I placed an order with MV over the weekend and got the email. Just wandering if anyone has actually had fraudulent charges put on their card.
- Status
Correct, THIS thread was, not the "public statement" by mad vapes.
This thread was started by an ecf member who posted the email received from mad vapes.
So, I maintain the position that if mad vapes is being transparent they can go beyond the letter of the law and post a notice on their homepage so ALL customers can be informed, not just the ones they contact directly or happen to see the postings on ecf.
Mad vapes are under no legal obligation to do so, however. They are required to do what the law in their state specifies, and other than a post buried in a sub forum on ecf, that's what they seem to be doing. So, in effect (in my opinion) they are doing what the law in their state requires, which is great and I commend them for that.
Maybe "Public" was not the best word. They did put out a statement, and it was on ECF, and this thread which Madvapes came to make the statement in response to a member (and a customer) posting up the email they sent out to their customers. This thread was in General Discussion before it was moved to this subforum.
Mad vapes already has gone past what they were required to do. Coming into this forum and facing the very people who likely got hurt by this is NOT required by the law. Frankly I think it took a great deal of courage to do. Sending out the emails to the customers directly is all they had to do. They did more.
And it has been acknowledged, but all it involved was a post on a forum, not their website.
Acknowledged many times.
Let's get real. They didn't have much of a choice. By law they had to notify their customers and I'll bet there was a lot of discussion on what to post on ecf. With all the credit card fraud being discussed lately they had to post something after notifying their customers who may have been directly affected.
Again, acknowledged many times. But, the "more" equals a post on a forum (which is actually kind of buried). That's it.
I'm just trying to keep things real. They did what was required by law & little else, which is actually fine. They don't need to go above & beyond what is required.
Nobody has responded to this question though: A notice on their website be better than a post in an ecf sub forum, wouldn't it?
Again, no legal obligation to do so, so it's not going to happen.
Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself. Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.
hoog
Thank you for giving us more information, and THANK YOU for replying to this thread. Any vendor that takes time out of their busy day to come on these forums, and discuss ANY issue with us is A-OKAY in my book.
Sorry to hear you have been targetted by hackers
. I hope it didn't affect your business TOO much. Best of luck!
Great advice. Thank you for posting it in this thread!
Anyone who uses accounts with vendors (sign in with e-mail/pass combo), I would change your passwords every 7-10 days or so. Also, make sure you NEVER use the same e-mail/pass combo for multiple vendors, OR for the forums.
In other words.....if you are using the same e-mail for multiple accounts (for example, ECForums, plus say 2 vendors), make sure your password is DIFFERENT FOR EACH AND EVERY ACCOUNT.
If ONE site gets compromised....and you use the same e-mail/pass combo elsewhere.....that means EVERYWHERE you use the same e-mail/pass will be compromised as well. You don't want that!
I want to Applaud Madvapes for being Open about a Breach in their Security.
I'm not Exactly thrilled about the Concept of my CC info being Hacked. Because I placed an order on 6-14-13. But I do at least feel a Little Better that since my order was done in the AM, that I might not Effected.
To the OP. I understand your frustration I was nailed two about two weeks ago. It sucks, but at least MV did tell you and cancelled your order to play it safe. Now venders do need to reevaluate who they are using to protect our orders and info, but even the big boys get hacked it's all about the will of the hacker. They know that many of us are ordering online for our main way of doing things. We are a low hanging fruit out there and they also know that a mom and pop e-cig vender does not have the reach of someone like Verizon or Amazon to chase after them, or the money to afford some of the better protection out there. There is not one free or really cheap service out there that everybody can use and be 100% secure it just won't happen.
While the venders have their part to play in hunting around to see what else they can do for us we also need to accept what small online business is and take this into consideration and take the steps WE have to for our own good. Separate vaping account, reloadable gift cards whatever you need. It's not always what the other guy can do sometimes you have to take accountability for yourself too.
While the venders have their part to play in hunting around to see what else they can do for us we also need to accept what small online business is and take this into consideration and take the steps WE have to for our own good. Separate vaping account, reloadable gift cards whatever you need. It's not always what the other guy can do sometimes you have to take accountability for yourself too.
To individuals asking MadVapes to post a message on their main site about the hacking incident:
You do realize this will accomplish "nothing", right? It won't alert people that were potentially at risk because all of the individuals were already notified by e-mails. MadVapes knows who was possibly affected and they informed them. The only thing that posting on their main page will accomplish is to scare old and new customers that weren't affected. Any business in the world that willingly posts a big flashing message on their main page that indicates they were victim to a security breach should dissolve and close up shop because that action is nothing short of shooting yourself in the foot to try cure a headache.
I'm reading a lot of posts that have anger directed at MadVapes. Really? You think MadVapes (or any business) wants to admit they fell victim to something that plagues the entire internet? Every company that chooses to do business on the web falls prey to this. It doesn't matter if you're MadVapes or Microsoft. Is anyone aware of the mess Sony went through with hacking months ago? It took months for them to dig themselves out and the incident involved millions who were harmed and inconvenienced a great deal more. Additionally, it took over a week for Sony to announce that they were breached (further putting their customers at risk), versus the day it took for MadVapes.
Look, no business wants to be the victim of hacking and especially to have to admit to their customers when an attack happens but this is the world we live in. Online stores worry about hackers and fraudulent customers. Physical "brick and mortar" stores worry about robbers and shoplifters.
What's important is to remember that MadVapes was a victim too. They didn't ask for this and they certainly didn't want to deal with the cleanup but they stepped up to the plate and they did what needed to be done and, as far as I'm concerned, they hit a homerun with their efforts.
I think a lot of the anger and disappointment I'm reading in this thread is misdirected because people are upset and they want a target to direct it at but the "real" culprits are unreachable so they are aiming all their frustration at MadVapes. That's sad. If anything, they should at least try to realize that they are beating up another victim and doing nothing to the real perpetrators.
You do realize this will accomplish "nothing", right? It won't alert people that were potentially at risk because all of the individuals were already notified by e-mails. MadVapes knows who was possibly affected and they informed them. The only thing that posting on their main page will accomplish is to scare old and new customers that weren't affected. Any business in the world that willingly posts a big flashing message on their main page that indicates they were victim to a security breach should dissolve and close up shop because that action is nothing short of shooting yourself in the foot to try cure a headache.
I'm reading a lot of posts that have anger directed at MadVapes. Really? You think MadVapes (or any business) wants to admit they fell victim to something that plagues the entire internet? Every company that chooses to do business on the web falls prey to this. It doesn't matter if you're MadVapes or Microsoft. Is anyone aware of the mess Sony went through with hacking months ago? It took months for them to dig themselves out and the incident involved millions who were harmed and inconvenienced a great deal more. Additionally, it took over a week for Sony to announce that they were breached (further putting their customers at risk), versus the day it took for MadVapes.
Look, no business wants to be the victim of hacking and especially to have to admit to their customers when an attack happens but this is the world we live in. Online stores worry about hackers and fraudulent customers. Physical "brick and mortar" stores worry about robbers and shoplifters.
What's important is to remember that MadVapes was a victim too. They didn't ask for this and they certainly didn't want to deal with the cleanup but they stepped up to the plate and they did what needed to be done and, as far as I'm concerned, they hit a homerun with their efforts.
I think a lot of the anger and disappointment I'm reading in this thread is misdirected because people are upset and they want a target to direct it at but the "real" culprits are unreachable so they are aiming all their frustration at MadVapes. That's sad. If anything, they should at least try to realize that they are beating up another victim and doing nothing to the real perpetrators.
Last edited:
Just got off the phone with MV. Ended up re-placing my order from over the weekend. Dude said that in the future, I can just put whatever items I want in my online shopping cart, give them a call, have them pull it up, and pay for it over the phone. Sounds about as secure as swiping my card at a B&M store to me.
Ahh why do you think a phone call giving your number to a real person is secure....think about it ?? And in no way am I saying mv has bad employees just in general the most insecure way of handling your credit card
I never received any emails from madvapes. I did place an order a week ago Friday. I'm still waiting on my pkg. I sent a ticket, but yet to be replied.
I do agree with your points. My only point is that this could happen whether its a hacker online, or a disgruntled employee at a pos (point of sale, not, well, you know lol). To place ALL the blame on the vendor is overlooking the bigger issue, which is that there is a massive amount of fraud in all areas of the virtual spending world which no legal agencies seem to be doing much about these days. Not to mention the issuing agencies which do next to nothing proactively (like immediately sending an e-mail as soon as they found a problem) unless you pay extra for their fraud monitoring services... I think you and I are on the same page here, I was just making the point that the blame goes far beyond just the vendor...
I honestly hope that I didn't make you feel worse about this, I never intended to insinuate that you were in the wrong for being mad at madvapes, just saying that the blame doesn't stop at their door... Personally, I do think it says something that they let you know though, a lot of places wouldn't bother. While it can never make up for what happened, they at least didn't take the money and run, and leave you in the dark. Very little consolation, I know. But I do recognize that you were the victim and have every reason to be upset about this...
I don't see how MadVapes can be blamed (unless they did some bonehead thing which hasn't been revealed).
I do some freelance work for companies which take privacy/security very seriously. For this work, I use computers. Not the computer I'm using to send this message -- that would be impossible because, obviously, this one is connected to the Internet. Every so often, one client or another will send out a tech to audit my equipment, mainly checking that those computers aren't, and can't be, connected to the Internet or WiFi. Why? If it's connected to the Internet, it can't be 100% secure! You can stack as many firewalls on top of firewalls on top of firewalls as you want and use twenty-seven different user-recognition programs simultaneously, and it doesn't matter -- as Samuel Johnson said: "There is no problem the mind of man can set that the mind of man cannot solve."
My order was canceled, and I'm not reordering (MV no longer carries what I need most, so after I placed my order, I had to go to another vendor, and I ended up spending more than I'd expected), but I still trust MV, and I'm sure they've learned a lot from this experience.
I do some freelance work for companies which take privacy/security very seriously. For this work, I use computers. Not the computer I'm using to send this message -- that would be impossible because, obviously, this one is connected to the Internet. Every so often, one client or another will send out a tech to audit my equipment, mainly checking that those computers aren't, and can't be, connected to the Internet or WiFi. Why? If it's connected to the Internet, it can't be 100% secure! You can stack as many firewalls on top of firewalls on top of firewalls as you want and use twenty-seven different user-recognition programs simultaneously, and it doesn't matter -- as Samuel Johnson said: "There is no problem the mind of man can set that the mind of man cannot solve."
My order was canceled, and I'm not reordering (MV no longer carries what I need most, so after I placed my order, I had to go to another vendor, and I ended up spending more than I'd expected), but I still trust MV, and I'm sure they've learned a lot from this experience.
Welp, I placed an order right in the beginning of the time frame referenced... but my card was charged, and I got the shipping info via email. Normally, I would have gotten the package by now, but it hasn't arrived yet... And oddly, the tracking number shows nothing on the USPS tracker other than "Electronic Shipping Info Received"
To add to what others have mentioned, I too use a "disposable" pre-paid credit card for my online ordering and keep just enough on it for orders and to keep it active when not using it. I currently have about 9 bucks on it lol...
To add to what others have mentioned, I too use a "disposable" pre-paid credit card for my online ordering and keep just enough on it for orders and to keep it active when not using it. I currently have about 9 bucks on it lol...
"Just received an email from madvapes......thanks a lot guys , for letting someone steal my info and canceling my order."
With attitudes like that its no wonder other vendors don't step up. Geeeez... they protected you for pete's sake! How much trouble is it to replace the order compared to all the crap dealing with the CC company and waiting for a new card if it got comromised? Give Madvapes some credit already. I delayed placing an order there because I heard the scuttlebutt but now would have no problems seeing that they CARE and are ON IT that fast. We need more vendors like them. And... no... I have never been a fanboy of any vendor.
With attitudes like that its no wonder other vendors don't step up. Geeeez... they protected you for pete's sake! How much trouble is it to replace the order compared to all the crap dealing with the CC company and waiting for a new card if it got comromised? Give Madvapes some credit already. I delayed placing an order there because I heard the scuttlebutt but now would have no problems seeing that they CARE and are ON IT that fast. We need more vendors like them. And... no... I have never been a fanboy of any vendor.
"Just got off the phone with MV. Ended up re-placing my order from over the weekend. Dude said that in the future, I can just put whatever items I want in my online shopping cart, give them a call, have them pull it up, and pay for it over the phone. Sounds about as secure as swiping my card at a B&M store to me."
If you use a card to pay, it has to go through the same processing center whether placed on the net or over the phone. But on the phone you are, additionally, divulging your info to a third party (the vendor) who doesn't normally see it. Not a good idea.
If you use a card to pay, it has to go through the same processing center whether placed on the net or over the phone. But on the phone you are, additionally, divulging your info to a third party (the vendor) who doesn't normally see it. Not a good idea.
- Status
Similar threads
