Wow. I think that 4000 charge is the highest I've seen anyone hit with in this thread. I am so glad I cancelled my card before getting hit. But I'm also very concerned because it obvious these people have our info too like name and address and stuff. This is just awful and yes these things happen. It's hard to be utterly safe from it but the way the club is handling the issue is abysmal. I'm stuck for this year since I already renewed. But I will be hard pressed to renew next year unless some major changes occur.

 

Postage increase for First Class is 1 cent. For one ounce letters. This year. It is also considerably more for Priority Mail. Same with last year's increase. And the one from two years before that. It goes on and on. I don't begrudge them the $2 increase after years of postal increases with no accompanying subscription price increases. Heck, the Joe Club has been $42 for years now.

 

I wonder if something like this might be the case. It would explain how someone also got into my Paypal account if they were logging keystrokes. I was using a limited stable of passwords for various sites for ease of memorization and the same e-mail, and it so happened that my TFCC login/password and Paypal login/password were exactly the same. The timing of that seemed too suspicious to me. Lesson learned... And good thing I never put my SSN on my Paypal account or I'd probably be looking at identity theft as well.

Everyone who has bad habits like me will probably want to also change sensitive passwords.

 

I did the same, but got lucky. My card wasn't hit before the replacement came. This has turned out to be one heck of a cluster fudge on the part of the club.  

 

I have never ordered anything from FunPub or ever been associated with them (although I wish that I had bought Animated Cheetor and Timelines Airazor, but that's not the point), but this situation is abhorrent and appalling and absolutely disgusting. No customer should ever have to go through this. I hope that everyone affected by this will soon recover.

 

Well, went down to the bank with my emails from the club, and they agreed that I should get a new card, so I am finally good again. On the bright side, atleast now I have alerts sent to my phone (it is almost neat getting a text even before the cashier hands me the receipt), and I will be able to save a little cash over the next few weeks by not having a CC, which is nice after my little spending spree since Christmas.

 

and Im done... this is utter crap. My bank account had been hit days before this fiasco and I foolishly gave tfcc the benefit of the doubt. So now that I have to cancel another credit card and worry about my credit...nope.. I will not be giving this company any more money and you would all be smart to do the same. They are not even offering any thing for the mishap and its a pretty big mishap.

 

I'm not saying "give them time" for anything. I'm saying that finding out what happened is actually important. There's a difference. I'm not saying anything to defend past actions, other than to say that they do need to do the work of investigation.

 

Well, I've canceled the two cards that I know I've used on the FP site. I haven't bought anything else from them since about the 3rd year they were running the club, so hopefully I'm ok now.
Heck, I've only got one card left that's not been replaced at this point. I'm not even sure I had that card back then.

 

Y'all ready for something f-cked up?

Let me preface this with this MIGHT....MIGHT... Be unrelated to FunPub -

Tonight I'm sitting at home watching Netflix over Xbox Live and I get an email on the iPhone - from PayPal - "Thanks for your purchase of 1600 points for $19.99"... Except I didn't order anything... Followed immediately by another email from PayPal - "Thanks for your purchase of 6000 points for $74.99"...

I call PayPal and Microsoft immediately and tell them that's bullshit, and start the process of cancelling THAT debit card too - although I didn't remember ever using my PayPal card for FunPub. Then the good news - it wasn't my debit card - SOMEONE GOT INTO MY PAYPAL ACCOUNT - with my password - and bought $95 worth of MS points. The stupid thing is - they're in MY Xbox account - like, I now have 7600 ms points that I didn't buy. So I'm not sure what that accomplished.

Anyway yeah... My email ID and password for PayPal? Same ones as the TFCC site. Just saying.

Again - COULD be a whole other fraud thing coincidentally going on at the same time as my debit card with FunPub.... I HOPE SO, ANYWAY. But if you have a PayPal account, maybe just keep an eye on it. Again - Paypal says it wasn't my PayPal debit card - they say someone accessed my PayPal account and bought the points. For me. With my money. I dunno either, it makes no sense.

Meanwhile I'm cancelling EVERY card and changing EVERY password I have EVERYWHERE. Too weird for me.

FunPub did send me my missing SG Drift instructions and techs though. Thanks?

 

Y'all ready for something f-cked up?

Let me preface this with this MIGHT....MIGHT... Be unrelated to FunPub -

Tonight I'm sitting at home watching Netflix over Xbox Live and I get an email on the iPhone - from PayPal - "Thanks for your purchase of 1600 points for $19.99"... Except I didn't order anything... Followed immediately by another email from PayPal - "Thanks for your purchase of 6000 points for $74.99"...

I call PayPal and Microsoft immediately and tell them that's bullshit, and start the process of cancelling THAT debit card too - although I didn't remember ever using my PayPal card for FunPub. Then the good news - it wasn't my debit card - SOMEONE GOT INTO MY PAYPAL ACCOUNT - with my password - and bought $95 worth of MS points. The stupid thing is - they're in MY Xbox account - like, I now have 7600 ms points that I didn't buy. So I'm not sure what that accomplished.

Anyway yeah... My email ID and password for PayPal? Same ones as the TFCC site. Just saying.

Again - COULD be a whole other fraud thing coincidentally going on at the same time as my debit card with FunPub.... I HOPE SO, ANYWAY. But if you have a PayPal account, maybe just keep an eye on it. Again - Paypal says it wasn't my PayPal debit card - they say someone accessed my PayPal account and bought the points. For me. With my money. I dunno either, it makes no sense.

Meanwhile I'm cancelling EVERY card and changing EVERY password I have EVERYWHERE. Too weird for me.

FunPub did send me my missing SG Drift instructions and techs though. Thanks?

 

I think most of us are already thinking that the "leak" occured within the club systems, and not with their credit card handlers'. In this same page (or the previous one), there's the example of Boardwise's card, which wasn't used with the new card handler.

Furthermore, I'm guessing the "leak" is linked to the newer pieces of code they've implemented in their systems: the event registration system and MCAX. After all, FunPub have had access to all of our credit information - in print - for over 5 years, and this is the first time such problems have risen.

If I have to guess, I'd say they implemented a new e-commerce/comunication module with their card handler (or with a new one) while implementing the event registration site or MCAX, and then began slowly migrating the rest of their checkout pages to use this new e-commerce module; someone then got access to such component and either managed to copy the credit information database or - more likely - implemented a trojan horse that intercepts the authorization transactions and generates a transaction log with all the pertinent information, that's then copied to the perpetrator. They could've also installed a backdoor, and used that to get access and copy a database on a periodic basis, but that's more risky for the hacker.

As to how they got access, could've been a simple hack, but due to the amount of information stolen, I don't think this was the work of a hacker.

I'm on the same boat. BotCon 2012, Over-Run, SG Drift and my 2012-2013 renewal are already paid. It would further inconvinience me to cancel all of that, and I do want the toys (besides, I refuse to leave them with the penalty fee if I cancel). But I think I'll need a very public, very complete and very satisfying explanation of what they've done/will do to secure their systems, before I even consider giving them more business next year.

-airfox

 

Haha. I'm not trolling, you honestly think people don't duplicate passwords? You think someone who can steal credit card info can't then match it up with an email and gain access to that to? oOOoOookay. I'm the crazy one. Don't change your password. I'm guessing you don't have a duplicate email address that you use to sign up for online stuff and a seperate personal one too like I do for this VERY scenario? That would be crazy, right?

There's obviously people who DO that stuff, kid. That's why I suggested anyone who COULD be affected by this change any passwords, or email addresses you used with the FunPub guys. Because, we do not know the extent of what has gone on, by the sounds of those monkeys, neither do they. Is it worth the risk? Your decision. I've changed all my passwords and set up another new email account for online subscriptions (Facebook, etc) in case that email could be compromised, because it was connected to FunPub. Took 5mins and I had a coffee at the same time.

That's logical. Common sense. I find it baffling that you find this to be "trolling"...

Yes, I signed up to trash FunPub, because they are AWFUL and have been abusing this insular fan group for far too long, by the sounds of things. Yes, I signed up to bring attention to their terrible treatment of myself personally, and many many many other customers. Especially us International folk that pay the HIGHER FEES as you US based ones, yet get treated as second class fans and clients. That's a... bad thing? Speaking up, in your view, and suggesting ways they can right their wrongs is "trolling"

Wow.

As I said much earlier; The ONLY response they should have given to this situation was "No matter who is at fault, this happened on our watch. We will fix it and make it right". FunPub have done everything but.

I picked the wrong week to quit sniffing glue...

 

Dude, you're not the only one that had someone get into their Paypal account; and like you my password was the same as for TFCC. I posted just a few pages back about it... So yeah, I'm definitely betting its related to FunPub.

 

I don't think it is coincidence. Like I said in the other thread, I do believe whoever hacked into FP not only stole CC info but all the info FP stores about us (name, address, phone, DOB, password, email, etc). Why did they buy Xbox points for you? I believe it's a test to see if you or Paypal were paying attention. Just like $1 google charges.

 

If these guys are genuine... I'm not so crazy on the email/password thing now...

...as I said, there is no way for us to know what the extent of the Data that has been compromised is. Because simply, I doubt FunPub have any idea what they're doing.

Change your passwords people. Change your email addresses too if possible.

 

 

Or perhaps, Glen's credit card was also hit with TCC-related fraud charges?!  

I'm complaining about the thief ... and about the TCC too.

I also expect that eventually we get full disclosure on what happened ... as I don't see other way I'd trust to ever use my card with them again. As for what happened, here's my guess:

I'm thinking something similar, but IMO the script is deeper than on the page level. I'm not thinking about a web-based keylogger, but about something deep within their code that does basically the same thing. If it was just on the page, they should've found the issue by now.

No matter if you connected from a Mac, PC, tablet, Android phone or whatever, the protocols in question are the same (Internet standards and all that), and the security that was compromised isn't linked to your device, but to FunPub's site and systems.

Glad to see you were able to cancel the card.

-airfox

 

Yeah, I saw your Twitter post. That's just a shitty scenario. I'm sorry you gotta deal with that.