Cyber Incident Victim: OneBookShelf
Date:
Jul 2015
Location:
United States of America
Summary
A cybersecurity breach at OneBookShelf, a digital retailer operating multiple online platforms for games and comics, allowed unauthorized access to one of its two load-balanced servers over a multi-week period. The attacker leveraged the compromised infrastructure to conduct distributed denial-of-service attacks against external targets and intercepted customer credit card information during transaction processing. While the company confirmed data theft occurred during active purchases, it could not definitively determine whether stored payment details from inactive accounts were accessed due to the server configuration. The incident potentially affected customers across all affiliated storefronts who conducted transactions or stored card information with the service during the compromise window.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 10, 2015, an unauthorized actor gained access to OneBookShelf's infrastructure by exploiting an unidentified security vulnerability. The compromised system—one of two load-balanced servers handling customer transactions—remained under attacker control until the morning of August 6, 2015. During this 27-day period, the threat actor performed two primary actions: using OneBookShelf's server resources to launch distributed denial-of-service (DDOS) attacks against external targets, and intercepting credit card information as transactions were processed through the compromised server. The company discovered the intrusion but could not determine which specific customer transactions passed through the breached server versus the unaffected counterpart due to their load-balanced configuration. This uncertainty meant all transactions processed between July 10 and August 6, 2015, were considered potentially exposed.
OneBookShelf publicly disclosed the breach on August 12, 2015, through a customer Q&A that confirmed the theft of payment card data during live transaction processing. The company advised all customers who conducted purchases during the exposure window or stored credit card information on its platforms to replace their payment cards as a precautionary measure. While encrypted credit card data belonging to customers who didn't make purchases during the breach period showed no evidence of compromise, the company acknowledged it couldn't fully eliminate that possibility. The incident impacted multiple digital storefronts operated by OneBookShelf including DrivethruRPG.com, DrivethruComics.com, RPGnow.com, DNDClassics.com, DrivethruCards.com, DrivethruFiction.com, Ulisses-ebooks.de, and WargameVault.com. No specific details regarding the number of affected individuals, forensic investigation methods, or post-incident security enhancements were disclosed in the public statement.