Reaper website hacked, customer info stolen

As someone who’s getting more and more into miniatures gaming, it scares me a bit to hear what just happened to Reaper Miniatures. A group of hackers has stolen Reaper’s customer information, including credit card numbers used on the site’s online store, and is demanding money to keep from making the information public on the web. Hopefully the FBI and whoever else gets involved in this sort of thing can sort it out soon, and let Reaper get back to concentrating on great miniatures. The full announcement from Reaper’s website is reprinted below.

Notice posted on Reaper Miniatures website:

An international group of professional hackers has used a new exploit to grab the encrypted user information of at least several dozen companies in the US. This attack targeted all of these companies respective eCommerce sites. Among these companies is Reaper Miniatures. This puts us in the elite company of Amazon.com and Microsoft, so I guess we’ve finally “made it”.

These criminals are demanding an extortion fee to prevent them from making sensitive user information public on the internet. They have told us they are able to decrypt our customers’ credit card information. We cannot verify this fact, however it is prudent to inform our customers of this possibility so they may take appropriate action.

We will not succumb to their threats, and are instead going to our customers so they can take appropriate actions to protect themselves.

We are in contact with the FBI and other law enforcement agencies to deal with these criminals. We have taken our store offline while we evaluate any existing threats.

In addition to this news bulletin, we will be emailing and calling any customer this issue may have affected. For correspondence regarding this, please direct all queries to hotline@reapermini.com.

Please do not call us directly, rather email with any questions. We will respond to your email messages in a timely fashion in the order in which they are received.

6 comments

  1. That sucks. Reaper is a fine company and its sad to see such a thing done to them. They’re just a small company trying to make a buck like everyone else. I hope they’re able to nail the ones responsible and get this behind them.

  2. It’s unfortunate that Reaper got snagged by this, just for trusting their e-commerce solution to do their job correctly. (It’s unfortunate for the e-commerce provider, since they trusted their software vendor to provide a secure solution.)

    I sincerely hope that the perpetrators are identified, captured, and persecuted to the fullest extent of the law.

  3. Unfortunately, the law is outdated and not severe when it comes to computer-related crime, with the exception of cyberstalking, even that is not enough to bring satisfactory justice. It can’t be helped. Government is slow and always reactive rather than proactive.

  4. The sad part is, it makes people nervous about e-commerce in general. You are probably 1000 times more likely to suffer fraud due to face-to-face transactions or postal mail theft than you are to experience anything like that on the Internet.

    Well, as long as you visit sites that run secure connections, etc …

    D

Comments are closed.