More information has come out about the credit card data hack that hit the RPGNow site. Apparently it only affected people who had their credit card information saved on the RPGNow site. This was a convenience (saved you having to enter the credit card information each time you shopped), a service offered by sites like Amazon. The difference is that Amazon has greater resources than RPGNow.
The data was hacked by a Brazilian spammer. The data was stolen sometime in October. Some folks noticed fraud on their cards a couple of months ago, but only yesterday did someone figure out what had happened.
This is a classic case of what happens when a) people trust their financial data with companies on the Internet, and b) those same companies are small businesses that are not quite capable of handling the complex nature of their chosen business model.
It's also another reason where spammers and hackers should be hung by their toenails.
My data is safe. I no longer have the credit card I used when I bought from RPGNow a year or two ago, I never clicked on the checkbox to save my data on their site, I may even have used Paypal with RPGNow last time, and my most recent purchase was after the data was hacked. Still, it's kind of scary.
For the most part, the RPG.net community has been fairly positive about RPGNow's handling of the situation, but there has been some backlash. I know I'll be thinking twice about using them again...
4 Good Years
5 months ago