Madvapes is admitting to being hacked.

[supermarket]

As always, there needs to be a sarcasm button. If I am reading this as you intended, it does sound as if you are mad at madvapes. While I do not blame you at all, it is important to remember these F'ing hacker jag-offs are the ones who deserve the brunt of it. As someone who knows some IT peeps, it doesn't matter who the host site is. If someone wants your info bad enough they will get it. I think it at last says a little about MV that they at least told you. A lot of places wouldn't bother to do that. That being said, and with many other reports such as yours I will now only shop online with a prepaid card, no matter who I'm buying from (e-cig or other). Sorry to hear this man, hope a delayed order is the worst this incident brings you!

Yea....I'm an IT guy, and I'm going to go ahead and disagree with you right there.

We are dealing with massive amounts of credit card fraud, SPECIFICALLY within the vape community, because of SHADY CC processing companies.

While I understand that being an e-cig vendor means your options are limited as to choosing a CC processing company, nonetheless, the vendors need to take responsibility. You are offering a service to people, and willing to take people's credit cards and private info.....then you need to be willing to admit it when something goes wrong on YOUR end (any company that you hire to do work for you, including CC processing companies, would be on YOUR end).

The consumer has EVERY right to be mad at the e-cig vendor. THEN, the e-cig vendor can go after the CC processing company. THEN, the cc processing company can go after the hacking ring targetting them (or wherever the infiltration lies). THAT is how it works in the real world.


To say "If they want your info, they are going to get it" really has nothing to do with this thread, nor this issue of CC fraud in the vape community. What is specifically happening is e-cig vendors are using shady CC processing companies, and therein lies the problem.


Most online businesses are relatively secure. Especially if they do everything right. OF COURSE no one is 100% fraud/hack proof.....but this massive amount of fraud in the ecig community really needs to be taken care of.

 

[ShariR]

I am new to this forum and this whole industry. I have had credit cards for decades and in the last 20 years have had only two problems. Once I lost my credit card. And the second time was a magazine subscription I got from someone door-to-door. I agree with the previous poster about most of these ecig companies are mom and pop operations (although MadVapes seems to be larger). Everyone is trying to save a buck and is not spending the time or money to properly protect themselves and their customers from easily being hacked. I want to purchase my first setup and juices, but I don't want to expose myself to the fraud. Think I will call a few of the companies and see if they will take a check, I'll wait for the goods. It's the companies that need to up their security procedures. Just my opinion, though.

 

[Crocky]

Get me once shame on you, get me twice shame on me. If it happens once then do something about it. I got hit for $1497, wiped out my entire bank account. I ended up getting a separate account just for buying online that is not linked for overdraft to any of my other two accounts but I can transfer between the three. So I keep only what I plan to spend in the one designated for online shopping.

Big Props for madvapes, When it happen to me i had inly used that card for a couple of places in a months span of time and when i contacted them one ran several test to make sure security was good and thanked me for giving them the heads up it may have been them and the other simply said it could no have been them, so I think it is great that they stepped up and sent the email. They did what they needed to do and that was to admit they got hacked.
Hopefully higher security will be the future of e cig vendors. But regardless entering your personal info on a computer or mobile phone is a risk no matter how you look at it.

 

[MamaTried]

So am I the only one who got hacked once and Immediately switched to using virtual credit cards?

No. Virtual CCs are the way to go.

 

[Ken_A]

No. Virtual CCs are the way to go.

and someone PMd me on how that works... when I logon to my account online, I have a link for "Virtual Account Numbers"
if YOUR card does not have this, and calling them does no good. (I called to find out and was told by the helpdesk nothing like that exists for my card, THEN found the link on my own)...
you can get a pre-paid card to minimize the risk of loosing lots of money.

 

[EazyMango]

I wonder what cart / hosting service they're using, because a couple of them offer in house card processing.

 

[BigBaby]

Yea....I'm an IT guy, and I'm going to go ahead and disagree with you right there.

We are dealing with massive amounts of credit card fraud, SPECIFICALLY within the vape community, because of SHADY CC processing companies.

While I understand that being an e-cig vendor means your options are limited as to choosing a CC processing company, nonetheless, the vendors need to take responsibility. You are offering a service to people, and willing to take people's credit cards and private info.....then you need to be willing to admit it when something goes wrong on YOUR end (any company that you hire to do work for you, including CC processing companies, would be on YOUR end).

The consumer has EVERY right to be mad at the e-cig vendor. THEN, the e-cig vendor can go after the CC processing company. THEN, the cc processing company can go after the hacking ring targetting them (or wherever the infiltration lies). THAT is how it works in the real world.


To say "If they want your info, they are going to get it" really has nothing to do with this thread, nor this issue of CC fraud in the vape community. What is specifically happening is e-cig vendors are using shady CC processing companies, and therein lies the problem.


Most online businesses are relatively secure. Especially if they do everything right. OF COURSE no one is 100% fraud/hack proof.....but this massive amount of fraud in the ecig community really needs to be taken care of.

Thank you for that post, I was starting to feel as if I was alone in placing partial blame on a vendor who allows this to happen. We are on the same page.

 

[Train2]

I agree with one key point on each of what seem to be two sides here - so I'll voice my opinions

1) The vendors need to do what's necessary to solve the issue. If you want to sell online, you need to make it safe to use a credit card. Whether it's lobbying PayPal or locating a better processor - figure it out!!
(MANY of the vendors seem to use the same cart - maybe go to that company and threaten to pull down. "Fix your system of lose twenty of us"

2) On the other hand - while I understand the frustration of the OP, you HAVE to prefer MadVape's cancelling orders, and taking responsibility, and notifying their customers. What else could they do? They could have been less responsible and NOT notified you - that's worse - so at least give them credit for "doing the right thing". Too often these days, businesses do NOT "do the right thing" when there's a risk it will cost them something... So I'd be angry this is happening - but not especially angry at MadVapes - rather, it would tend to make me trust them MORE than some other place that had NOT done anything about fraud against their customers...

 

[hoogie76]

Yea....I'm an IT guy, and I'm going to go ahead and disagree with you right there.

We are dealing with massive amounts of credit card fraud, SPECIFICALLY within the vape community, because of SHADY CC processing companies.

While I understand that being an e-cig vendor means your options are limited as to choosing a CC processing company, nonetheless, the vendors need to take responsibility. You are offering a service to people, and willing to take people's credit cards and private info.....then you need to be willing to admit it when something goes wrong on YOUR end (any company that you hire to do work for you, including CC processing companies, would be on YOUR end).

The consumer has EVERY right to be mad at the e-cig vendor. THEN, the e-cig vendor can go after the CC processing company. THEN, the cc processing company can go after the hacking ring targetting them (or wherever the infiltration lies). THAT is how it works in the real world.


To say "If they want your info, they are going to get it" really has nothing to do with this thread, nor this issue of CC fraud in the vape community. What is specifically happening is e-cig vendors are using shady CC processing companies, and therein lies the problem.


Most online businesses are relatively secure. Especially if they do everything right. OF COURSE no one is 100% fraud/hack proof.....but this massive amount of fraud in the ecig community really needs to be taken care of.

Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.

hoog

 

[DavidOck]

Just a friendly reminder that I've not seen here.

If you have "accounts" with any of the vendors who were robbed of data, change your passwords immediately. If that user name and password is also used anywhere else (bad practice...) change those too.

 

[Myrany]

Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.

hoog

Is it only personal info for orders on those dates that is at risk or is the info of those of us who ordered in past at risk as well?

 

[BigBaby]

Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.

hoog

Thank you for your honesty in the situation. However, this is simply one of those things in life that "sorry" can not undo or make right. I trusted you and now my short, intermediate, and long term financial security as well as my identity have all been compromised.

 

[tA71ana]

Maybe it's a group trying to undermine the success of e cig evolution if it's a lot of e cig vendors.

I'm by no means a conspiracy theorist but I have to wonder about this too.
Attempting to undermine the ecig industry is not outside the realm of possibilities.
I mean, a lot of businesses/corporations/organizations get hacked everyday but seriously it seems to be happening to ecig folks a lot lately.

 

[hoogie76]

Is it only personal info for orders on those dates that is at risk or is the info of those of us who ordered in past at risk as well?

If you've ordered in the past and ordered this weekend then your cc may have been visible to the hackers but only if you placed an order between 6/14/13 2:00 pm or before 06/17/ 9:03 am EST. Orders placed before or after were not at risk.

hoog

 

[hoogie76]

Thank you for your honesty in the situation. However, this is simply one of those things in life that "sorry" can not undo or make right. I trusted you and now my short, intermediate, and long term financial security as well as my identity have all been compromised.

I think being honest about it is the best we can do for now. It's a hassle for everyone involved. We filed a report with the state attorney general, police and FBI. I'm not too much happier about this than you are. I'd love to see a hanging..

hoog

 

[Myrany]

If you've ordered in the past and ordered this weekend then your cc may have been visible to the hackers but only if you placed an order between 6/14/13 2:00 pm or before 06/17/ 9:03 am EST. Orders placed before or after were not at risk.

hoog

Thank you so very much for the clarification.

 

[BigBaby]

Are orders going to be shipping as normal this week, or do you anticipate a delay while you continue to deal with this? I am on the fence about placing my order again, but really do like your selections of parts.

 

[Ferrel1134]

Well if the antz did not ruin the good processors and leave us with crap. Err I digress. Hacking happens all the time. If I get hacked have fun with 5 bucks that I have. My bank would fix it.


On earth so far away.

 

[lladnar550]

I think being honest about it is the best we can do for now. It's a hassle for everyone involved. We filed a report with the state attorney general, police and FBI. I'm not too much happier about this than you are. I'd love to see a hanging..

hoog

Props to Mad Vapes for admitting the hack, not only to the affected customers, but here in a forum as well. I have purchased from them in the past, and will do so in the future. No vendor is unhackable. All they can do is protect your data to the best of their ability, fix any holes found, and swiftly notify you if a compromise occurs. Too many places will wait until the last possible moment the law allows before notifying affected customers after they find a breech. At least with swift notification, you have the ability to head off allot of fraudulent charges before the card information has spread much further than the party responsible for the hack.

 

[MrStik]

Just an FYI, there is no such thing as a completely secure network. Security can never be 100%. Security needs to be good enough so that the thieves will say screw it, and move onto the next target. Same thing with cars and vehicle anti-theft. A car thief can and will take ANY car he or she wants. But of course they will prey on the easiest target.

So in my eyes, if I am to trust personal information to a vendor, they better exhibit enough care to secure my data to the best of their ability. Crap happens and everyone is vulnerable to compromise. It is those who learn from their shortcomings and make damn sure to prevent any future embarrassments that I commend. And mostly, I would commend those vendors who saw the writing on the wall and enhanced their security before they got breached.

Good job to madvapes for recognizing the breach, and closing it up as quickly as possible. Kudos for being transparent and admitting fault. That makes for a very mature and professional vendor.