Fun Publications Admits To Security Breach, Apologizes for Inconvenience

Fun Publications has sent out a message to all Transformers Club members this weekend notifying the members that there was indeed a security breach related to their e-commerce database.

In a written statement sent to members, Brian Savage says that "Fun Publications has determined that there is a security issue with our e-commerce systems."

Citing that members' information submissions assisted in determining the flaw, Mr. Savage also says that the source and the extent of the breach is currently unknown, but that multiple parties are assisting in finding out the source of the breach.

He apologizes for the inconvenience this breach has caused and suggests that members continue to be vigilant on their credit cards and activities on accounts with similar login information (Tformers Community member Robimus Prime says that his PayPal account was also compromised).

Also, consider maybe replacing any cards that may have been used to make a purchase on the club's store within the last year.

We at Tformers appreciate Mr. Savage's announcement here. While Fun Publications was previously not forthcoming, we believe they provided a reasonable explanation why they were not originally willing to do so.

As Mr. Savage says in the released statement, nobody should be out any money in this breach. Keep an eye on your bank statements and credit card transactions by checking once a week to ensure that they are in order.

If not, please contact the respective organization immediately to ensure that everything is resolved as quickly as possible.

FULL STATEMENT

Fun Publications wants to take this opportunity to apologize to all of our members.

After many days of analysis, Fun Publications has determined that there is a security issue with our e-commerce systems. We appreciate all of you who have sent in your details. Your help has allowed us to ferret out several different patterns of fraudulent charges that have appeared on some members' cards (any that have been used over the last year with both the club store and our event registration system).

We have several different internet/networking companies looking into the matter. Unfortunately, as of yet, we have not been able to identify any forcible entry either into our internet service provider's servers or network. This is like chasing a ghost through the wires, as unfortunately, the perpetrator did not leave a trail, foot prints or finger prints.

For those of you who have been affected, we apologize for all of your time this has wasted and any inconvenience it has caused you. We understand your frustration as this same type of fraud has happened to everyone in our office on our personal credit cards at some point in the past. Our merchant services provider wants us to remind everyone that even though this can be a huge annoyance for you, the customer, your issuing bank will not hold you responsible for any fraudulent charges that might be placed on your card(s).

We know that this issue has been a huge topic of discussion on all of the boards for the past few weeks. However, we are required to investigate to determine and confirm a security issue thoroughly before making any public statements. This is why we put out a general alert statement two weeks ago.

Until the analysis is finished (can take several weeks) we don't know if the shut down by our former (Jan 31st) e-commerce provider caused the security issue or not. We do know that it has not been limited to those who have purchased before the change to our new provider.

Please, watch your cards closely as this type of security issue appears to be on the increase across the net. No site is 100% safe. You may want to consider having any cards you have used with Fun Publications in the last year replaced.

At this time, we do not know how long our e-commerce site will be offline for both the store and registrations. We will get back to you once we have a solution for this security issue.

Thanks for your support - Brian

Data Center

News Poll

Were you affected by the Fun Publications breach?
Yes
No



Votes: 25

Poll Results

News Story Comments

Last 10 comments - ( Read All Posts )
Breaker - 2012-03-30 @ 1:24 am

Got hit on monday for something called Supergroup Internet which as far as I can tell is a clothing company overseas. They got me for $170. There are a few more $1 charges, some of which are legit but some, like to YAHOO! Wallet, definitely are not. I cancelled my card today. Freakin' annoying.

Honestly, there should be a class action suit against Fun Publications. This is 100% due to negligence on their part. ANY remotely experienced programmer knows about SQL injection and wards against it. This is akin to leaving the doors unlocked on your home. Fun Pub took no steps to protect members information at any level. Even the data stored was not encrypted, which would have thwarted this even if the hackers got the data. I hope Hasbro will remove Fun Publications as their convention partner as they clearly don't have their customers or Hasbro's best interests in mind.

If my bank's investigation turns up that it's due to this leak I will be first in line to sign up for something like that. I don't want any additional money so long as I get what was taken back, I just want them held accountable. Not just really sorry after the fact.

Cybcouncil - 2012-03-28 @ 3:07 pm

Wow sad. I am glad I used prepaid cc's when I buy online. No cash in the account no way to charge it.

BaCon - 2012-03-28 @ 3:05 pm

Honestly, there should be a class action suit against Fun Publications. This is 100% due to negligence on their part. ANY remotely experienced programmer knows about SQL injection and wards against it. This is akin to leaving the doors unlocked on your home. Fun Pub took no steps to protect members information at any level. Even the data stored was not encrypted, which would have thwarted this even if the hackers got the data. I hope Hasbro will remove Fun Publications as their convention partner as they clearly don't have their customers or Hasbro's best interests in mind.

bwbm - 2012-03-28 @ 2:25 pm
Fun Publications has sent out a new update to all members regarding the ongoing investigation of the security breach (ongoing coverage) of their online store. The security firm has found that the Fun Publications store was subject to a SQL injection code attack sometime before Christmas and a security flaw at the ISP level failed to deter this kind of attack. The attack was undetected and allowed hackers to continue to return to the server at any time and access additional customer information. Continue reading... Read the Full News Story Here
puma - 2012-03-07 @ 3:17 pm

The thing is, this isn't the first time this has happened with fun pub. They also never upgraded their security and left most of the info in public folders. So now they are forced to upgrade

As for TF Source, I've used my card there before and never had it used anywhere else, even during the breaches there. My info has always been safe

you got lucky i guess.

Tripredacus - 2012-03-07 @ 2:50 pm

man, i didn't see this must animosity back when TF Source had their breach last year.

I saw a bunch on other boards, just not so much this one.

Lord_Onslaught - 2012-03-07 @ 2:05 pm

The thing is, this isn't the first time this has happened with fun pub. They also never upgraded their security and left most of the info in public folders. So now they are forced to upgrade

As for TF Source, I've used my card there before and never had it used anywhere else, even during the breaches there. My info has always been safe

puma - 2012-03-07 @ 1:39 pm

man, i didn't see this must animosity back when TF Source had their breach last year. My card got used on Toms.com to buy shoes during that breach.

For the current breach, my card got used for a google thing and a walmart.com transaction. I cancelled my card immediately and filed a fraud claim. I'm going through and changing all my passwords and watching my accounts daily.

Shit happens. There's a lot of a holes out there who are going to try and steal from you. Check your spam filter if you need proof. In this day and age, if you don't want your CC number stolen online you would almost have to stop using the internet all together.

Heavyassault - 2012-03-07 @ 1:22 pm

Just got $5 charge from some police/firefighter in NY thingy.

Thats how its starts.If it clears then they go spend crazy.Im canceling that card today..........

Lord_Onslaught - 2012-03-06 @ 2:02 am

In other words from Hasbro, this is your own fault go **** yourself and keep buying our product :wtf

Fun pub should have their license pulled for this, everyone knows it was their fault,

Post Your Comment Now! (membership required)


Shop for Transformers

Advertise Here on TFormers.com

More Collectors Club News


Advertise Here on TFormers.com













Entertainment News International (ENI) is the popular culture network for fans all around the world.
Get the scoop on all the popular comics, games, movies, toys, and more every day!

Contact and Support

Advertising | Submit News | Contact ENI | Privacy Policy

©Entertainment News International - All images, trademarks, logos, video, brands and images used on this website are registered trademarks of their respective companies and owners. All Rights Reserved. Data has been shared for news reporting purposes only. All content sourced by fans, online websites, and or other fan community sources. Entertainment News International is not responsible for reporting errors, inaccuracies, omissions, and or other liablities related to news shared here. We do our best to keep tabs on infringements. If some of your content was shared by accident. Contact us about any infringements right away - CLICK HERE