CornerStoreComics and Credit Card Exposure.

[samueljd]

Doesn't hurt to get a new card for free just in case you feel your card was compromised.

 

[Lee in MI]

The appropriate response to this whole situation should be cautious. Cancel your card, watch your other accounts, and wait until the full story comes out before you hurt a business that may not be to blame. Thomas still hasn't released any information regarding the processor, and until he issues the final statement claiming responsibility, there is no reason to boycott CSC.

Unfortunately, most of the response here and at Fwoosh is "burn CSC to the ground, I hate them, they raped my innocence, my entire life is over and some hacker from Siberia is going to steal my house."

Just cause you didn't read the entire thread:

Good afternoon.

You are receiving this email because there is sufficient reason to believe that the credit card(s) you have used to make recent purchases at CornerStoreComics.com may have been compromised.

Through the assistance of a network analysis company, the company that developed our website, the payment processing company, our staff, and the customers that have been very helpful in providing fraudulent transaction details, we have been able to verify that the primary order database was accessed via a dormant Internet payment gateway port that was being tested during the construction phase of the new site but never actually put into use.

Our research has not been able to determine how much access the perpetrator(s) may have had to the admin server, so we are alerting anyone that has placed an order since the launch of the new site to ensure maximum coverage. Orders from the old site were never attached to the new site, so credit cards used solely on the old site are not at any risk with regard to this situation.

The best recommendation we can offer is to either monitor your cards closely for any suspicious activity or call your credit card company to request that your card(s) be replaced as soon as possible in order to avoid any fraudulent charges. Any orders that were placed via PayPal could not have been impacted by this, so there is no need to monitor or make changes to cards or bank accounts used via PayPal’s system.

From the very moment that we heard there might be a problem, we began making changes to our system to eliminate the risk to new orders. Our entire order server was relocated, every system password was updated, encryption levels were verified, all ports were checked, and logging was expanded to cover every possible avenue of communication flow. Additionally, access to the admin server has been limited to localized IP addresses only and the processing company responsible for the Internet payment gateway has been eliminated altogether. The website has been securely locked down since the evening of March 6th (within an hour of identifying the pattern of fraud via reports from our customers), so all new credit cards provided since that time, whether through new order placement or as updated payment method, are secure and are not impacted by the security breech.

We are absolutely mortified that this could have happened to us and, more importantly, to you. You have our sincere apologies for any inconvenience these events may cause you.

Please feel free to forward any questions you may have, and we will do our best to answer them as quickly as possible.

Sincerely,

Thomas Gaul

President
CornerStoreComics LLC

714-626-0082

As you can see, he has all but admitted his part in all of this. So those who refuse to continue doing business with CSC are completely justified.

So I think your argument is....flawed.

 

[Studio49]

As you can see, he has all but admitted his part in all of this. So those who refuse to continue doing business with CSC are completely justified.

So I think your argument is....flawed.

Did you read the thread? I don't think you were paying attention if you did read it.

Page 30, post #296 from Thomas...
"Oh, and while the damage has already been done (to both us and our customers), it is starting to look as though we may be cleared of any wrongdoing in the credit card situation. I'd love to give you more details on that, but it looks as though I have to wait until Visa/MC complete their forensic analysis of our systems. What I can tell you is that we are currently exceeding their security requirements on all our systems, so at least we can say with confidence that the site and systems are all safe for use."

And from your own last post...
"Additionally, access to the admin server has been limited to localized IP addresses only and the processing company responsible for the Internet payment gateway has been eliminated altogether."

I think the guy deserves a chance to prove it was the processor's fault. Even if he is cleared, the damage has been done. From now until eternity, every time the name CornerStoreComics comes up, somebody will think it's their place to warn people not to order from them because of this situation that may or may not be CSC's fault.

I would love to know if all of you are also going to email every company you want to buy from in the future and ask if they are using Heartland processing? After all, they just allowed some hacker to complete the single largest security breach in history, and they successfully buried the news story by sending out a press release on Inauguration day. I don't imagine any of you take securing your identity THAT seriously, do you?

 

[Studio49]

I guess people never have been able to wait until all the facts are in on any given situation before they pass judgement. I bet none of you have ever tried to run a small business, much less keep one afloat in economic times such as these. Someone earlier in the thread wrote that CSC made the mistake, and now they should pay for it. Should they have to go out of business due to cancelled orders for a mistake like this? What is fair punishment in your eyes?

Thomas took responsibility and apologized for something that may or may not be his fault. Where I come from, men who humble themselves like that are forgiven. Order from them, or don't order from them, your choice. But canceling pre-orders you already committed to, and asking that cancellation fees not be charged is wrong. Thomas stepped up like a man, and some of you can't say the same.

 

[kl241]

The Heartland breach occurred last year. I received a letter about the Heartland breach informing me that my identity may have been stolen within weeks of receiving similar letters from my mortgage company and my stock brokerage firm. This was back in Sept '08. At which time I immediately purchased credit protection and put a freeze on my credit. The letters I received came almost 6 months after the security breaches had actually occurred and the companies involved had been keeping their customers in the dark during their investigation, similar to what CSC has been doing. Now all of the sudden everyone here who has made a purchase at CSC is suddenly hit with fraud at the same time, just weeks after they switched servers and initially admitted they left a vacant port open for testing. Now they are trying to cover their asses and blame it on the credit processor Heartland from the security breach last year which only went public on Jan. 20. Thomas already admitted their fault in this earlier and gave us every reason why we shouldn't trust them with our business. Now he's backpedaling because he has lost our business. I really don't think it was the payment processor or the fraud would have shown up sooner and more random but it's too coincidental that everyone here who has been hit with fraudulent transaction have all done business with CSC and we're all getting hit at once, just weeks after their server migration. This had to be a deliberate hack into their server through that access port they admittedly left open for "testing" and forgot to disable. They got sloppy and we got screwed.

 

[Studio49]

I really don't think it was the payment processor or the fraud would have shown up sooner and more random but it's too coincidental that everyone here who has been hit with fraudulent transaction have all done business with CSC and we're all getting hit at once, just weeks after their server migration.

That's not true. There are three cases of people being hit who did not use CSC with their cards, and I am one of them.

 

[Lee in MI]

And from your own last post...
"Additionally, access to the admin server has been limited to localized IP addresses only and the processing company responsible for the Internet payment gateway has been eliminated altogether.

And this doesn't mean that "the company who was responsible for our payment gateway" is also "the company that was responsible for the security breach". This just means whoever he was using, he ain't using em anymore. One doesn't imply the other. You're reading into what the man said and applying your own prejudices’ to it.

Nobody wants to see the man go out of business, but that doesn't mean anyone should feel obligated to continue doing business with him either.

I mean the man hasn't even offered up a discount coupon to anybody who got hit. And I tell you this, i've asked for some type of compensation just like I would if this was some other type of business. If I'm at a resturant and they serve my food cold, with a bug in it or with a funky attitude, I'm going to ask for the manager and ask him to do something about it. Take it off my bill or give me some comps. Doesn't mean I want the chief, cook or server to lose their job, but if after receiving said compensation, I decide I will no longer support that business, then that's my right!

And just in case you were wondering, I will consider doing business with him in the future. Like I said, my brother knows the guy and I have met him myself...real nice guy, but any future transactions with CSC will be CASH PICK UP ONLY. At least until guys like you test his new system out for about a year

 

[Studio49]

How many of your "hundreds" of victims also shopped at other 1/6 stores with that same card? You don't know. What if some of those hundreds got "double hacked" because the same processor was used? If other stores were also hacked that means either one of two things... 1. They were hacked by also leaving a port open OR 2. The processor was at fault. Take a deep breath, and relax for five minutes while the grownups figure this out.

Dave, the owner of this board also mentioned Heartland in reference to CSC. Are you calling him an ass for assuming the connection?

Thomas hasn't released the entire story. His last post said they were still waiting on some more information.

 

[abake]

Jesus guys, I think it's time everybody took a deep breath and calmed down a bit.
No need for name-calling or personal attacks.

What is it with people that they have to resort to that kind of attitude?

 

[Lee in MI]

Jesus guys, I think it's time everybody took a deep breath and calmed down a bit.
No need for name-calling or personal attacks.

What is it with people that they have to resort to that kind of attitude?

The whole story isn't even told yet. There could still be more fall out from this.

Like I said, guys from Raving Toy Maniac, Fwoosh, Action Figure Insider and Action Figure Times have all been hit...the gravity of which is still yet to be told.

I'll send out an apology from me and my brother to any other Freak that was offended by our comments.

 

[LChinoz]

Is it confirmed that CSC will waive the preorder cancellation fee for some people?

 

[Mesa]

The Amex that I had tied to my paypal account had to be cancelled and replaced as I mentioned many pages ago. I didn't even figure the impact to my paypal account, but since my main backup card was now cancelled, paypal wouldn't let me do anything, even with the linked debit card, until I added another credit card to the account. And I am as of yet unable to remove the primary and cancelled AmEx.

This may impact some of you that had your CC's tied to PP.

 

[Lee in MI]

Is it confirmed that CSC will waive the preorder cancellation fee for some people?

There have been reports that they have agreed to some but not to others. But if your card is cancelled, they can't charge you squat!

 

[Adoptedscot]

This thread is a very informative and useful one so please do not ruin things for others by getting into arguments with one another.

The situation is bad enough for some members losing not only their money but their identity, the last thing they need is to come here and find people being argumentative and insulting.

Please respect each other enough to remain civil as this is a very important thread to a lot of people.

Thank you
Shell
x

 

[icepho3nix]

Funny thing. I was a victim of this, and today, I got a large envelope with my name on it. I opened it, and there was a mouse pad and a piece of paper inside. Apparently, its from a gambling website, and thanked me for being a new member Of course I didnt sign up for this, and there was no way anyone else signed me up. So this is kinda funny xD

 

[Mike]

Thomas is a stand up guy and I will continue to order from CSC.

 

[PRIME]

Yup i got hit too canceled one of my card

 

[Darklord Dave]

The Heartland breach occurred last year. I received a letter about the Heartland breach informing me that my identity may have been stolen within weeks of receiving similar letters from my mortgage company and my stock brokerage firm. This was back in Sept '08. At which time I immediately purchased credit protection and put a freeze on my credit. The letters I received came almost 6 months after the security breaches had actually occurred and the companies involved had been keeping their customers in the dark during their investigation, similar to what CSC has been doing. Now all of the sudden everyone here who has made a purchase at CSC is suddenly hit with fraud at the same time, just weeks after they switched servers and initially admitted they left a vacant port open for testing. Now they are trying to cover their asses and blame it on the credit processor Heartland from the security breach last year which only went public on Jan. 20. Thomas already admitted their fault in this earlier and gave us every reason why we shouldn't trust them with our business. Now he's backpedaling because he has lost our business. I really don't think it was the payment processor or the fraud would have shown up sooner and more random but it's too coincidental that everyone here who has been hit with fraudulent transaction have all done business with CSC and we're all getting hit at once, just weeks after their server migration. This had to be a deliberate hack into their server through that access port they admittedly left open for "testing" and forgot to disable. They got sloppy and we got screwed.

Even though the Heartland thing was in Sept, I was just notified last week by my bank that they are replacing ALL debit/credit cards due to security threats. The day I received my new card was the day that fraud was detected on the old card. So, at least in my case, I have no idea how my card was compromised. I'm sure the bank's action has nothing to do with CSC but is part of a larger problem.

 

[Jiminydog]

Icephoenix, double check your credit cards, debit cards, etc. If I got that package I'd be concerned that something was not right.

A general warning to you all: if you have a debit card -- i.e., an ATM card with a credit card logo on it -- run, do not walk, to your bank and trade it in for a standard ATM card without the credit card logo. If an identity thief gets your debit card info, they don't need your ATM password, they can use it just like a credit card -- but the money is being siphoned directly out of your account. This happened to me a few years back and it took MONTHS to get the bank to reimburse me for the stolen money, which was a large sum.

Short story: ATM debit cards basically allow identity thieves direct access to your bank account.

 

[WestsideChino]

Make sure you call them to cancel any memberships. Also i might suggest getting a police report, this way if months from now you get an invoice you can send them a copy of your report stating there was ID Fraud. !st rule if you get an item you did not order from the mail, Dont Open IT !! just return to sender..