|
Post by Alyce: Old Media Enthusiast on Dec 18, 2021 19:22:01 GMT -5
If you were using the site to purchase stuff lately, sure to check on your account just in case.
|
|
mistery
King Koopa
Posts: 11,586
Member is Online
|
Post by mistery on Dec 18, 2021 19:33:13 GMT -5
Worth noting that last part about there being no evidence of this information being accessed or used seems highly unlikely. There are a ton of reports coming out now of fraudulent charges being made with the leaked card info. AEW should probably issue a statement as well, considering they use PWTees for the merchandise store.
|
|
|
Post by Oh Cry Me a Screwball on Dec 18, 2021 19:56:07 GMT -5
Worth noting that last part about there being no evidence of this information being accessed or used seems highly unlikely. There are a ton of reports coming out now of fraudulent charges being made with the leaked card info. AEW should probably issue a statement as well, considering they use PWTees for the merchandise store. Yeah, about that...
|
|
mistery
King Koopa
Posts: 11,586
Member is Online
|
Post by mistery on Dec 18, 2021 20:11:55 GMT -5
Worth noting that last part about there being no evidence of this information being accessed or used seems highly unlikely. There are a ton of reports coming out now of fraudulent charges being made with the leaked card info. AEW should probably issue a statement as well, considering they use PWTees for the merchandise store. Yeah, about that... Yeah like I said, it seemed highly unlikely PWTees was telling the truth. And quite frankly they are setting themselves up for one really nasty class action lawsuit with that letter.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 18, 2021 23:17:30 GMT -5
Yeah I had fraud charge on the 7th of November,
That explains that.
I’m glad they can get out these letter out faster than their merch.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 18, 2021 23:22:17 GMT -5
Add me to the list of people who had fraudulent charges very likely related to this. I got hit for an unauthorized charge of $1000 at crypto.com.
|
|
|
Post by Jumpin' Jesse Walsh on Dec 19, 2021 0:00:14 GMT -5
Add me to the list! Got an unauthorized charge in my account in early November.
|
|
|
Post by Jedi-El of Tomorrow on Dec 19, 2021 1:20:52 GMT -5
Thank Zod that the card I used to purchase my Best Friends shirt was an old one and was no good and completely deactivated before November.
|
|
chazraps
Wade Wilson
Better have my money when I come-a collect!
Posts: 27,991
|
Post by chazraps on Dec 19, 2021 2:24:33 GMT -5
Oh wow, thanks for the heads up on this! I had a charge on November 12.
This is their second hack of note this year, after their text service was hacked in February.
|
|
|
Post by Oh Cry Me a Screwball on Dec 19, 2021 3:29:33 GMT -5
This is why I prefer to use PayPal on sites that will let me. No need to hand all these websites my direct CC info.
|
|
ayumidah
Wade Wilson
Don't bother pretending I seem fine, I like that I'm a mess
Posts: 27,403
|
Post by ayumidah on Dec 19, 2021 3:38:01 GMT -5
yikes.
|
|
chazraps
Wade Wilson
Better have my money when I come-a collect!
Posts: 27,991
|
Post by chazraps on Dec 19, 2021 20:47:17 GMT -5
Been a full day since the story broke and PWTees hasn't acknowledged it on their socials, just posting away about their David Arquette autograph like nothing happened. Really disappointing.
|
|
|
Post by Oh Cry Me a Screwball on Dec 19, 2021 20:50:01 GMT -5
Been a full day since the story broke and PWTees hasn't acknowledged it on their socials, just posting away about their David Arquette autograph like nothing happened. Really disappointing. They are pretty much doing the bare minimum here of informing customers of the breach, while hoping for no bad press, even though of course someone is going to post the letter on social media when they start arriving in mailboxes.
|
|
|
Post by Mayonnaise on Dec 20, 2021 16:06:39 GMT -5
Just because you haven't gotten a letter yet doesn't mean one isn't coming. I got one today. I had some charges pop up on October that this might explain.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 20, 2021 16:12:24 GMT -5
Been a full day since the story broke and PWTees hasn't acknowledged it on their socials, just posting away about their David Arquette autograph like nothing happened. Really disappointing. They are pretty much doing the bare minimum here of informing customers of the breach, while hoping for no bad press, even though of course someone is going to post the letter on social media when they start arriving in mailboxes. Man, I wish other companies had a bigger piece of the wrestling merch pie, because I feel like PWTees does a poor job at handling all of these disasters.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Dec 20, 2021 16:23:05 GMT -5
Got a letter the other day but it doesn't look I've had any fraudulent charges. Tempted to cancel and replace my cards just in case.
|
|
|
Post by Oh Cry Me a Screwball on Dec 20, 2021 17:25:36 GMT -5
Just because you haven't gotten a letter yet doesn't mean one isn't coming. I got one today. I had some charges pop up on October that this might explain. I feel like relying entirely on snail mail (especially after the 2020 restructuring of the post office) to inform customers is a bad idea. Do they not have some way of emailing affected customers to ensure everyone gets notified?
|
|
|
Post by Dr. Bolty, Disaster Enby on Dec 20, 2021 17:39:38 GMT -5
Got a letter the other day but it doesn't look I've had any fraudulent charges. Tempted to cancel and replace my cards just in case. I got fraudulent charges, and they disappeared by the time I did replace my cards. I'd recommend going for it just in case you had something similar to that, since that's a protection for the future even if you haven't lost anything yet.
|
|
|
Post by Mayonnaise on Dec 20, 2021 17:53:08 GMT -5
Just because you haven't gotten a letter yet doesn't mean one isn't coming. I got one today. I had some charges pop up on October that this might explain. I feel like relying entirely on snail mail (especially after the 2020 restructuring of the post office) to inform customers is a bad idea. Do they not have some way of emailing affected customers to ensure everyone gets notified? The big issue I see with emailing would be people thinking it is phishing and ignoring it.
|
|
|
Post by ANuclearError on Dec 20, 2021 17:53:45 GMT -5
Just because you haven't gotten a letter yet doesn't mean one isn't coming. I got one today. I had some charges pop up on October that this might explain. I feel like relying entirely on snail mail (especially after the 2020 restructuring of the post office) to inform customers is a bad idea. Do they not have some way of emailing affected customers to ensure everyone gets notified? The fact that they're not sending emails out is utterly amatuerish.
Now, full disclosure, I've never bought from them before personally. However, from doing a quick check, it's immediately apparent that an e-mail address is mandatory to purchase an item, even if you don't register an account with them (I assume you get a digital receipt upon order completion). I also assume that they already send marketing emails to existing customers, but I don't know if they include people who order without accounts. I do not for one second believe that sending physical mail was easier or better than connecting their existing automated email systems with the orders rather than the registers accounts.
Someone earlier suggested that not sending emails could be due to fears of being mistaken for phishing. There's an easy solution for that: don't include any URLs in the email. Phishing scams depend on people clicking URLs that look legitimate on the surface, but aren't. Unless they can guaran-damn-tee (and I'd still doubt them) that they've not been breached, the email should tell people to change their PWtees passwords, and if people are still reusing the same password across multiple sites... DO NOT DO THIS! No exceptions!
Frankly, right now I'm skeptical as to what security procedures they have in place. For example, I have the following concerns:
- They must have had talent-side information in order to process royalties to talent. Has that data been compromised as part of the leak?
- Were account details and passwords compromised as part of the leak? If so, have they used an industry-standard encryption on credentails such as a hash/salt?
- Why did they decide to use physical mail to communicate with this despite the fact that the majority of their business is done online? Botching a cover-up of a data breach is arguably more difficult to reputationally recover from than a breach itself.
- Why is there still nothing on their social media accounts?
The data breach in itself is a really poor job, but people are generally gonna be more sympathetic when it is met with transperency, honesty and promptness. I do not believe any of those 3 are present here.
Amateurish. As someone who is both a wrestling fan and a software developer, this annoys me a lot.
|
|