I didn't see where we had a thread just dedicated to general Club talk and I know with the recent problems with the compromised credit cards, we probably need one. I think there are some posts in the Figure Subscription thread that could probably be moved over here if Jesse or someone could lend a hand.
The first I heard about it was from some tweets by Jason, from The Terrordrome, and it was in relation to what was going on over at the Transformers board. Apparently they were in the middle of convention registration when this all started going down. But we're also coming up fast on the deadline for the GI Joe Club membership renewal so there was a lot of people sending CC info their way for that too.
Now that it's spread to just about everyone, it seems that the Club's whole membership database was compromised in some way. Some of the people that got hit said that they hadn't used a CC with the Club since last year's figure membership drive. There's a guy on Hiss Tank that called in his CC info rather than using the online ordering system.
The thing that scared me a little is that for the Club I used the Debit/Credit card that's tied to my bank account to re-up for my membership. That's about the only online store I've ever used it for so I panicked a little, especially when it looked like it was all going down over the President's Day weekend when my bank was closed and I had no way to cancel the card until Tuesday. Finally got in and cancelled it and it seems I'm okay. But, man, that was a close one.
I haven't read much on the Tranformers board but I've read the Hiss Tank thread and the Club is taking a lot of heat over there, possibly more than they deserve, I think. But, at this point, the problem is that no matter what the Club posts, whether it's an official email from Brian or Pete, their "fan interface" who is a member of several forums, people are going to pick it apart and latch on to any piece that will allow them to further bash the Club even if they're taking it out of context.
There have been official announcements via email from the Club, they posted info to their Joe and TF Club pages and there are threads on the top Joe and TF boards. At this point if you are a member and haven't cancelled any cards you've used with the Club, it's really now on you if you get unwanted charges.
The password thing, although not directly addressed by the Club, should be a no-brainer IMO. If you use a common userid/password combo online and the Club has been hacked, you have to assume all your info is compromised and take the appropriate steps. It's an easy guess that if you are a Joe or TF fan, you probably also use PayPal, eBay, Hasbro Toy Shop, EE and BBTS (among other websites)...so, if I'm a hacker, why not try the userid/pw info on the other sites just to see if it works? Whether the Club addresses that or not, it's not really their problem to worry about how you use other websites, the customers should be thinking about it.
I still have faith in the Club but I'm going to be very much more careful with how I purchase from them in the future. I have a Bank of America CC and will be taking advantage of their ShopSafe
feature for any new purchases. At least until they've proven they identified how the initial breach happened and that their upgraded software is more secure. I've seen a lot of people post over on the Tank about how the Club's software was not secure or how they basically handed the info over to hackers, but I don't buy any of that. I'm not necessarily happy that, apparently, their system stored CC info indefinitely even though I never had the choice to have it saved, but how many people use Amazon and have their CC info stored for easy checkout? It's not like the Club was doing something completely unheard of, they just maybe were doing it without our express permission and, while I can't check now, maybe didn't give us a way to opt out of having that info stored.
The way I look at it is that every company can be subject to this, it's happened before whether it was Sony or a retail store that was wirelessly transmitting CC info that got intercepted. I'm not going to blame the Club for becoming a target of fraud, but they do shoulder the responsibility of correcting their software (probably via upgrades) so it's harder to have it happen in the future.