First off, let me say that so far there does not appear to have been a single other case or even suggestion of a security breach at Digital River. As of right now, all we have is the single report from the other day.
The original poster has now taken down the initial post, but put up a new one describing a call he received from a Digital River representative who was seeking to identify him as one who made the initial report.
He expands on it in a later post:
The rep did deny DRI ever having been hacked. That was when I brought up the published articles about the hacking from 2010, and the Feb 28, 2012 system failure.
She didn’t say anything else about the hacking. It was then that she became very reassuring and said she would make sure that my subscription was updated.
But that’s not really the issue anymore. The security issue was well taken care of in my opinion.
My problem is that I received a phone call asking me about twitter posts and blog posts from a company that works for Mattel… Someone at that company was ordered to contact me about my Org postings, which had been posted on Twitter by a third party. I never asked them to do this, not did I authorize them to use my account information that way.
I find that disconcerting.
I imagine someone working for Mattel or DRI could easily have used my website posted in my signature (here on the Org) to identify my full name, which was then used to access my Mattycollector account to acquire my cell phone number.
That was not done to reassure me that my subscription would be updated.
I believe that because the first comment from the rep was that she was calling about “blog postings” – that her “team” had seen them on Twitter.
And I agree it’s creepy they tracked him down, though I’m still a bit unclear on what they were hoping to accomplish. I do understand why they’re concerned about it – even a rumor of a security breach is very bad PR for a company like Digital River. While some posters on He-Man.org suggest that the mere fact that DR contacted the poster is confirmation a breach took place, I think it’s just as likely they’re simply worried about the PR angle, especially in light of the recent troubles they’ve been having.
On a side note, a journalist for a tech website contacted me to find out if there was anything new on this issue. I informed him that no new credit card breaches had been reported, but linked to the second post (about the “stalking”) and asked whether he’d heard anything in his own circles. He replied that Digital River is acting “weird.” Take that as you will.
I have no idea what’s going on, and anything I write would be pure speculation. If you ask me, Digital River’s handling of Mattycollector since its creation has been far too much of a mess for this to be viewed as “unusual” behavior. It’s not like they’re usually running everything perfectly and then suddenly do something like this and it’s suspicious; they’re constantly screwing up and doing odd stuff. So unfortunately we just don’t have anything to go on, and, I suspect, we won’t unless more credit card breaches are reported.