24 minutes ago, Steve Dra said:

Ouch!  Data breaches, even brief ones, can be disastrous and are frequently caused by other companies offering web services to, in this case TDFi .  Good job by Collin to respond so quickly and crush it before it got any worse.  Legal is gonna have some cleanup to do, and let's just hope none of the customers who were inadvertently exposed to other customer's data don't have a nefarious bone in their body, and their systems were void of sniffers/keyloggers or any other background processes that evil people use to take other people's data.

Also good on Collin/TFDi for the quick transparency with a difficult subject.  Sadly in the past, we've been exposed to other flightsim devs that handled sensitive subjects...rather poorly. 🤔

100% not. This is unacceptable. Amateurish at best and no matter how much you try to cover it. This is TFDi's fault and yet they blame the caching services THEY decide to us without testing it, without knowing what the service is caching. This is your credit card and personal info we are talking about here. Even if the leak is for 1 sec. it's 1 sec too much. In an enterprise settings, if someone did this, they would get fired on the spot and probably never find another job that touches PCI information. This is almost career ending type of error.  

I would never trust TFDi for anything. not even an forum account. They are not trustworthy. 

Welp....that got ugly quick!😅

I hope all affected take the proper fraud/ identity theft precautions afterwards.

Edited December 1, 20223 yr by blueshark747

Nope, learned my lesson about pre buying flightsim stuff with the Milviz/blackbird kingair. 

Never again

1 hour ago, fogboundturtle said:

100% not. This is unacceptable. Amateurish at best and no matter how much you try to cover it. This is TFDi's fault and yet they blame the caching services THEY decide to us without testing it, without knowing what the service is caching. This is your credit card and personal info we are talking about here. Even if the leak is for 1 sec. it's 1 sec too much. In an enterprise settings, if someone did this, they would get fired on the spot and probably never find another job that touches PCI information. This is almost career ending type of error.  

I would never trust TFDi for anything. not even an forum account. They are not trustworthy. 

I disagree with this take ... We are all human and although there were errors made with vetting its vendors and testing Corrective action was taken and some sort of notification and reporting has taken place. 

Is it unfortunate? Absolutely. Is it worth interacting with more caution absolutely.....  a blacklist? not from my end.. ( at least not yet ) If we operated that way in real life in the U.S. Healthcare industry most if not all business would not be able to recover from  data breach and HIPAA violations. What matters most is how they respond to ensure it never happens again.

Edited December 1, 20223 yr by Maxis

10 hours ago, B777ER said:

That’s a blast from the past.

That was so bad I paid for that too wow!!

13 hours ago, HighTowers said:

80$ seems steep for a beta price, but this aint no Blackbox simulation beta , early access or whatever horsehockey name they gave it. TFDI is well out of that league.  They have been upfront with everything, and they have a clear goal in mind thats showing nice progress. Never got this with Blackbox even after 5 years in there so called lousy preview access.    May consider this since its my favorite aircraft.  

Well I don't know them, so why would I believe they will deliver? As customer I have the right to be skeptic about them due to the bad experience that I had. Just saying, everyone is free to decide for themselves 

Edited December 1, 20223 yr by omarsmak30

2 hours ago, Maxis said:

I disagree with this take ... We are all human and although there were errors made with vetting its vendors and testing Corrective action was taken and some sort of notification and reporting has taken place. 

Is it unfortunate? Absolutely. Is it worth interacting with more caution absolutely.....  a blacklist? not from my end.. ( at least not yet ) If we operated that way in real life in the U.S. Healthcare industry most if not all business would not be able to recover from  data breach and HIPAA violations. What matters most is how they respond to ensure it never happens again.

Data breach like this is really intolerable, I can't picture my name and my home address, my telephone number plus my last 4 numbers of my credit card being breached and you expect me to tolerate that? Sorry but is really a red line to cross. 

Edited December 1, 20223 yr by omarsmak30

Data breach from them is quite a head shaking mess. Feel bad for those that purchased this to help front end them some funding. They likely did this to float them as a company until they can get it to release. Now, while not positive, those that live in the EU and purchased this I think have some vigorous protections in place TFDi is going to have to answer for.

::Yawn:: Another day, another data breach. Some folks need to stop playing chicken little here. Data breaches occur every day. Wont lose any sleep over this and doesn't make me regret my purchase. So many other things we use daily that invade our privacy that should require more attention than this. Just saying.

8 minutes ago, Keirtt said:

::Yawn:: Another day, another data breach. Some folks need to stop playing chicken little here. Data breaches occur every day. Wont lose any sleep over this and doesn't make me regret my purchase. So many other things we use daily that invade our privacy that should require more attention than this. Just saying.

Nope sorry but is not, for us in the EU such incident is not something to tolerate. I work for a "German Tech" firm and I tell you, before we go production on every release, God knows how many security tests we need to do until we get the clearance to go live. This is because of the strict EU data laws and how often companies get plenty to pay for data breaches. 

Well, I was the first to post a screenie in their discord at launch of the data breach. I was attempting to add the pre-buy to the cart and that page had switched from my login and real name displayed on the right hand side of the screen (i took a screenie of it as it was odd) to another users name. It resolved itself within 45-60 seconds or whatever it was when the page updated to my shopping cart. My information was all there. This was at 0601cst. Issue was resolved by 0603-0605 by collin and crew. To my knowledge the very small number of us who were affected did not get anything more damaging then that but they had to put out a statement to get infront of the naysayers. They were fully transparent about it and what could have possibly been shown.

Some people will find anything to be upset about, even if it didn't affect them or they don't have the full context/story. Glad I don't hang out with that sort of crowd 😄

Edited December 2, 20223 yr by CaptainNick

3 hours ago, Maxis said:

I disagree with this take ... We are all human and although there were errors made with vetting its vendors and testing Corrective action was taken and some sort of notification and reporting has taken place. 

Is it unfortunate? Absolutely. Is it worth interacting with more caution absolutely.....  a blacklist? not from my end.. ( at least not yet ) If we operated that way in real life in the U.S. Healthcare industry most if not all business would not be able to recover from  data breach and HIPAA violations. What matters most is how they respond to ensure it never happens again.

I don't think how they respond is what matters most to those who had their data leaked. 

Yeah we are all humans and make mistakes but when you're handling people's personal details there isn't really room for mistakes.

1 hour ago, matsout said:

I don't think how they respond is what matters most to those who had their data leaked. 

Yeah we are all humans and make mistakes but when you're handling people's personal details there isn't really room for mistakes.

Well i see it happen all the time working in the industry that i do and what matters most is the fact that the process is improved and remedial action taken. Yes not a pleasant experience mind you but you cant punish people when they weren't being malicious and correct the error asap.

3 hours ago, omarsmak30 said:

Data breach like this is really intolerable, I can't picture my name and my home address, my telephone number plus my last 4 numbers of my credit card being breached and you expect me to tolerate that? Sorry but is really a red line to cross. 

You want to take a look at how many data breaches occur in a hospital or your regular doctors office with medical records ?  Lets not overblow the issue here. Get your credit card reissued and use the tools provided to protect yourself data breaches are a fact of life. Also your identity is public record and anyone with the appropriate knowledge or licensure can look you up if you transact business with your local and state government in the US (ESPECIALLY if you own something) .

1 hour ago, Maxis said:

Also your identity is public record and anyone with the appropriate knowledge or licensure can look you up if you transact business with your local and state government in the US (ESPECIALLY if you own something) .

As several people upthread have noted, personal data is very much NOT considered a public record in the EU under the GDPR. I think you're overstating the case as far as data breaches are treated even in the US (companies and institutions definitely still have a duty of care not to expose personal details and may also be bound by specific regulations depending on the industry), but the EU is a whole other matter. They don't mess around with stuff like this...

Whatever amount of quick cash this pre-sale may bring TFDi, this has turned into quite a PR nightmare for them all around. What a mess.

James