"A hacker found a crack in our defenses and got in," the company’s Q&A for its customers said. "...The main things the hacker accomplished were using our server as a platform to launch DDOS attacks on other sites and also swiping credit card information as we processed it from July 10th to the morning of August 6th."
One of two load-balanced servers was compromised, the company said, and it had no way of knowing which of the customers that had transactions during that period were processed on which server.
The company recommended that customers that made purchases during that period, or customers that stored credit card numbers with the site, change their credit cards. It said it had no information to indicate that encrypted credit card numbers of customers that did not make purchases during the period were taken, but could not rule it out.
OneBookShelf operates DrivethruRPG.com, DrivethruComics.com, RPGnow.com, DNDClassics.com, DrivethruCards.com, DrivethruFiction.com, Ulisses-ebooks.de, and WargameVault.com.
