Why ?
Massive companies can take a week to reply, why would Boomerang reply within 24 hours ? They will be inundated...it seems like they have a small team there, i'm sure they are working on it.
Boomerang rentals possibly compromised
- Thread starter 16-bit
- Start date
Why ?
Massive companies can take a week to reply, why would Boomerang reply within 24 hours ? They will be inundated...it seems like they have a small team there, i'm sure they are working on it.
Even the largest companies in the world don't reply in 24 hours under normal conditions. Just be patient, I'm sure you can imagine how busy they must be at the moment.
Soldato
- Joined
- 20 Oct 2002
- Posts
- 12,033
- Location
- Derby
Really? I deal with a lot of companies including several that are considered to be "The largest in the world" and I generally do not have an issue with getting a response or at least acknowledgement within 24 hours.
At the end of the day it wouldn't surprise me if they just attempt to continue to trade as normal and completely ignore the fact that they have had a serious security breech. I do expect at least a reply stating that my email will be dealt with in time to ensure that I do not think that they have completely ignored me as a paying customer. That is customer service.
Edit: I didn't realise that there was only 3-4 of them..
At the end of the day it wouldn't surprise me if they just attempt to continue to trade as normal and completely ignore the fact that they have had a serious security breech. I do expect at least a reply stating that my email will be dealt with in time to ensure that I do not think that they have completely ignored me as a paying customer. That is customer service.
Edit: I didn't realise that there was only 3-4 of them..
Last edited:
Surely they have more employees that 3/4 or do you mean the customer service team?
Well my guess is as good as anyone else's but I would say only one person does customer service part-time and then they help the other 3 or 4 with dispatch. I really don't know. Can't we access public records on such things to see?
Soldato
- Joined
- 11 Sep 2011
- Posts
- 2,544
- Location
- Reykjavik, Iceland
For me the issue has been that they did not issue a statement to all customers informing them to take action.
I had to inform some of my mates and 2 of them had to block their cards. If I hadn't seen it on here I'd never have known myself. And I did have someone try to use my card so I shouldn't have to be on a forum to find this out!!!
I had to inform some of my mates and 2 of them had to block their cards. If I hadn't seen it on here I'd never have known myself. And I did have someone try to use my card so I shouldn't have to be on a forum to find this out!!!
I'm not sure tbh.
It's shady, they've not announced it on their website or via email. It's obvious they are afraid of losing customers. I would have thought it would be law to inform customers of such incidents.
Tbh the way they have handled this doesn't give me the confidence to keep my subscription with them.
I know what you mean but there is no other choice. They are the only company left that rents games now.
I do think it is shocking that they have not contacted customers via email and only released updates through social media.
I do hope they ride the storm out as there are no other rental companies left
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,920
There's no action to take unless you've been affected and why did you need a forum to tell you that there had been unauthorised payments on your card. If there has been you phone the bank and it gets refunded and you get s new card. End of story.
Soldato
- Joined
- 20 Oct 2002
- Posts
- 12,033
- Location
- Derby
Are you serious? Of course there is action to be taken and it should have been reported to all customers of the security breech so that they can make up their minds if any action is to be taken not the company that has a duty of care to keep customers card and account details safe.
Have you ever had a card cloned or any fraud done with one of your cards. It is not as easy as saying to the bank "deal with this". How do you pay your rent or bills if the money/account has been frozen or the card cancelled? Even if the bank do handle it, there is always some issues, holdup or aggravate on that can cause all sorts of other problems.
There are a lot of people that do not have their bank account window open on their pc all the time to see every single transaction that goes through the account. It only takes a couple of days for several transactions to be made that could total thousands.. But yeah, the bank pays you back so its alright...
At the end of the day when the breech was detected and reported ALL customers using the service should have been informed by email or letter as a courtesy to inform PAYING CUSTOMERS that there is a possible issue and it would be prudent to check your account and get your card replaced. Handling it how they have done was utterly terrible and screams of "Lets not tell anyone, its not our fault and the bank will pay people back" in an attempt not to lose custom. But what it does do is incite distrust in a company and if that has an effect on business then it will be down to the way that they have handled it.
I was thinking of getting an account to rent games through these guys, there is zero chance of me ever doing that now.
Strange attitude. What if you need the card for something? It's not everyone's favourite past time dealing with banks.
They will be in breach of several laws and I hope they get the book thrown at them. In particular it is an offence to not notify people when there has been a leak of their personal information.
Bunch of amateurs, deserve to go bust. If there's demand I'm sure someone more competent will take up the hole in the market.
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,920
Are you serious? Of course there is action to be taken and it should have been reported to all customers of the security breech so that they can make up their minds if any action is to be taken not the company that has a duty of care to keep customers card and account details safe.
Have you ever had a card cloned or any fraud done with one of your cards. It is not as easy as saying to the bank "deal with this". How do you pay your rent or bills if the money/account has been frozen or the card cancelled? Even if the bank do handle it, there is always some issues, holdup or aggravate on that can cause all sorts of other problems.
There are a lot of people that do not have their bank account window open on their pc all the time to see every single transaction that goes through the account. It only takes a couple of days for several transactions to be made that could total thousands.. But yeah, the bank pays you back so its alright...
At the end of the day when the breech was detected and reported ALL customers using the service should have been informed by email or letter as a courtesy to inform PAYING CUSTOMERS that there is a possible issue and it would be prudent to check your account and get your card replaced. Handling it how they have done was utterly terrible and screams of "Lets not tell anyone, its not our fault and the bank will pay people back" in an attempt not to lose custom. But what it does do is incite distrust in a company and if that has an effect on business then it will be down to the way that they have handled it.
ok so they email you and say there might have been a breach (no evidence on their end for this so it would be incredibly damaging and possibly unnecessary, but thats another point entirely). From this point there are 2 scenarios:
1) you check your account and everything is fine. what action can you take? other than contact the bank? none.
2) you check your account and something has been taken. what action can you take other than contact the bank? none.
so what's your point?
Huh?
My account was cancelled and I still got hit.
I did not hear a word from Boomerang but to hear it from Reddit, BG's Facebook and Twitter after is absolutely atrocious, both in terms of customer service and data protection. If there's any ounce of correlation of a data leak, they should have informed both current and previous customers - so as people can check and email them if they've been affected.
Instead, they burried their heads in sand, sending out social media updates and finally washed their hands off saying they were at any fault because "they can't find it".
Anyway, I agree it's not a major problem as most cards have protection and good Banks such as Lloyds caught it as soon as it happened to me. Got a new card and all 2-3 days later.
There are others who are particularly affected because
a) Their current card no longer work and their local bank is too far for regular withdraws (lived in a village before, try getting money without a valid bank card is like drawing blood from tree)
b) Their bank didn't catch the irregularity and suddenly they lost upwards of £xxxx and have to wait for it to be refunded, makes paying rents / shopping etc a pain during that period.
If BG did email everyone and they caught those little transaction of £30 O2 / £0.00 iTunes before the big one, that would have been better that what they have and are still doing, not informing customer and assume business as usual - whilst in the background, see Reddit, fixing SQL exploits highlighted over the weekend.
Alerting customers of a 'potential' breach isn't admitting it. It's call being responsible to customer's data and their finance. Customer care. It allows customer to be more alert of fraudulent transaction or at least the option to cancel their cards and prevent further issue.
Last edited:
It's a legal requirement apart from anything else. I suspect they are going to get slapped with heavy fines from the ICO, probably the end of it.
Having the site still up with SQL injection holes (day 1 of how to write an insecure web application), shows they have absolutely zero clue what they are doing. You can safely assume any information you enter on their site is going straight out to some criminals.
A nice little sum up of what BG have done since the potential breach...
http://www.dealspwn.com/boomerang-o...m=feed&utm_campaign=Feed:+Dealspwn+(Dealspwn)
Long story short, BG isn't going to EMAIL/ALERT YOU about the issue and anyone potentially affected. However, if you were affected, you have to EMAIL/ALERT THEM. They'll give you a nice 1,200 bonus point over 3 months. And a Legend status.
If you've cancelled your account and affected? Tough.
http://www.dealspwn.com/boomerang-o...m=feed&utm_campaign=Feed:+Dealspwn+(Dealspwn)
Long story short, BG isn't going to EMAIL/ALERT YOU about the issue and anyone potentially affected. However, if you were affected, you have to EMAIL/ALERT THEM. They'll give you a nice 1,200 bonus point over 3 months. And a Legend status.
If you've cancelled your account and affected? Tough.
Soldato
- Joined
- 20 Oct 2002
- Posts
- 12,033
- Location
- Derby
My point is that they are my details that are trusted to a company that has a duty of care to keep my personal and banking details safe and inform me of any slight chance of someone else may my details so then I can deal with it be it calling the bank or not. In them informing customers the customer could have taken steps like cancelling the card and getting a new one but that would be my choice not theirs. Just because there has not been any activity doesn't mean there wont be so in them informing the customer, the customer can be proactive with their banking and information.
Yes the bank pay back if there has been fraud but its not a simple process and a massive inconvenience. In a lot of cases it could have been by the company telling the truth and not hiding behind social media.
It is too much of a coincidence that a decent amount of people have been stung. If they cant find a breech does that mean there isn't one? Or does it mean that the 3-4 people working there cant find it? For all we know the breech could be one of the employees, would they tell their customers if that was the case?
Looks like I'm in the 'tough' bracket then and won't be using them again.