This is why I use gift cards to shop online
Wonder if these reported hacks perhaps share a common e-commerce web platform rather than a common cc processor?
Just forgot to pick up that 2000th carton of Marlboro's since finding e-cigs.
Thanks for posting an update. I ordered from Madvapes earlier this month, and it was a relief to see I missed the hack dates. Sorry for the people that it happened to. Thieves are a stinky sack of turd holes
I've read a few posts in this thread where Mad Vapes are given "props" for coming forward about the breach and informing their customer base. I just want everyone to know that when a breach like this happenes there is a legal obligation to inform customers that personal information may have been compromised. So, yeah, props for following the law and potentially avoiding penalties (which they may face anayway if the website wasn't PCI compliant).
Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.
State Security Breach Notification Laws
Security Breach Notification Laws
Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?
I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
This may be the first time MV admits they were hacked, but if you read through all the credit card hacked/compromised threads, MV comes up a lot when people list the vendors they purchased from.
Remember that many, if not most, ecig companies are at the mercy of the CC processors at this time, due to the lack of FDA regulations, and uncertainty of any possible regulations. Therefore, the industry is considered "high risk", which is why most CC processors will not take on an ecig company, and they are left with finding a high risk company to serve their website. Although that doesn't seem to be the case with Mad Vapes here, from what he said earlier, it is a concern in the industry as a whole right now, and may be why we're seeing such high incidents of this. I'm not saying this is true in every case, but in the majority of the cases, the vendors don't have much of a choice in CC processors, regardless of how much they're willing to spend.
Please see this link from Sarge about Online Shopping Safety:
Repost and discussion thread: Online shopping 101
I'm a retired software engineering executive with more than a bit of knowledge of web apps and security. I would be shocked if you are the only company susceptible to this sort of attack.