WARNING: TFSOURCE account billing info compromised! (May 2011)

Discussion in 'Transformers General Discussion' started by DarthMagnificus, Jan 7, 2010.

Thread Status:
Not open for further replies.
  1. shibamura_prime

    shibamura_prime Jumpin' Jellyfish! Super Mod

    Joined:
    Jun 22, 2004
    Posts:
    9,985
    News Credits:
    1
    Trophy Points:
    337
    Likes:
    +1,227
    As frightening as this is, I ask that everyone keep speculation to a minimum for the time being. Looking through this thread, this is no conclusive proof to say if TFSource is or isn't to blame for this security compromise.

    In the meantime, I suggest keeping an eye on your credit card statements and the like regardless of where you've shopped online.
     
  2. Satomiblood

    Satomiblood Revoltech Chip Chase

    Joined:
    Nov 2, 2007
    Posts:
    21,278
    Trophy Points:
    362
    Location:
    Lancaster, PA
    Likes:
    +2,067
    I believe TFSource still has my old card on file. It expired in the spring of last year. I'm wondering if I should even bother doing anything outside of checking my statements.
     
  3. ryan.j

    ryan.j Well-Known Member

    Joined:
    Sep 22, 2009
    Posts:
    1,859
    Trophy Points:
    126
    Likes:
    +3
    if it's expired it won't be much good. jsut keep an eye on your statements tbh.
     
  4. lebowski

    lebowski The Dude abides

    Joined:
    May 16, 2008
    Posts:
    134
    Trophy Points:
    62
    Likes:
    +2
    Whether a website is 'secure' or not means nothing.

    A 'secure' website means it's really hard for someone to intercept the HTTP info that you're sending back and forth when you're clicking things. Once a company has your data - once you've sent it to them and finished your transaction - it's up to them to protect it.

    Those credit card numbers that they are storing in their database - as part of your saved account info - are steal-able.
     
  5. Satomiblood

    Satomiblood Revoltech Chip Chase

    Joined:
    Nov 2, 2007
    Posts:
    21,278
    Trophy Points:
    362
    Location:
    Lancaster, PA
    Likes:
    +2,067
    Nothing unusual going on in my statements. My old card is still on file and it's been confirmed as invalid when I clicked Change Payment. However, my last purchase was made via paypal in October.
     
  6. ryan.j

    ryan.j Well-Known Member

    Joined:
    Sep 22, 2009
    Posts:
    1,859
    Trophy Points:
    126
    Likes:
    +3
    dude, that is so page 4. :p 

    i'm 100% sure as responsible retailers they'll have their admins investigate this thoroughly (likely contacting the police if there was a crime committed) to piece together what happened before they make a statement about this and if the problem is at their end - which, as the corporate shill* moderator at the top of the page pointed out, may or may not be the case.

    now if only they'd add an option to "remove my CC details" rather than only allowing you to replace them with new ones...



    *j/k don't ban me plz. thx.
     
  7. lebowski

    lebowski The Dude abides

    Joined:
    May 16, 2008
    Posts:
    134
    Trophy Points:
    62
    Likes:
    +2
    I've worked in the business too, on the side that has the sort of back end access to all of this data. I've had access to every CC number for America's largest CC issuer.

    I can tell you that the police don't care. The last time I got hacked, I used my access to track down all of the vendors, and all of the merchandise's shipping address. I had the whole portfolio ready for the police, and they just sort of laughed it off. There is so much of this, there is just not enough time for law enforcement to worry about it. And the CC companies are cool writing it off so long as the fraud percentages stay below 5%.
     
  8. butz

    butz slippery when wet

    Joined:
    Dec 18, 2003
    Posts:
    7,337
    Trophy Points:
    337
    Likes:
    +875
    If they are setup at all like the place I work for then there's any number of points well outside of TFSource's hands where the breach could've ocurred.
     
  9. Sunstorm9119

    Sunstorm9119 RC 1136

    Joined:
    Mar 16, 2005
    Posts:
    3,913
    News Credits:
    1
    Trophy Points:
    332
    Location:
    Williamsburg, Virginia
    Likes:
    +972
    Ebay:
    Facebook:
    Twitter:
    Google+:
    YouTube:
    HMM.... My Mother in Law got a call from Discover the other day asking if she ordered $1000 worth of stuff in California (She lets me use her card for Pre-orders). I wonder if this is why?

    Before you say it , I already went to TFSource and changed the CC info to a random number.
     
  10. Satomiblood

    Satomiblood Revoltech Chip Chase

    Joined:
    Nov 2, 2007
    Posts:
    21,278
    Trophy Points:
    362
    Location:
    Lancaster, PA
    Likes:
    +2,067
    What if you paid through paypal using a balance? That was the last purchase I made.

    To be safe, I removed my debit card from my paypal account anyway.
     
  11. Reigner

    Reigner Well-Known Member

    Joined:
    Apr 9, 2009
    Posts:
    1,139
    News Credits:
    1
    Trophy Points:
    177
    Likes:
    +2
    Ebay:
    I've had no charges on mine. Though I've yet to actually buy anything from them, just three preorders.

    What exactly does frenzy_rumble's thing fix? Is it just a temp change until everything is sorted out then he changes it back?
     
  12. ryan.j

    ryan.j Well-Known Member

    Joined:
    Sep 22, 2009
    Posts:
    1,859
    Trophy Points:
    126
    Likes:
    +3
    i have also closed my bank account, burned down the Tesco petrol station where i bought some fags this morning and sterilised myself so no future children could give my card details to anybody. (existing children were simply blinded to save time).
     
  13. ryan.j

    ryan.j Well-Known Member

    Joined:
    Sep 22, 2009
    Posts:
    1,859
    Trophy Points:
    126
    Likes:
    +3
    in theory, it replaces your details in their DB.

    in reality, who knows. we have no idea how their code works.

    consider it moderately pointless post-horse-bolting paranoia, since the details have already been swiped and db security should have been locked down tighter than a nun's arsehole by now. it can't really do any harm though, unless you have some uncharged pre-orders and they get declined when Tfsource try to charge it to 1234567890123

    i can virtually guarentee there will be some bitter tears in march from people who forgot to change their card back. :D 
     
  14. lebowski

    lebowski The Dude abides

    Joined:
    May 16, 2008
    Posts:
    134
    Trophy Points:
    62
    Likes:
    +2
    If there is in fact some sort of security breach, and they haven't already pulled his account number from the database, he will be protected.

    With regard to the paypal payment method, I would think you'll be OK. Paypal requires a Paypal password to create transactions, and I would assume middle party vendors never get access to this password.
     
  15. Triple Melter

    Triple Melter EGG GANG™

    Joined:
    Jun 17, 2009
    Posts:
    999
    Trophy Points:
    157
    Likes:
    +28
    My accounts are okay so far. I only bought one thing through TFSource before though, and I paid with paypal. Never pre-ordered or anything so I don't think I ever input any credit information into that site.
     
  16. Tekkaman Blade

    Tekkaman Blade Professor of Animation

    Joined:
    Jul 2, 2002
    Posts:
    31,977
    News Credits:
    14
    Trophy Points:
    412
    Location:
    Georgia
    Likes:
    +13,395
    I only use paypal, so I should be safe.
     
  17. payton34

    payton34 Well-Known Member

    Joined:
    Sep 15, 2007
    Posts:
    4,056
    News Credits:
    13
    Trophy Points:
    212
    Likes:
    +25
    I posted this at other sites as well, and it's disturbing to see the threads get deleted because certain unnamed sites are more concerned with protecting their sponsorship-money as opposed to their membership.

    Sad...
     
  18. ninety

    ninety NERDS!!

    Joined:
    Aug 16, 2007
    Posts:
    3,200
    News Credits:
    2
    Trophy Points:
    207
    Likes:
    +31
    Bolded for truth.

    In no way am I calling him out, but this is all based off one new guys post. Apart from his post there's nothing to suggest this is related to TFSource. What if it's BBTS trying to put a rival out of business :lol  Just trying to say that speculation like this can really harm a business.

    Phone them. I checked the internet, then called the bank to check there wasn't anything pending.
     
  19. Wajo357

    Wajo357 Well-Known Member

    Joined:
    May 24, 2004
    Posts:
    1,657
    News Credits:
    7
    Trophy Points:
    232
    Likes:
    +18
    very sad... this is extremely serious. Without actually blaming TFSource, people's credit cards have been compromised, which should mean immediate front-pages, facebook and twitter comments to help spread the word...
     
  20. TFwIcKeD

    TFwIcKeD Banned

    Joined:
    Sep 17, 2009
    Posts:
    153
    Trophy Points:
    56
    Likes:
    +0
    Credit charges on my account too, b.s.

    I guess this is the BELLS AND WHISTLES they promised for the appendage set?
     
Thread Status:
Not open for further replies.