More Digital River Weirdness

First off, let me say that so far there does not appear to have been a single other case or even suggestion of a security breach at Digital River. As of right now, all we have is the single report from the other day.

The original poster has now taken down the initial post, but put up a new one describing a call he received from a Digital River representative who was seeking to identify him as one who made the initial report.

He expands on it in a later post:

The rep did deny DRI ever having been hacked. That was when I brought up the published articles about the hacking from 2010, and the Feb 28, 2012 system failure.

She didn’t say anything else about the hacking. It was then that she became very reassuring and said she would make sure that my subscription was updated.

But that’s not really the issue anymore. The security issue was well taken care of in my opinion.

My problem is that I received a phone call asking me about twitter posts and blog posts from a company that works for Mattel… Someone at that company was ordered to contact me about my Org postings, which had been posted on Twitter by a third party. I never asked them to do this, not did I authorize them to use my account information that way.

I find that disconcerting.

I imagine someone working for Mattel or DRI could easily have used my website posted in my signature (here on the Org) to identify my full name, which was then used to access my Mattycollector account to acquire my cell phone number.

That was not done to reassure me that my subscription would be updated.

I believe that because the first comment from the rep was that she was calling about “blog postings” – that her “team” had seen them on Twitter.

And I agree it’s creepy they tracked him down, though I’m still a bit unclear on what they were hoping to accomplish. I do understand why they’re concerned about it – even a rumor of a security breach is very bad PR for a company like Digital River. While some posters on He-Man.org suggest that the mere fact that DR contacted the poster is confirmation a breach took place, I think it’s just as likely they’re simply worried about the PR angle, especially in light of the recent troubles they’ve been having.

On a side note, a journalist for a tech website contacted me to find out if there was anything new on this issue. I informed him that no new credit card breaches had been reported, but linked to the second post (about the “stalking”) and asked whether he’d heard anything in his own circles. He replied that Digital River is acting “weird.” Take that as you will.

I have no idea what’s going on, and anything I write would be pure speculation. If you ask me, Digital River’s handling of Mattycollector since its creation has been far too much of a mess for this to be viewed as “unusual” behavior. It’s not like they’re usually running everything perfectly and then suddenly do something like this and it’s suspicious; they’re constantly screwing up and doing odd stuff. So unfortunately we just don’t have anything to go on, and, I suspect, we won’t unless more credit card breaches are reported.

20 Comments »

Comments now closed (20)

  • On a slightly unrelated note, I got an email from them reminding me to call and update my credit card details for my DC Club Infinite Earths sub, fair enough, but I'm in the UK, does anyone know if there's another way to do this or do I have to make an expensive transatlantic phone call?
    Cheers in advance.

    • I got an email from Matty saying that if I needed to update my address or CC information, I had to call the 1-800-GO-MATTY number, not just update it on their website. Apparently, the info on the website only updates for purchases you go and make on the site, not your sub purchases. So I guess DR has two separate sets of addresses and CC numbers for people on Mattycollector.com. I guess this explains why wrong CCs are being charged and people's figures are being sent to the wrong addresses.

      • Not entirely correct. You have to go into the original subscription order number from when you first signed up last year and edit the credit card or address info there. If you just do it on the main account page then no it will not work for your subs. But if you go into the original sub order from when you first subscribed last year it will work. I did it in February and had no troubles that month or with my renewal this month.

        • Out of curiosity, was that before or after they started working on "improving" the subscription management process? (the "My Subscriptions" link on you Matty account that isn't working at the moment)

        • It was a few days before the Feb sale so the 13th which I believe was after they took down the My Subscriptions link. I know I didn't go through the My Subscriptions page because I had to use the "Quick Order Look Up" function under the Help/FAQ page on MattyCollector.com after logging in. Enter that sub order number from last summer/fall and it should take you to the sub order info page. Then just click on the edit payment link and follow the directions. You basically add a card just like through the regular account update page but this one updates your subscription order directly. It is the same thing they do through the customer service line when you call because I've had them do it that way in the past as well.

        • Thanks to everyone who replied, I appreciate you taking the time to help. I got an email from DR telling me no dice, I had to call them, so I phoned and updated that way. It actually didn't take too long and the operator was lovely to speak too. She did seem a little confused as to why I was calling though. Oh well, if Metron doesn't turn up next month I'll throw my toys out of the pram then!

  • Weird. It would be less creepy for Digital River to email him about this, but even that would be kind of creepy since they’re doing some web scraping to track down the person’s contact information. The best resolution would be for Digital River to make a statement on He-Man.org in that thread. Maybe they’re worried about some forum members giving them lip, but I think most of them would be happy to get some kind of official response.

  • Now THIS is news. I appreciate your ongoing coverage of this, Poe. It's not often in the Toy collecting world that something comes along that's honestly newsworthy and bears continuing follow ups. Kudos, Sir.

  • Constantly screwing up and doing odd stuff is one thing; internet stalking is quite another.

    Yes, it would help if we could get some specific explanation of what DR was trying to accomplish with this, but in the long run, it doesn't matter. It was out of line no matter the reason.

    • Which thread? The newest one that Poe referenced and quoted is still up. I just commented in it.

      • No the original thread the guy started about the "hacking" not the new thread about DR calling him. The hacking thread he apparently deleted.

  • "In a world where toy discussion is monitored and recorded for quality assurance purposes, one man dares to speak the truth!"

    "The River has Eyes"- based on a true story.
    You will believe that your toys are watching you!

    Starring:
    Hugo Weaving as the DR agent
    John Cusack as the concerned customer
    Joe Pesci as Toyguru
    Morgan Freeman as Poe Ghostal
    and a young Ron Howard as Matty Mattel

    Special appearance by Schwarzennegar, Stallone, Willis, and Lundgren as the Four Horsemen

    Rated L for Logistics!

  • It's not really creepy. People have a false sense of anonymity on message boards. DR tracking someone down to resolve an issue that could destroy their business sounds like a smart move on their part.

    That being said DR sucks and from the sounds of everything else reported, it definitely feels like there is a bigger problem at hand. Hacker's seem to be targeting these small collector sites, first Fun Publications now possibly Matty…

    • I think people have an expectation that their online accounts are separate. I’m sure this dude didn’t purposefully connect his MattyCollector.com account with his He-Man.org account, and didn’t even want to. When somebody else does the connections for us by web scraping, it can feel like an invasion of privacy.

      Obviously, there are companies that specialize in this and scrape profiles of us together from our Facebook, Twitter, and forum profiles. But that’s creepy too. And if I were part of a customer service company, I certainly wouldn’t be prying in users’ other accounts without their permission.

  • I think Mattel is working so hard to screw up MOTUC. I live in Spain, and every month is like a nightmare. Shipping times is longer than reasonable, even for ordinary mail, and I can´t afford 30$ for UPS shipping monthly. I have not received Star Sisters or Wind Raider yet, and all Matty has done is a refund for the vehicle after I ask for my order. Really, I regret buying this year subscription, and I will not buy 2013 sub although they promise me a 7" scale Castle Grayskull for free.

  • If only digital river spent that kind of time and effort into not making themselves look bad, instead of Sherlock Holmesing some dudes identity to stop him from trying to make them look bad.