Post your suggestions or feedback about the site here.
By Zorjin
#4938762
Hi,

After purchasing product on GBFans, I've had fraud charges show up on my credit card later, which I had to cancel and get a new card. It solved the problem until I bought something else off GBFans and started getting fraud charges on the new card. I bought something off a 3rd card and sure enough, that one soon also had fraud charges. All of the fraud charges are purchases at clothing and shoe stores too.

I brought this up in proton pack building groups and dozens of people have come forward at this point saying the same thing happened to them. This site is compromised for purchases and is somehow leaking credit card information. I'm sure it's not intentional but this seems to be a big problem.
User avatar
By mike_waclo
#4938783
Huh... Interesting. My debit card was compromised in June, July, and August (Three different cards with the same bank, replaced after each instance of fraud) and I did make purchases from the shop near the beginning of each of those months. Could there be some sort of breach with the card processing company?
Last edited by mike_waclo on September 1st, 2020, 10:25 am, edited 1 time in total.
User avatar
By AJ Quick
#4938785
Hello,

GBFans.com does not store credit card information. All credit card data is encrypted and sent to PayPal through a secure connection. I take these allegations very seriously so I have spent the past day reviewing all code related to the handling of credit card data between our site and PayPal. I scoured logs reviewing inbound and outbound connections. I've run virus scans and searched manually for malicious code that could be running, intercepting or otherwise hunting for data.

At this time I have found no evidence anywhere that any credit card data is being collected or transmitted anywhere but through the secure connection to PayPal's servers.

I believe what you are finding is called "confirmation bias". You believe credit cards are being compromised on GBFans.com, so you asked others if they also had their credit cards compromised. Many told you they did and that confirms your assumptions that it occurred at GBFans.com, without verifying if they even made a payment on the site using their credit card instead of using PayPal directly for example. This also neglects the very real fact that credit card fraud is at an all time high in 2020. The pandemic has forced more and more people to start shopping online and using their credit card more often. The odds of intersecting someone who made a purchase at GBFans.com and also had a credit card compromised are high. That does not mean the credit card was compromised at GBFans.com.

I will continue to search diligently for any possible sources of ingress into the server, however at this time it appears our services are secure.
NotSabbat liked this
User avatar
By mike_waclo
#4938789
Thanks for the update, AJ! I certainly didn't want to assume it was happening from this site... I've certainly made many more transactions at GBFans that never ran into any issues. Just unfortunate coincidental timing on my part, this year.
User avatar
By AJ Quick
#4938794
I want to also address some information I have seen put out on Facebook as a result of this:

No. The site is not in lock down.
No. Passwords have not been compromised.
No. Just because another site was compromised does not mean all sites you visit were compromised.
(If you use the same password for multiple sites: Change your password right now).

I am seeing people pass secondhand information around as if it were fact now. People are posting in private Facebook groups to which I am not a part of and cannot adequately address concerns so I am doing it here and asking that you pass this information along.

For example:

Someone had trouble logging into the forum. The forum said 404 file not found. Another person said the site was locked down due to credit card fraud as if it was a factual statement. Another stated that they had received emails regarding stolen passwords and that it might be related and another person said 'It's probably related.'

In reality. The first person was accessing the site through the wrong link. There was no lock down. There is no correlation between other sites being hacked and another site you visit also being related. Stop spreading false information instead of acknowledging that you actually just have no idea why something is occurring.

A simple typo in a URL results in people spreading information as if the site was being taken down by hackers. This game of telephone hurts GBFans.com and hinders my efforts to adequately find time to investigate these concerns as well as continue to ship products without delay.

    Are they just newspaper clippings or something? […]

    Patch 1.8.0/DLC 5 added two more -Bitter Cold: […]

    If you check the post below from reddit, one of […]

    got a link? It appears that some time today[…]