My bank contacted me: Credit card info stolen from PoE site

"

Xavderion написал:

You basically trolled Chris out of bed in the middle of the night, which is kinda funny but in a bad way.

Kinda is if you try to remember how many times Chris trolled us :)

Still, this was like prank calling someone in the middle of the night telling him his grandfather just died in a freak accident involving a pair of humboldt penguins and a concert piano. Not a quality troll.

Do I really have to point it out? Do you consider that this might be a scammer that has contacted you with false identification? If I were you I would not click on any link that might be presented in the mail/msg or whatever.

Here in the USA any transactions overseas or other than my state raises a red flag to banks. I have worked at American Express I can tell you we as customer service providers SEE an entire history report including your full credit card number. It is absolutely possible for a rep from your bank to steal your card information. It happens... Will they ever admit it... No.

Anyone can steal your info from your pc if it's not highly guarded. However in the day of social media it's extremely irresponsible to blame any party, you could find yourself in serious trouble. Legal trouble... I can't count the times people on yelp, Facebook etc have lied about a company performance only to be sued for damages because he/she thought it was cute to play a prank.

If your bank info is potentially compromised the issuing bank will sometimes contact you and advise on the most recent transactions... nothing more.

I've had this happen many times over the years and never once had the bank accuse a merchant of being the source of the problem.

I also have a linkpoint merchant account, so know the other side as a merchant with these issues too, and I can tell you its very hard knowing where security breaches happen.

Is POE the only merchant you ever use that card for?

That would narrow down the possibilities, but your bank info could also be compromised at the bank level itself.

CC have fraud protection too - not sure why you would even make a post like this unless you really hate this game, because you cant prove anything beyond knowing you made a purchase here.

for all we know the bank story could be totally made up and op is covering his own ass searching for someone to blame

lesson learned...less porn

"

ventiman написал:

lesson learned...less porn

I don't want to be 'the porn guy', but as an atheist I find it amusing that religious websites are actually more dangerous here. Large, profitable companies tend to invest money in making their sites safe so that people keep coming back and watching ads / paying a subscription.

By contrast, religious sites tend to be done by well-meaning but inexperienced volunteers who have little knowledge of web security. Trying to go to the website for my parish using HTTPS results in an NET::ERR_CERT_AUTHORITY_INVALID error. I mean, that's as basic as security gets tbh. :/

A better lesson might be "less theism."

My bank once called me after I made a Steam purchase and said they suspected I'd be hacked.

They said the reason for this was it was "unusual activity" on my account that had not been seen before. It coincided with me buying something like $80 worth of games on Steam in three separate transactions. I verified I'd made each of the purchases and that was that.

Basically, they didn't recognize Steam at the time and what was happening did not match my previous account history. So they felt worried enough to call me. This sounds different than what the OPs bank sees. You should not be talking to your bank I'd think, or GGG but your actual credit card company so they can trace the entire transaction.

A VERY VERY common thing that happens with credit cards and video game related companies is that it will make a flag if you spend a lot in a short period or make a large purchase as these types of markets are very profitable for thieves.

So here is my guess as to whats happened. You did not state how much you were "hacked" for and not to mention that ANY AND ALL credit card information that is stored is always encrypted (nobody is breaking 128bit credit card encryption not even NASA.) these days most especially the CVV number.

Im guessing the OP bought a few supporter packs which is out of his normal spending habits and the bank called to "warn" him of a potential hack and to check his purchase information to confirm, OP then made some wild speculations in his head and quickly made his post without thinking anything through.

OP here again, I apologize for my quick reaction, which in retrospect was an over-reaction and

I was honestly quite frightened.
When re-reading my original post, I see that it is suboptimal, and also ambiguous. However, I do not see that I am making allegations against the GGG team; my hope was to warn them of possible hackers.

No, I had not considered the call to be a scam, since the number was from my bank, but now I see that this too is conceivable, and I could have been mislead. I did re-call the bank, spoke to the same person, and he told me this is not a joke and not a scam (and my card is voided), but his second telephone conversation DID seem more vague than the first. I would not have made this second telephone call if some people here had not made constructive helpful responses, so thank you for that.

EDIT: And no, the warning to me came from the service provider for the bank, not from the bank itself -- they warned my bank so to speak. No, it was not additional purchases outside of my normal spending habits that made the bank believe someone else was making purchases with my card and me not thinking it through

Again, I do forthrightly apologize. I'm not sure if there is anytihng else I can do.
An extra apology to Chris, I am sorry for the disruption. I still do think that there is a possibility that your team needs to make sure that whoever provides credit-card services for your website might have been hacked -- I have no idea about software (obviously) but there seems to be at least some quantum of real threat. Again, I do not mean this as an accusation, but as a warning that someone might have (successfully) hacked some data.

"

onomastikon написал:

When re-reading my original post, I see that it is suboptimal, and also ambiguous. However, I do not see that I am making allegations against the GGG team;

Thread title:

"

My bank contacted me: Credit card info stolen from PoE site

Come on now...

Hopefully your stuff gets resolved and nothing happened, but you have to be careful and realize that writing something like that will create waves.