NISA Online Store Data Breach

Discussion in 'Video Games' started by MotionBlue, Feb 28, 2018.

  1. MotionBlue

    MotionBlue Member Original Poster

    #1
    Just received this email:
    Looks to be legit. Awful timing, since they had just announced preorders for Labrinyth of Refrain recently.
     
  2. Squarehard

    Squarehard Member

    #2
    Good thing I didn't make any purchases as of late.
     
  3. Eolz

    Eolz Member

    #3
    Seems that the european online store hasn't been affected at least. Hope that nothing bad happens to american customers though.
     
  4. Curler

    Curler Member

    #4
    Was just about to post this... My credir card I use on there just got a fraud charge 2 weeks ago. I got my new card and was trying to contact them on updating my number, but they removed the phone number off their site! After they had extended maintenance the other day, it explains why.

    I need to upgrade info (safely) for my pre-orders and I still have new ones to make :x (looks like they are sending out emails for a "pay when you want" basis via Paypal).

    Really crappy breach though... Always thought of NISA as one of the safer sites.
     
  5. Yasumi

    Yasumi Member

    #5
    Whew, good thing I only ever used Paypal on there.
     
  6. MotionBlue

    MotionBlue Member Original Poster

    #6
    Its inevitable really, but odd to target such a niche website. I haven't had anything crop yet, but I'm always alert for odd charges.
     
  7. Chrono

    Chrono Member

    #7
    Man, I'm glad I didn't pre-order anything within this time-frame. Sorry to all of those affected. :(

    I guess this is further reason to switch over to PayPal entirely, whenever it's available.
     
  8. Curler

    Curler Member

    #8
    You might want to consider requesting a new card asap. Looks like I used another card on the site, and will be changing that too. Better safe than have to deal with fraud claims (but moving pre-orders over is the REAL pain).

    So shady though... I NEVER think of double-checking for redirects when checking out :x


    I would, but I hate that most storefronts have Paypal as "pay right away". I'd rather pay later on when it actually comes out, personally.
     
  9. Skulldead

    Skulldead Member

    #9
    That would explain i got my card clone the other day after i pre-order 2 collector's.... they tried to buy 3800 dollars in a Italien Cloth Store.... no way it would have pass. It would be nice for them to contact us to make change for changing number card and not us running for them to charge us in this case.
     
  10. Curler

    Curler Member

    #10
    Mine was for clothes too! Some Karmaloop street wear store.
     
  11. Xita

    Xita Member

    #11
    Looks like I’m good since I haven’t been on that website since V3 came out. Sucks for those who are affected by this.
     
  12. Chrono

    Chrono Member

    #12
    That's why I tended to go with credit card when it's available, but the more stories such as this happen, it kind of continues to push me towards PayPal, even though I'd need to pay up-front. I hate having my credit card stolen and having to go through all of the replacement situation.
     
  13. Curler

    Curler Member

    #13
    I get my cards replaced bi-annually >_> Bank doesn't notify me just "oh you might've been breeched! Here's a new card!!" It sucks...

    I think I might just start doing Paypal more when available. It sucks, but this sucks more...
     
  14. MCN

    MCN Member

    #14
    OK, in the UK the Nisa name is associated with low-rent convenience stores. The thread title confused me for a moment.
     
  15. Skulldead

    Skulldead Member

    #15
    When the bank call me i was like, i went to italy like 4 years ago, it could explain why it got clone there(but at same time i probably have change card since then), happy to know the source now i'll be a lot more careful next time.

    I can't really blame them i'm working as a programmer in security for my bank, i know exactly how these thing work, it actualy pretty easy to replicate, this why i use credit card 100% of the time because assurance that they give for that kind of fraud.
     
  16. Het_Nkik

    Het_Nkik Member

    #16
    Oh man, I'm lucky. I placed my SNK Heroines order on January 11th and with PayPal.

    Sorry for all those affected. It fucking sucks.
     
  17. #17
    Ass.
     
  18. Aigis

    Aigis Member

    #18
    I got the special edition of danganronpa v3 from them when it came out, so I panicked for a sec, but thankfully thats outside of the date range
     
  19. Curler

    Curler Member

    #19
    What I wish, is that more site would make it simple like Amazon (or even the Square Enix Store of all places) to ne able to login and change your info.... Calling every place during business hours is annoying -_-
     
  20. Chrono

    Chrono Member

    #20
    Given the state of online security, getting your cards replaced bi-annually isn't a bad idea. Mine lasts a few years and I'm generally pretty careful about where I spend it, but I'd be lying if I said it wasn't a constant worry. With PayPal I don't really need to concern myself, and some stores allow later payment and not up-front (it's definitely a rarity though, unfortunately). I agree that early payment definitely sucks less than a credit card breach, that's for sure.

    Sorry about that situation you find yourself in, I hope you're able to switch over your pre-orders (if any) to your new card when it comes.
     
  21. sinonobu

    sinonobu Member

    #21
    Fuck my life. Pre-ordered Coven limited edition without using Pay-Pal.

    I'm probably going to never touch nisa online store again.
     
  22. AniHawk

    AniHawk Member

    #22
    i got hit too, but getting a new card tomorrow and the fraudulent charges removed from it, and the other card canceled as a precaution (it wasn't hit). this is the only time in the ten years they've been running that this has happened as far as i'm aware.

    also the second time in 5 years i've had to get a new card due to fraud. pretty sure the last two times were both because of amazon.
     
  23. Curler

    Curler Member

    #23
    Yeah I've been buying since the Rosenqueen days, and this was a first. My other fraud had previously been from Video Games Plus... I wonder if they ever fixed their site?
     
  24. Chrono

    Chrono Member

    #24
    Rosenqueen, that brings me back.

    And nope, it's still recommended to use PayPal on VGP. As for whether it's safe or not...I'm not willing to take that risk, haha.
     
  25. Ventara

    Ventara Member

    #25
    Phew, I'm safe. Sucks for those affected and I hope they get things resolved quickly.
     
  26. Shizuka

    Shizuka Member

    #26
    I didn’t get an email. Am I safe?
     
  27. Mankoto

    Mankoto Member

    #27
    This lines up with what happened with a card I had JUST got a couple of weeks ago. I thought I was going crazy since I only used it IRL one time and online one time. Never imagined the perp would be from this.

    Well, whoever it is got their car fixed and purchased about $800 worth of groceries all on the same day... What a guy
     
  28. Echo

    Echo Member

    #28
    If you made any purchases from NISA's American website between Jan. 23rd - Feb. 26th, no, you're not safe.

    And this is why I use stuff like NoScript. Yeah it breaks the internet, but... safety first! :)
     
  29. DeuceGamer

    DeuceGamer Member

    #29
    I guess that’s why I found an unauthorized transaction on one of my cards just this morning. Already cancelled that one and will probably cancel a second one as a precaution.
     
  30. Curler

    Curler Member

    #30
    I use NoScript too and this still went through :/
     
  31. Echo

    Echo Member

    #31
    If the script was attached to NISA's server and you opted to set them to "Trusted" then yeah of course it still went through.

    I'm honestly surprised it took this long for NISA's store to get hit, for a long time they didn't even have https. Last thing I ordered from them though must have been the Neptunia Victory LE from back in 2013 lol.
     
  32. Curler

    Curler Member

    #32
    Problem being is that if you fon't allow in the main site and some scripts relating to the store, then nothing will work at all to make a purchase. I figured it was tied to the original site, in this case. I keep an eye out for any unknown names that pop up, but yeah it's not always easy...
     
  33. Wagram

    Wagram Member

    #33
    Luckily I haven't made a NISA purchase since Ys 8. Still that sucks.

    That $5 discount though. Totally makes up for possible identity theft and credit card fraud.
     
  34. Lizardus

    Lizardus Member

    #34
    I put an order in on Feb 15 for Fallen Legion LE using PayPal so I'm good I think. Haven't received an email from NISA and I don't see any suspicious charges. However, I think they may have gotten my email address because I've received few emails in past couple weeks that basically go like "Here is a receipt for a transaction made through apple app store etc. Please click on this link to review or cancel order". I'm guessing that this will take me to a fake storefront and I'll be prompted to log-in with my info.
     
  35. #35
    I work for a small local credit union, it's insane how much card fraud we have seen in the last two years. Stuff like this is all too common these days, unfortunately. Luckily our automated system is fairly good at catching unfamiliar charges, but in a situation like this we obviously recommend changing your card number ASAP and being vigilant for any potential fraudulent charges, since it's not always large amounts they try to get away with and something like a $4.99-9.99 charge is far easier to slip by you than a huge amount. Also, kinda random, but if you happen to use Uber, double check any charges to verify they're yours... a large trend lately has been using stolen card numbers to pay for transportation services.
     
  36. TheLastOne

    TheLastOne Member

    #36
    Wow, this one is pretty horrifying. I mean I understand compromised databases and stuff like that, but to have a rogue script and redirect on your page for a month? Ouch.
     
  37. Curler

    Curler Member

    #37
    $5 is still a nice gesture, considering the mess. As seen above, it's not uncommon at ALL anymore for something to happen, anywhere. If someone tries, they can get in almost anywhere, I'm sure. So, this was NISA's turn to get hit :/ There's definitely horrible website security (Video Games Plus), but it doesn't matter, it can happen anywhere. NISA wasn't even aware of it until a couple days ago, so it looks like the breechers were sneaky with it. Still good that they shut down the store and took care of it ASAP, AND gave a detailed, transparent notice on what went on. Major breeches (Equifax) are usually pretty horrible on these sort of things.
     
  38. Kvik

    Kvik Member

    #38
    To avoid my CC number from being harvested in situations like this, I actively try to limit the number of online stores which has my CC number. Apart from Amazon, I pretty much have to enter my card # again each time I make a purchase. Visa has a 2FA feature for purchases larger than a certain amount but I don't think every single store has the means to implement it.
     
  39. Cherubae

    Cherubae Member

    #39
    I use Noscript when shopping but sometimes it blocks payment systems that sites are using to manage their ecommerce. In my case, I remember unblocking a few things to get my NISA store purchase to go through on the 23rd. I get alerts from my card company if a purchase is made, and nothing unusual has popped up yet. It's been less than a week though, meh. What a pain...
     
  40. t26

    t26 Member

    #40
    I placed an order during that time but so far nothing on my credit card activity
     
  41. koutoru

    koutoru Member

    #41
    Wow this sucks. I don't make purchases off their store, but this sort of thing would make me think twice before doing so.
     
  42. Kresnik

    Kresnik Member

    #42
    I haven't been able to order from the NISA store in years as a European customer, but this is a bummer to hear. A month without noticing is pretty rough.
     
  43. #43
    So...things are ok going forward right? Safe to place orders again or do you guys think we should still wait?
     
  44. OmegaDL50

    OmegaDL50 Member

    #44
    Would have been nice for NIS to actually sent out an email alert to everyone to change their account passwords.

    Even if you haven't bought anything on NISA Webstore, I'd change your password anyways if you have an account there folks.
     
  45. Curler

    Curler Member

    #45
    I would assume so, after the site being down for a day fixing the problem. I still have orders to make >_>


    They did in the email:

    It's always a common sense thing too, to change passwords in any kind of breech.
     
  46. OmegaDL50

    OmegaDL50 Member

    #46
    Not everyone got an email from NISA about this issue, I certainly didn't. The point I'm making is when it comes issue to a security vulnerability, you don't just warn your most recent customers with account, they need to warn EVERYONE who has an account on their store.
     
  47. Menx64

    Menx64 Member

    #47
    Oh boy... I pre-ordered a couple of games, just after changing my CC two months ago... Now I have to do it again. :(
     
  48. Cherubae

    Cherubae Member

    #48
    NISA sent out another email about this today. Apparently the malicious process reinstalled on the 28th, so anyone who used their credit card and purchased between Jan 23 and Feb 25, and then again on Feb 28, had their account information compromised.

     
  49. Curler

    Curler Member

    #49
    Geeze that software is really malicious :/ Can't believe they got in again.
     
  50. FantasyZone

    FantasyZone Member

    #50
    Think I'm done ordering directly from NISA after all this. $5 is not enough to get me to order from their store again (pre-ordered Coven as soon as it was announced).