the back side, and getting that report from my local police department took 30 days.

Link to comment
Share on other sites

I'm not sure why this hasn't been posted already. But it appears the club will not get the online store back online until well after the registration period is over.

 

The Club has issued a pdf file on their website that current and new subscribers can fill out and mail in to sign up for the club. For payment they will only take checks or money orders. If you live in the US the club suggests you have the letter postmarked by the 8th at the latest. If your a international member it needs to go out by THIS WEEK.

 

Also before anyone asks...

 

-No, they do not take paypal and have no plans to take paypal, no matter how inconvenient it is to international subscribers and members that wish to use a credit card.

-No, they cannot delay the due date to subscribe.

-No, they will not take suggestions on how to fix this.

-Yes, the cost of membership has went up and you must use the pdf file to properly fill out your application.

-Yes, they expect international customers to pay extra for a money order and rush shipping to get it to them by the due date.

-Yes, FunPub considers bubble wrap to be a rare variant of gold and charges for it accordingly.

 

 

The club staff has also went on to state that getting the free figure from the shop will be extremely difficult, so were faced with either sending in a check, fighting for it on the club store, paying a scalper on ebay, or just doing without. Although I dunno why since the whole point of the cuttoff is because they need a hard number to order enough figures. So why they cant order extra is beyond me. :shrug

 

 

Anyways, to get to the form simply go to the clubs site and click the "join now" link in the upper right corner. The PDF should load, and all you gotta do is print it, fill it and a check out, sign the check, and mail it in.

 

ALSO A WORD OF ADVICE!

 

If you do not think your membership will arrive and be processed to meet the deadline on the 16th then DO NOT SEND IT IN! You see there is a interesting stipulation that your membership ends a week before the date you originally subscribed. For example I signed up on the 16th last year, but my membership ends on the 8th of this year. A whole week before the march 16th cutoff.

 

So basically the club can screw you out of this years AND next years figure if you get signed up between the 17th and the 22md. This has apparently happened quite a bit and is a constant problem this year, what has happened is the members did not get signed up by the 16th due to store errors and ect, and made the mistake of signing up between the 17th and 22nd of last year. So now the club is telling them that their membership is not eligible for this years free figure because it ends before the 16th, despite the fact they did not get last years figure either due to them signing up after the 16th.

 

 

 

 

 

---------------------------------------------End of Major News---------------------------------------------

 

 

 

 

Also has anyone else seen some of the comments posted on other sites about this same subject? Its quite comical to say the least, especially since Pete is just digging a deeper hole for funpub through his mulish attitude and continuous prodding of already irate members. Needless to say this years botcon Q/A will be reaaaaaally interesting. I have a feeling Hasbro will take action over Funpubs handling of this either through a severe chewing, or by pulling the license from Funpub completely. That's just my 2 cents though.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Find Transformers on Ebay


×
  • Create New...
Sign Up For The TNI Newsletter And Have The News Delivered To You!


Entertainment News International (ENI) is the #1 popular culture network for adult fans all around the world.
Get the scoop on all the popular comics, games, movies, toys, and more every day!

Contact and Support

Advertising | Submit News | Contact ENI | Privacy Policy

©Entertainment News International - All images, trademarks, logos, video, brands and images used on this website are registered trademarks of their respective companies and owners. All Rights Reserved. Data has been shared for news reporting purposes only. All content sourced by fans, online websites, and or other fan community sources. Entertainment News International is not responsible for reporting errors, inaccuracies, omissions, and or other liablities related to news shared here. We do our best to keep tabs on infringements. If some of your content was shared by accident. Contact us about any infringements right away - CLICK HERE