Madvapes is admitting to being hacked. - Page 5
Page 5 of 14 FirstFirst 123456789 ... LastLast
Results 41 to 50 of 136
Like Tree209Likes

Thread: Madvapes is admitting to being hacked.

  1. #41
    Full Member Verified Member
    ECF Veteran
    beazy's Avatar
    Join Date
    Apr 2013
    Location
    panama city
    Posts
    113

    Default

    This is why I use gift cards to shop online

  2. #42
    Ultra Member Verified Member
    ECF Veteran
    Big Screen D's Avatar
    Join Date
    Aug 2011
    Location
    Georgia
    Posts
    2,270

    Default

    Quote Originally Posted by hoogie76 View Post
    I think being honest about it is the best we can do for now. It's a hassle for everyone involved. We filed a report with the state attorney general, police and FBI. I'm not too much happier about this than you are. I'd love to see a hanging..

    hoog
    Thanks Hoogie for giving us the straight scope on what happened in this case. Over and over threads like this reiterate that the vendor is faultless and all of the blame resides with the cc processor. Well at least in the cases involving Madvapes as well as AVE, it was the vendors site itself that was hacked. Not good.

    Wonder if these reported hacks perhaps share a common e-commerce web platform rather than a common cc processor?
    FantWriter likes this.


    Just forgot to pick up that 2000th carton of Marlboro's since finding e-cigs.

  3. #43
    Ultra Member ECF Veteran RoseB's Avatar
    Join Date
    Sep 2012
    Location
    Washington
    Posts
    1,725
    Blog Entries
    1

    Default

    Thanks for posting an update. I ordered from Madvapes earlier this month, and it was a relief to see I missed the hack dates. Sorry for the people that it happened to. Thieves are a stinky sack of turd holes

  4. #44
    Super Member* ECF Veteran ennagizer's Avatar
    Join Date
    May 2013
    Location
    South Florida, USA
    Posts
    343

    Default

    I've read a few posts in this thread where Mad Vapes are given "props" for coming forward about the breach and informing their customer base. I just want everyone to know that when a breach like this happenes there is a legal obligation to inform customers that personal information may have been compromised. So, yeah, props for following the law and potentially avoiding penalties (which they may face anayway if the website wasn't PCI compliant).

    Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.

    State Security Breach Notification Laws
    Security Breach Notification Laws
    Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
    States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?

    I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
    spacekitty likes this.

  5. #45
    PV Master ECF Veteran stevegmu's Avatar
    Join Date
    May 2013
    Location
    mistake by the lake
    Posts
    4,622

    Default

    This may be the first time MV admits they were hacked, but if you read through all the credit card hacked/compromised threads, MV comes up a lot when people list the vendors they purchased from.

  6. #46
    ECF Moderator
    Registered Reviewers/Bloggers Manager
    Asst. Classifieds Manager
    Verified Member
    ECF Veteran
    Supporting Member
    sonicdsl's Avatar
    Join Date
    Aug 2011
    Location
    Dallas
    Posts
    14,733

    Default

    Remember that many, if not most, ecig companies are at the mercy of the CC processors at this time, due to the lack of FDA regulations, and uncertainty of any possible regulations. Therefore, the industry is considered "high risk", which is why most CC processors will not take on an ecig company, and they are left with finding a high risk company to serve their website. Although that doesn't seem to be the case with Mad Vapes here, from what he said earlier, it is a concern in the industry as a whole right now, and may be why we're seeing such high incidents of this. I'm not saying this is true in every case, but in the majority of the cases, the vendors don't have much of a choice in CC processors, regardless of how much they're willing to spend.

    Please see this link from Sarge about Online Shopping Safety:
    http://www.e-cigarette-forum.com/for...ing-101-a.html

  7. #47
    ECF Moderator Verified Member
    ECF Veteran
    Supporting Member
    Unforeseen's Avatar
    Join Date
    Apr 2011
    Location
    Where you least expect it....
    Posts
    9,857

    Default

    Moving this thread to the Madvapes sub-forum in order to give Hoogie the ability to communicate in an appropriate area.

  8. #48
    Super Member
    Join Date
    Mar 2013
    Location
    SoCal
    Posts
    504

    Default

    Quote Originally Posted by ennagizer View Post
    I've read a few posts in this thread where Mad Vapes are given "props" for coming forward about the breach and informing their customer base. I just want everyone to know that when a breach like this happenes there is a legal obligation to inform customers that personal information may have been compromised. So, yeah, props for following the law and potentially avoiding penalties (which they may face anayway if the website wasn't PCI compliant).

    Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.

    State Security Breach Notification Laws
    Security Breach Notification Laws
    Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
    States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?

    I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
    From what I understand, the Vendor is only obligated to only inform those who they have done business with, their customers, and only their customers. They may have only offered a public statement due to being outed by one of their customers whom they informed. But regardless they offered a statement, which is more than they needed to. So I give them props for being transparent, for being honest, and for admitting fault and for fixing their flaw.

  9. #49
    PV Master Team ECF (folding@home)
    Verified Member
    ECF Veteran
    MamaTried's Avatar
    Join Date
    May 2013
    Location
    Northern California
    Posts
    5,898

    Default

    Quote Originally Posted by hoogie76 View Post
    Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.

    hoog
    You should be applauded for your forthright manner of dealing with this. I'm new to vaping and have only placed one order with Madvapes, but I will definitely be a return customer thanks to the way you guys have openly responded to this.

    I'm a retired software engineering executive with more than a bit of knowledge of web apps and security. I would be shocked if you are the only company susceptible to this sort of attack.

  10. #50
    PV Master Team ECF (folding@home)
    Verified Member
    ECF Veteran
    MamaTried's Avatar
    Join Date
    May 2013
    Location
    Northern California
    Posts
    5,898

    Default

    Quote Originally Posted by DavidOck View Post
    Just a friendly reminder that I've not seen here.

    If you have "accounts" with any of the vendors who were robbed of data, change your passwords immediately. If that user name and password is also used anywhere else (bad practice...) change those too.
    +1
    >password is also used anywhere else (bad practice...) change those too

    +2

Page 5 of 14 FirstFirst 123456789 ... LastLast

Tags for this Thread

Bookmarks