DriveThruRPG Hacked

By on 11 August 2015
OneBookShelf DriveThruRPG

Companies and websites getting hacked is a pretty regular occurrence these days. The latest victim is DriveThruRPG (also known as RPGNow), which has sent out emails to those who have made a card payment on the site since July 6th, as well as those who have their payment details stored on the site. The company has sent an email to both groups of customers. If you’ve used DTRPG or RPGNow in the last month or so, or if your details are stored there, be sure to check that there are no unusual transactions on your account.

The email reads:

Dear customer,

I regret to inform you that one of our servers suffered a security breach which may have compromised your credit card information.

You are receiving this email because you elected to store your credit card number on our server for future purchases. We store these numbers encrypted on our site, and we have no evidence the stored numbers were compromised during the breach. It is possible, however, that the encrypted numbers could have been copied and un-encrypted. We do not store your CVV code (the digits on the back of your credit card), making it difficult for the hacker to use your card number for online fraud. So while we think the data was not compromised, we wanted to inform you of the possibility. It would be safest if you contact your credit card issuer and ask for a replacement card. At the very least, you should check your card for any suspicious charges occurring on or after July 6th.

Our technical team has identified the issue and has secured our servers. Our websites are once again safe to use.

Information such as your name and email address were potentially compromised as well.

Login passwords are stored encrypted with a one-way hash and cannot be decrypted. You do not need to change your account password, but you are more than welcome to do so on your Account page at any time if you wish.

We are truly sorry this incident occurred and sincerely regret the inconvenience it causes you. Navigating credit card company call center menus is no one’s idea of a good time.

Security has always been our top concern and up until this incident we were proud of our security record at . We will continue to do everything we can to keep our marketplace secure going forward.

You can find more information on the website’s support page.

With thanks to EN World for the news item.

About Dave McAlister

Dave has been roleplaying for over 30 years, having played and/or run most mainstream systems with the espionage genre being an early favourite. So much so that, in 1999, he started Modus Operandi. That same year he joined the Sarbreenar "Living" campaign team as their plotline controller before moving across to the Living Spycraft campaign team (as UK Regional Branch Director) in 2003. 2003 also saw the birth of UK Role Players as well as Dave's first freelance writing appointment (co-writing World Militaries and consulting on both US Militaries and Battlegrounds, all for Spycraft). Since then, Dave has concentrated on supporting the UK gaming scene. He has organised and run several small, one-day, events and was the RPG Area Manager for Gen Con UK in 2004. His current favourite systems are Dungeons & Dragons (specifically 5th Edition), Savage Worlds and Cinematic Unisystem. He has a (currently neglected) blog at and runs a D&D 5e SRD website at

Leave a Reply

Your email address will not be published. Required fields are marked *

Why ask?

%d bloggers like this: