Results 1 to 18 of 18

Thread: FINFUN CREDIT CARD DATA BREACHED

  1. #1
    Member Undisclosed Pod
    Pod of The South

    Join Date
    Dec 2013
    Posts
    57

    Exclamation FINFUN CREDIT CARD DATA BREACHED

    IF ANYONE HAS ORDERED FROM FINFUN, PLEASE CHECK/UPDATE YOUR FinFun & Bank ACCOUNTS

    This last week I had to order new cards after someone managed to hack into and access my Bank account. I thought it happened while I was at Disney, but just today I got a letter from FinFun stating that they just had a data breach and everyone's card, shipping, and account info may have been stolen.

    The fraudulent charges appeared in my account as "JagexLtd CAMBRIDGE 06/01" from the UK. It kept doing a robo-withdraw of $59.99(usd) until my account was depleted.

    I don't know if anyone that has used a 3rd party to pay like Paypal is affected by this breach, but that's what I'll be using instead of directly paying for my next order. I still <3 their tails and will continue to be a patron with them, but that just makes me so upset that someone would target us for their own nefarious means.

    mods please move this wherever it needs to be moved so our users are safe.

  2. #2
    Senior Member Undisclosed Pod
    Join Date
    Jul 2011
    Posts
    14,650
    Yeah I got a notification about this too. No charges yet but I'm keeping an eye on it

  3. #3
    Senior Member Pod of Oceania Mermaid Jaffa's Avatar
    Join Date
    Jan 2014
    Location
    Silverwater, NSW Australia
    Posts
    4,806
    Add Mermaid Jaffa on Facebook
    Visit Mermaid Jaffa's Youtube Channel
    Ok. I'm keeping an eye on my account too. Thanks for the warning.
    Formerly known as ireneho

  4. #4



    Sent from my iPhone using Tapatalk

  5. #5
    Did they say which of their customers' data was compromised? All, or just from a specific time period? I have purchased from them in the past, but I didn't get an email from them. There's also nothing on their website about it, which is disappointing.

    Mermaid Galene (pronounced Guh-LEE-nee)



    Mermaid Galene WebNeptune's Keep WebFacebookMG YouTubeNK YouTubeEtsy Shop

    Neptune's Keep makes music with fish. Fish have hidden depths!


  6. #6
    Senior Member Undisclosed Pod Trade Winds's Avatar
    Join Date
    Mar 2014
    Location
    Texas
    Posts
    942
    I haven't ordered anything from them since last year, via Paypal. idk if hackers can get to me via Paypal. Either way, haven't noticed anything yet. I got the email from them earlier this week but honestly didn't think anything of it.



  7. #7
    Senior Member Undisclosed Pod
    Join Date
    Jul 2011
    Posts
    14,650
    Just since march I believe it was

  8. #8
    Senior Member Undisclosed Pod
    Join Date
    Jul 2011
    Posts
    14,650
    It was only emailed to people affected.

  9. #9
    Senior Member Undisclosed Pod
    Join Date
    Jul 2011
    Posts
    14,650
    We are writing to tell you about a data security incident that may have exposed some of your personal information. We take the protection and proper use of your information very seriously. That is why we are contacting you directly to let you know how we are protecting you personally.*Our company is founded on a commitment to absolute customer service, satisfaction, and integrity therefore this is a very difficult letter for us to write and we sincerely apologize for any inconvenience or concern this may cause you.*



    What Happened?

    On April 30, 2015, we detected a system intrusion that occurred on April 25th, 2015. Your personal information may have been disclosed which included name, address, email and*encrypted password. We immediately implemented procedures to protect all data and prevent unauthorized access and requested an investigation with authorities.

    Our site is now secure and enhanced security measures have been implemented to prevent similar attempts in the future. The investigation is ongoing and we are engaging cyber security experts to commence an investigation. We have contacted the FBI and are working with authorities. We are providing this notice to you out of an abundance of caution so that you can take steps to help protect your information from unauthorized use, such as the steps detailed in the enclosed state notification requirements.*



    What Are We Doing To Protect You?

    To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide*identity theft protection at no cost to you for one year. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data.

    Your identity theft protection services include*Identity Theft Consultation and Restoration. Additional information describing your services is included with this letter.

  10. #10
    thing is, I got a letter like that and my purchase was made in September of last year
    Take the wave now and know that you're free
    Turn your back on the land face the sea
    Face the wind now so wild and so strong
    When you think of me
    Wave to me and send me a song

  11. #11
    Senior Member Euro Pod Talia's Avatar
    Join Date
    Aug 2012
    Location
    Madrid, Spain
    Posts
    629

    Visit Talia's Youtube Channel
    I purchased from them last December, but paid by PayPal. No email of any kind or suspicious activity that I noticed (for now).

  12. #12
    I'm glad to see them not only address the problem, but their customer base, too. There have been several large companies that have had data breaches and don't bother to make any public statement or inform their customers. There is one store in particular that I only spend cash at when I shop there. They have been breached too many times for it not to be a legitimate concern.

  13. #13
    Member Undisclosed Pod
    Pod of The South

    Join Date
    Dec 2013
    Posts
    57
    yea Raina, that's similar to the letter they sent me, dated from May 26. My letter states that they also had detected on May 14 that Malware was installed on their server checkout page at the company website, finfunmermaid.com, by the hacker(s) which compromised customer data and payment details.

    Not sure if the offered service for ID protection from Kroll is any better than what I could get from my bank... but its free for one year...

    I just hope that the authorities take this case as seriously as any other business hacking.

  14. #14
    Senior Member Pod of Oceania Mermaid Jaffa's Avatar
    Join Date
    Jan 2014
    Location
    Silverwater, NSW Australia
    Posts
    4,806
    Add Mermaid Jaffa on Facebook
    Visit Mermaid Jaffa's Youtube Channel
    I don't know if it means anything, but Jagex is also the name of the company that makes Runescape. They're also based in UK.
    Formerly known as ireneho

  15. #15
    I just received my letter not that long ago, and I just contacted finfun today and waiting for a callback. I believe it may be a scam because Kroll's number that is mentioned in the letter does not appear to be on the Kroll's Restoration Services website. In fact, I cannot find it online at all. My letter also says that the intrusion occurred on April 25, 2015 and that I made a purchase during that time when I didn't. The last time I made a purchase was last year before christmas. I'll let you know what finfun has to say when they return my call.

    UPDATE: Finfun called me back, and said they indeed did have a data breach. As a result, they decided to send out letters to anyone who purchased from their website within the last year.
    Last edited by Atlantisblue; 06-15-2015 at 11:45 PM.
    User formerly known as "accepted3".

  16. #16
    Senior Member Pod of Oceania Mermaid Jaffa's Avatar
    Join Date
    Jan 2014
    Location
    Silverwater, NSW Australia
    Posts
    4,806
    Add Mermaid Jaffa on Facebook
    Visit Mermaid Jaffa's Youtube Channel
    I just received my letter today... Luckily I saw this thread long before and have kept my eyes on my money. Nothing is lost or stolen.
    Formerly known as ireneho

  17. #17
    Ohh, I understand. I have a little bit another problem. I bought a new laptop for work, but now it's starting to work horribly. It glitches and sometimes drops me from browsers. Unfortunately I don't know anyone who understand this. What can you recommend me?

  18. #18
    I want to tell you to be careful of credit card data hacking. More information about it you can found at https://qawerk.com/blog/what-is-sql-injection/.SQLi types are indeed plentiful; however, the easiest and the most popular ones revolve around manipulations with the UPDATE, INSERT, and SELECT statements as well as WHERE and ORDER BY clauses.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •