DriveThruRPG was down for a few hours yesterday and today the retailer has confirmed it was a security breach.
Geek Native first became aware something was wrong with the site when several new products were given $1,000 price tags. These have been removed and if you have bought one by mistake, get in touch with DriveThruRPG.
OneBookShelf, the company that owns DriveThruRPG, say;
In the afternoon of May 20th, 2022, we had a security incident on site that we continue to actively investigate. We have no evidence that any customer account data was compromised.
A third party was able to set prices on titles that they were not authorized to modify, and they set the prices of many titles on site to free which led to some customers placing orders for free titles that were not meant to be free. We shut down the site shortly after this began to happen.
In the aftermath of the event, some hacked pages were still available. These have now been removed. However, these titles show that the security breach let the invader edit product details beyond the price.
DriveThruRPG who responded quickly is being deliberately slow to return the site to full functionality. Publishers are still restricted;
We are restoring the site to service, however, for the time being, there will be no access to the normal tool pages to enter or edit titles or to manage bundle titles. We continue to investigate these pages for any security issues and will restore them as soon as we can.
The security team at the popular site is still looking into the issue, and the publisher team have a long task of making sure that no creator has been negatively affected.
In the coming week, we will analyze any titles that were ordered at incorrect prices and make restitution to publishers and creators whose titles were affected.
Quick Links
- DriveThruRPG account login.
Readers like you help to make Geek Native. Nip down to the comments below and let us know what you made of this blog post.