# Recent Hacking of Real Hot Stuff



## mrcloudy (Jan 24, 2012)

Today, I noticed about $1200 dollars of pending purchases on my bank account. My bank will reverse everything that happened, fortunately. Oddly enough, on RHS' website, they say credit card info isn't saved... Anyhow, did anyone else get burned by the recent hacking? Please check your account(s) before answering! Can't say I felt comfortable using my card instead of paypal. 

Order date: 1/3/12

Here's a screencap of their website for anyone who's too lazy to check before saying "fake."


----------



## jesterscourt (Jan 24, 2012)

Always use Paypal


----------



## sputnix (Jan 24, 2012)

hmmm one post just joined, have not heard of this hacking, only link about it......... I'm going to go with fake but could also be someone stole your credit card info


----------



## Fudge (Jan 24, 2012)

How do you know you got hacked from RHS?


----------



## mrcloudy (Jan 24, 2012)

sputnix said:


> hmmm one post just joined, have not heard of this hacking, only link about it......... I'm going to go with fake but could also be someone stole your credit card info


Of course you could check the homepage of their website, before reaching that conclusion...


----------



## mrcloudy (Jan 24, 2012)

jesterscourt said:


> Always use Paypal


I know, right? If only they accepted it. At least I'll know better next time! lol


----------



## Magsor (Jan 24, 2012)

this


----------



## pyromaniac123 (Jan 24, 2012)

mrcloudy said:


> sputnix said:
> 
> 
> > hmmm one post just joined, have not heard of this hacking, only link about it......... I'm going to go with fake but could also be someone stole your credit card info
> ...


----------



## mrcloudy (Jan 24, 2012)

pyromaniac123 said:


> mrcloudy said:
> 
> 
> > sputnix said:
> ...


----------



## ShadowSoldier (Jan 24, 2012)

Magsor said:


> this



RealHotStuff isn't chinese.


----------



## Magsor (Jan 24, 2012)

ShadowSoldier said:


> Magsor said:
> 
> 
> > this
> ...


My bad.
I did not bother to check which one got hacked i tough it was the chinese one. Which i was dubious of the trustworthiness
I guess any website can get hacked


----------



## RchUncleSkeleton (Jan 24, 2012)

Here's the quote straight from their homepage (RealHotStuff.com):

*It has come to our attention that our site was hacked during the Christmas season. The issue was resolved a week ago.  To ssure our customers, we do not save any of our customers' credit card information on file.  We do not believe any of our customer's information has  been leaked. If you are still experiencing any problems with our site, please contact us.  We apologize for the issue and are willing to work out with ourcustomers with any issues.*

*Due to problem with paypal, we do not accept paypal payment any longer. Please use Credit Card or Money Order as the payment method.*


So, they no longer accept paypal and they don't know how to use spellcheck or proofread what they post on their site.

I was gonna purchase something for my friend last week, kinda glad I didn't.


----------



## Fudge (Jan 24, 2012)

Damn, I purchased from there around mid-late December. I really hope my info wasn't compromised, otherwise I'm fucked.


----------



## RchUncleSkeleton (Jan 24, 2012)

Fudge said:


> Damn, I purchased from there around mid-late December. I really hope my info wasn't compromised, otherwise I'm fucked.


You can always call your bank and cancel the card you used and get a new one.
As long as you don't have any unauthorized charges on your account you don't
have to worry about money missing. Once you cancel your current card they'll
no longer have any access to it.


----------



## mrcloudy (Jan 24, 2012)

Fudge said:


> Damn, I purchased from there around mid-late December. I really hope my info wasn't compromised, otherwise I'm fucked.


I recommend blocking it. It will take a week to get the new card, so that part sucks. Check for any unusual $1 charges. They did that a few times to determine if my info was still valid. I wouldn't have been notified (or noticed) if they didnt get greedy and try to buy a $821 vizio from walmart. lol


----------



## cynful09 (Jan 25, 2012)

RHS employee here.

We are taking this situation very seriously. As of 1/6/12 our hosting/servery company has scanned and confirmed our site to safe. We have been monitoring our site consistenly, with our latest scan occuring yesteryday. I can confirm that we do not save any credit card information due to stringent security rules regarding the acceptance of credit cards over the internet (for businesses).

To all customers who have visited our website between December 2011 and January 6,2012, please check your computers for any malware and such.


----------



## mtdr (Jan 26, 2012)

Idk if it was thru RHS or somewhere else since I do use my card tho I bought an acekard and 3in1 from them about two weeks from now around January 9-10 and I woke up today at 4am to a message on my cellphone with a bank notification of a yahoo wallet charge on my credit card. I've never even used this service so this means some else added my credit card to their yahoo wallet account. I froze my account asap since the charge was just the authorization ($1 dll charge just to authenticate card) and more charges could come in the future so I immediately cancelled it.

Like I said not sure if it was thru RHS but it is damn possible.


----------



## redfalcon (Jan 26, 2012)

I also received a shady booking (1$) on my credit card from a company named "ATT". My bank notified me, since they knew this company checks with small bookings if the card is valid to commit further frauds. My bank blocked the transaction, locked my card and send me now a new one. Since I only use my card on Amazon and Steam otherwise, this must come from RHS. I nearly ordered a EZ-Flash, but didn't commit the order since the shipping fees to Germany were too high.


----------



## mrcloudy (Jan 26, 2012)

redfalcon said:


> I also received a shady booking (1$) on my credit card from a company named "ATT". My bank notified me, since they knew this company checks with small bookings if the card is valid to commit further frauds. My bank blocked the transaction, locked my card and send me now a new one. Since I only use my card on Amazon and Steam otherwise, this must come from RHS. I nearly ordered a EZ-Flash, but didn't commit the order since the shipping fees to Germany were too high.


Had charges for Walmart, ATT, Minecraft, and a few EA games. Thought I could get some useful information by contacting them. ATT was completely unhelpful. Walmart wouldn't release the information to me--only to the police if I authorized them to. Moneybookers (minecraft) and EA were able to find orders using my cc number and tell me an email address. Didn't get any hits searching the emails adresses I got, and the local police wouldn't investigate walmart since it happened in NC. Oh well, I'm sure the criminals will get caught sooner or later.


----------



## someonewhodied (Jan 27, 2012)

Based on the poor grammar and the location that was posted, im gonna go ahead and say that whoever hacked the site posted that there and is trying to get more credit card info.


----------



## cynful09 (Jan 27, 2012)

The announcement on the homepage was not made by the hacker.

UPDATE: 1/27/12 - We have hired an expert who has looked at our site inside and out. He has determined that our site has been in fact clean since 1/6/12 and that no malware, etc. was coded into our site. If anyone else has any problems, please contact us immediately if you can be absolutely sure that our site has compromised your credit card info.

We will be continue to scan our site and post updates if there are any changes.


----------



## zhuzhuchina (Jan 28, 2012)

it's due they use os commerce as shopping cart, is pretty old and common scipt, probably some hackers found a hole and stoled credit card info


----------



## Nebz (Jan 28, 2012)

redfalcon said:


> I also received a shady booking (1$) on my credit card from a company named "ATT". My bank notified me, since they knew this company checks with small bookings if the card is valid to commit further frauds. My bank blocked the transaction, locked my card and send me now a new one. Since I only use my card on Amazon and Steam otherwise, this must come from RHS. I nearly ordered a EZ-Flash, but didn't commit the order since the shipping fees to Germany were too high.


Something similar pretty much happened to me. I woke up to check my account in the morning to see my direct deposit only to find charges from something called Beatport draining my check. I called BoA, they straightened some things, and then I sat waiting only to find out there was some random $1 ATT charge some time ago also. Long story short, I have a new card coming through and I've been refunded the amount I lost as of this morning.
I just spent my free time backtracking where I might have used my card and forgot all about RHS... I find it lulzy that a little Google search lead me straight to my favorite online community 

Thanks for not making me feel alone GBAtemp!


----------



## pyromaniac123 (Jan 29, 2012)

cynful09 said:


> The announcement on the homepage was not made by the hacker.
> 
> UPDATE: 1/27/12 - We have hired an expert who has looked at our site inside and out. He has determined that our site has been in fact clean since 1/6/12 and that no malware, etc. was coded into our site. If anyone else has any problems, please contact us immediately if you can be absolutely sure that our site comprimised your credit card info.
> 
> We will be continue to scan our site and post updates if there are any changes.



So before 1/6/12 the site wasn't clean?


----------



## wrettcaughn (Jan 29, 2012)

Fudge said:


> Damn, I purchased from there around mid-late December. I really hope my info wasn't compromised, otherwise I'm fucked.



man...  that's too bad...
I _really_ hope that no one ripped you off
though it would go a long way towards proving the existence of karma


----------



## kai445 (Jan 29, 2012)

...


----------



## cynful09 (Jan 30, 2012)

pyromaniac123 said:


> So before 1/6/12 the site wasn't clean?



We did determine our site had been hacked between Dec 2011 and Jan 6 2012. We have an announcement on our homepage disclosing the issue.


----------



## jimmyemunoz (Jan 30, 2012)

ShadowSoldier said:


> Magsor said:
> 
> 
> > this
> ...


Are you saying oshippingzone and realhotstuff.*hk *are not one and the same?


----------



## mrcloudy (Jan 30, 2012)

kai445 said:


> ...


Why'd you edit your post? Did you figure out what happened?


----------



## kai445 (Jan 31, 2012)

mrcloudy said:


> kai445 said:
> 
> 
> > ...
> ...


Yeah, my account was compromised during a date they said their site was secure (after 1/6...). So their computer security guy is a fuckin' tool and they need to hire someone competent.


----------



## Homerdoh31 (Feb 2, 2012)

Guys same thing happened to me. I put an ordered on the 29th of January. When I went to confirm my purchase on it wouldn't go any further. I had typed up all of my credit card info and I kept clicking confirm and nothing happened. SO I'm guessing that the website is still compromised. My credit card company called me yesterday and said that I had multiple unauthorized transactions and I also had a $1 transaction by ATT. I cancelled my card immediately. And I have to call them back again for further details on the transactions. I'll keep you updated.


----------



## pyromaniac123 (Feb 2, 2012)

The hacker obviously planted the message on the site just so more credit cards could be compromised. I bet *cynful09* is on it.


----------



## cynful09 (Feb 2, 2012)

pyromaniac123 said:


> The hacker obviously planted the message on the site just so more credit cards could be compromised. I bet *cynful09* is on it.



We would appreciate any feedback that is not uninformed and asinine.

New Update 2/2/12: Our consultant has been monitoring our site and has made changes to update our security. We are confident that our site is safe and secure. Please post, call, or email if any new problems should occur.


----------



## Another World (Feb 3, 2012)

pyromaniac123 said:


> The hacker obviously planted the message on the site just so more credit cards could be compromised. I bet *cynful09* is on it.



that is a pretty ridiculous unfounded bit of bullshit you typed there. i'm not defending RHS or claiming to know what happened, i am simply stating the obvious by adding that the next time you think its a good idea to post something... pause... and then delete instead.

-another world


----------



## pyromaniac123 (Feb 3, 2012)

Another World said:


> pyromaniac123 said:
> 
> 
> > The hacker obviously planted the message on the site just so more credit cards could be compromised. I bet *cynful09* is on it.
> ...



Not bullshit, just opinion.


----------



## Rydian (Feb 3, 2012)

Slapping "opinion" on bullshit to avoid liability doesn't fly here.  You made an obvious claim of what happened in a hacking case, which is not up to opinion.

This is a serious topic, keep your shit out of it if you can't be serious.


----------



## Another World (Feb 3, 2012)

pyromaniac123 said:


> Not bullshit, just opinion.



your "opinion" was not written as such and you never stated it was your opinion and that you did not intend to cause harm to a pretty reputable company. RHS has been around for a long time, they have always made good on any mistakes (like offering to replace damaged cards, or cards the chinese wholesalers said were legit but were not). when you openly call them out by saying they were in on the hacking, you are doing nothing but attempting to tarnish their respectability. whats worse, you did so without any facts, without being an involved party member, without an understanding for the full situation, etc.

you can try to come back with any words you choose, however we would rather read an apology for your mistake and a promise that you will not attempt to misinform the public through ridiculous claims in the future.

-another world


----------



## etrigan (Feb 11, 2012)

I got hit.

Bank caught it right away though. Someone did a $1 AT&T charge, and then a $5 iTunes charge....likely to test if my card was active.  My bank doesn't mess around though, they shut it down over the random $1 AT&T charge.

F RHS. Learn to secure your site losers.

Thought they were bigtime enough not to worry about this shit...


----------



## mrcloudy (Feb 12, 2012)

etrigan said:


> I got hit.
> 
> Bank caught it right away though. Someone did a $1 AT&T charge, and then a $5 iTunes charge....likely to test if my card was active.  My bank doesn't mess around though, they shut it down over the random $1 AT&T charge.
> 
> ...


Wow that's unfortunate! When did you order? Can't believe they said their site is secure if people are still getting hit.


----------



## cynful09 (Feb 14, 2012)

etrigan said:


> I got hit.
> 
> Bank caught it right away though. Someone did a $1 AT&T charge, and then a $5 iTunes charge....likely to test if my card was active.  My bank doesn't mess around though, they shut it down over the random $1 AT&T charge.
> 
> ...



When did you place this order?


----------



## Homerdoh31 (Feb 14, 2012)

Update: In addition to the $1 by ATT, $300 had been taken by "WWW.DATACASH.COM INTERNET GBR"​


Called my credit card company and had it resolved. Got a new card as well.


----------



## etrigan (Feb 16, 2012)

mrcloudy said:


> etrigan said:
> 
> 
> > I got hit.
> ...





cynful09 said:


> etrigan said:
> 
> 
> > I got hit.
> ...



Sorry for the late reply...I bought from RHS middle of Jan...

I was just late in reporting it here.

Turns out it was one $1 AT&T charge, and four $1 iTunes charges. My bank caught it right away.

Of course they disabled my card(which is a good thing), but still annoying when you are at the gas station trying to fill up your car.


----------



## Leroy160 (Feb 26, 2012)

I can't believe this happened -_-

When did you get hit etrigan? Or should I ask, when did you notice?


----------



## Oveneise (Feb 26, 2012)

Anyone who buys stuff with their credit card online these days...
... just use Paypal, folks.


----------



## Another World (Feb 26, 2012)

most big flash kit sites that had paypal no longer do. paypal has been stopping the sale of flash kits with the help of nintendo. i read some interesting e-mails from a few resellers who got shut down on paypal. this is why they have switched to credit cards or other methods to receive electronic payments.

-another world


----------



## Xarsah16 (Apr 30, 2012)

Has anyone else used RHS since after the hacking? Is it okay now to order from them without having to worry about payment information or fraudulent charges?


----------



## nl255 (May 2, 2012)

My guess is that the hackers inserted hooks into the payment form that captured the credit card information as it was entered but before it was encrypted and sent out.  Remember, all online stores will store your credit card information as storing it in RAM is still storing it.


----------



## alphamule (May 2, 2012)

Another reason they're all starting to be harder to buy from - the new IRS rules for nonresident citizens.


----------



## FireValk01 (May 2, 2012)

alphamule said:


> Another reason they're all starting to be harder to buy from - the new IRS rules for nonresident citizens.



what rules?


----------



## alphamule (May 2, 2012)

You essentially can't deal with US customers without either paying a fortune to the IRS or having the customers paying a similar sum to an accountant to keep track of all the new reporting requirements.


----------



## mayhem13 (Jul 30, 2012)

This whole situation is unfortunate, I've dealt with RHS since 2006 or 2007, I can't remember, whenever CycloDS hit the market.  They were always fast, I dealt with them for other items, GBA items, other flashcards.  I eventually got a Acekard 2i for my 3DS from their .hk site for the first time.  Everything was great, the american site was fast.  The .hk site was slow but cheaper.  Never a problem.  All this happened months before the hacking.  But anyone can get hacked.  I think some people on here have to realize the truth of the situation.  No matter how respected RHS was.  They were still a little tiny company on the fringe of being a legal website.  I mean their website is just a template, I've seen many websites use the same style.  What makes people think they are a big giant company?  Most of these flashcard sellers/modders are 1-5 people tops.  Their website security is nothing more then the security based on the host's template their using, whatever security the host uses.  Its a shame to see people say "no spell check, no buy" because of a few mistakes here and there from an obvious foreigner (Hong Kong).  I'm American and I make spelling mistakes all the time, it's called rushing and not being an english major.  Anyway, sucks for them but it happens.  Fact is, sites get hacked, good people go bad, etc.  It happens all the time in the smaller, underground black market.

So my question is, where is the reliable places for flashcard sites, USA preferred.  Because up until I found out about this whole situation, if I needed a flashcard, my first thought was, realhotstuff, because they never let me down and at the time, they felt safe.  So now I need a replacement.  I see a bunch of places but I don't know what's safe.


----------



## Rydian (Jul 30, 2012)

This thread's from Jan, RHS is considered safe again (for now).

http://shoptemp.net/
This is GBAtemp's shop-listing site.


----------



## vaibzzz123 (Aug 9, 2012)

I ordered form RHS a couple weeks ago, my package arrived and had a problem with contacts (NOT Acekard 2i), I contacted them to ask for help and they said they could replace it if I place an order for a ticket. I can't do that now because It's down D:


----------



## Tom (Aug 10, 2012)

jesterscourt said:


> Always use Paypal


Paypal won't let you use it to buy modchips, flashcarts ect, I learned that on my quest for a wiikey fusion


----------



## BerserkLeon (Aug 10, 2012)

tom10122 said:


> jesterscourt said:
> 
> 
> > Always use Paypal
> ...


It really depends on the shop, if paypal knows what you're getting they may interfere, but so far, I've bought my SCDSOne SDHC, SCDSTwo, AK2i and most recently an EZ-Flash IV with Paypal. and None of the payments have been blocked by paypal or anything.


----------



## Tom (Aug 10, 2012)

Yeah I was only able to pay with paypal by contacting tech spport, they were really cool about it


----------



## ouch123 (Aug 10, 2012)

When I first read this post, I was pretty worried. Then I noticed that it was pretty old, so if anything was going to happen to my credit card, it already would have. Should this thread be locked? The discussion doesn't seem relevant anymore.


----------



## HighMans (Aug 10, 2012)

The website seems down?


----------



## Dagnabulous (Dec 28, 2012)

Just get a prepaid credit card from Walmart. You can just load the amount you need, and you'll never have to worry about weird charges from shady companies. 

I just used a pre-paid Visa I got for Christmas, and the order went through just fine.


----------



## Chary (Dec 28, 2012)

I ordered from them in September. Am I okay, or should I be worried?


----------

