Vaporshark DNA200

[teyres]

Yeah one week after I bought a dna200 from their site I got a text msg from my bank saying someone was trying to use my credit card and if it was legit press yes if fraudulant press no, the card was blocked and cancelled immediately so no harm done but what a dodgy bunch of aholes

 

[HandsomeStan]

I actually cancelled my pre order for this, wanted to wait till the issues are ironed out as it's a chore returning it from the uk, ill be keeping a close eye on this thread. I'm getting impatient though and want one yesterday!

ThunderDan, I know it's a chore returning things but you should be able to press that fire button anyway you like, I'd get them to sort it mate before your warranty expires.

 

[AdubbaU]

VS site security has been recently upgraded, you should see some additional certifications. Would be surprised if these upgrades did not resolve the issues with security. Not sure about when they were implemented. My VS going back for a warranty issue and going to add nano coating and shark skin and contacted them yesterday.

All vape and some other online purchases go on prepaid AMEX card, $1 per month fee sometimes. If compromised credit is quick and they 2nd day a replacement card.

Sent from my unknown using Tapatalk

 

[Spirometry]

I just found 7 charges over 5 days to USPS in Wash DC on the card I used to buy my DNA200. All the charges were under $100 so it didn't get flagged.

I believe we ordered on the same day. We really did get the Labor Day "Special"

Good news is, I like the mod and haven't had any problems with it.

 

[moneymike]

So has anyone been contacted by VS about this yet? Florida has some of the biggest penalties for failure to notify affected individuals of a security breach within 30 days. $1000 a day for the next month and $50,000 for each following month (up to 180 days or $500,000). Here's a few sections from the Florida Information Protection Act, most states have similar requirements.

http://www.leg.state.fl.us/statutes...ng=&URL=0500-0599/0501/Sections/0501.171.html

501.171 Security of confidential personal information.—


(1) DEFINITIONS.—As used in this section, the term:

(a) “Breach of security” or “breach” means unauthorized access of data in electronic form containing personal information.

(b) “Covered entity” means a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information.

(c) “Customer records” means any material, regardless of the physical form, on which personal information is recorded or preserved by any means, including, but not limited to, written or spoken words, graphically depicted, printed, or electromagnetically transmitted that are provided by an individual in this state to a covered entity for the purpose of purchasing or leasing a product or obtaining a service.

(g) “Personal information” means either of the following:
a. An individual’s first name or first initial and last name in combination with any one or more of the following data elements for that individual:
(III) A financial account number or credit or debit card number, in combination with any required security code, access code, or password that is necessary to permit access to an individual’s financial account;
b. A user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.


(4) NOTICE TO INDIVIDUALS OF SECURITY BREACH.—

(a) A covered entity shall give notice to each individual in this state whose personal information was, or the covered entity reasonably believes to have been, accessed as a result of the breach. Notice to individuals shall be made as expeditiously as practicable and without unreasonable delay, taking into account the time necessary to allow the covered entity to determine the scope of the breach of security, to identify individuals affected by the breach, and to restore the reasonable integrity of the data system that was breached, but no later than 30 days after the determination of a breach or reason to believe a breach occurred unless subject to a delay authorized under paragraph (b) or waiver under paragraph (c).

(b) If a federal, state, or local law enforcement agency determines that notice to individuals required under this subsection would interfere with a criminal investigation, the notice shall be delayed upon the written request of the law enforcement agency for a specified period that the law enforcement agency determines is reasonably necessary. A law enforcement agency may, by a subsequent written request, revoke such delay as of a specified date or extend the period set forth in the original request made under this paragraph to a specified date if further delay is necessary.

(c) Notwithstanding paragraph (a), notice to the affected individuals is not required if, after an appropriate investigation and consultation with relevant federal, state, or local law enforcement agencies, the covered entity reasonably determines that the breach has not and will not likely result in identity theft or any other financial harm to the individuals whose personal information has been accessed. Such a determination must be documented in writing and maintained for at least 5 years. The covered entity shall provide the written determination to the department within 30 days after the determination.

(d) The notice to an affected individual shall be by one of the following methods:
1. Written notice sent to the mailing address of the individual in the records of the covered entity; or
2. E-mail notice sent to the e-mail address of the individual in the records of the covered entity.

(e) The notice to an individual with respect to a breach of security shall include, at a minimum:
1. The date, estimated date, or estimated date range of the breach of security.
2. A description of the personal information that was accessed or reasonably believed to have been accessed as a part of the breach of security.
3. Information that the individual can use to contact the covered entity to inquire about the breach of security and the personal information that the covered entity maintained about the individual.

(f) A covered entity required to provide notice to an individual may provide substitute notice in lieu of direct notice if such direct notice is not feasible because the cost of providing notice would exceed $250,000, because the affected individuals exceed 500,000 persons, or because the covered entity does not have an e-mail address or mailing address for the affected individuals. Such substitute notice shall include the following:
1. A conspicuous notice on the Internet website of the covered entity if the covered entity maintains a website; and
2. Notice in print and to broadcast media, including major media in urban and rural areas where the affected individuals reside.

(g) Notice provided pursuant to rules, regulations, procedures, or guidelines established by the covered entity’s primary or functional federal regulator is deemed to be in compliance with the notice requirement in this subsection if the covered entity notifies affected individuals in accordance with the rules, regulations, procedures, or guidelines established by the primary or functional federal regulator in the event of a breach of security. Under this paragraph, a covered entity that timely provides a copy of such notice to the department is deemed to be in compliance with the notice requirement in subsection (3).


(9) ENFORCEMENT.—

(a) A violation of this section shall be treated as an unfair or deceptive trade practice in any action brought by the department under s. 501.207 against a covered entity or third-party agent.

(b) In addition to the remedies provided for in paragraph (a), a covered entity that violates subsection (3) or subsection (4) shall be liable for a civil penalty not to exceed $500,000, as follows:
1. In the amount of $1,000 for each day up to the first 30 days following any violation of subsection (3) or subsection (4) and, thereafter, $50,000 for each subsequent 30-day period or portion thereof for up to 180 days.
2. If the violation continues for more than 180 days, in an amount not to exceed $500,000.

The civil penalties for failure to notify provided in this paragraph apply per breach and not per individual affected by the breach.

 

[ThunderDan]

I actually cancelled my pre order for this, wanted to wait till the issues are ironed out as it's a chore returning it from the uk, ill be keeping a close eye on this thread. I'm getting impatient though and want one yesterday!

ThunderDan, I know it's a chore returning things but you should be able to press that fire button anyway you like, I'd get them to sort it mate before your warranty expires.

I don't think it's really an issue, I haven't been having any problems lately, just those first couple days. I thought I had to be careful pressing the button, but it seems that was just in my head too.

 

[KTMRider]

VS site security has been recently upgraded, you should see some additional certifications. Would be surprised if these upgrades did not resolve the issues with security. Not sure about when they were implemented. My VS going back for a warranty issue and going to add nano coating and shark skin and contacted them yesterday.

All vape and some other online purchases go on prepaid AMEX card, $1 per month fee sometimes. If compromised credit is quick and they 2nd day a replacement card.

Sent from my unknown using Tapatalk

My CC company protects me from fraudulent charges. They're very quick to credit my account of the disputed charges and send replacement cards while they investigate. I use 2 cards for internet purchases only so it's not really an inconvenience to me.

I believe we ordered on the same day. We really did get the Labor Day "Special"

Good news is, I like the mod and haven't had any problems with it.

Heh. Looking back at my orders from VS, the same cc was used for my last purchase in May '15 (different card # then) and it was also used in fraudulent charges. Looks like I'm done ordering from VS. Too bad because the rDNA40 and DNA200 are my 2 favorite mods in my rotation and I need a sharkskin for my DNA200.

I don't think it's really an issue, I haven't been having any problems lately, just those first couple days. I thought I had to be careful pressing the button, but it seems that was just in my head too.

I noticed if you press the fire button lightly on an angle, it can cause it to lock. I agree, it's not really a big deal for me. Just press a bit harder than you normally would and the issue is gone. My only concern is the finish on the fire button. I hope it lasts longer than it did on my rDNA40.

 

[Tpat591]

$736.89 Fraudulent charge on my card for some phones out of Miami Fla on my card 4 days ago. Thanks for the heads up. Told my card representative I only checked my card because I read on this forum that others who ordered from Vaporshark were hit as well.

Thanks for the heads up guys. This has been going on for a while with Vaporshark hasn't it? I swear I heard something about this a year ago happening when orders were placed from Them and it is still going on?

 

[moneymike]

$736.89 Fraudulent charge on my card for some phones out of Miami Fla on my card 4 days ago. Thanks for the heads up. Told my card representative I only checked my card because I read on this forum that others who ordered from Vaporshark were hit as well.

Thanks for the heads up guys. This has been going on for a while with Vaporshark hasn't it? I swear I heard something about this a year ago happening when orders were placed from Them and it is still going on?

Wow! This is exactly why they need to send out an email to everyone that purchased from them recently. We shouldn't have to find out about this through a 3rd party site or check our accounts for fraud everyday. I already replaced my card so I don't have to worry about this crap. And yes people have been reporting identity theft after using their site since the dna40.

They've probably been trying to keep it quiet because this could literally cost them millions. According to Reuters the average cost of a security breach this year is $150 per record stolen which includes hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims. Assuming 10k dna200s have been sold by now that's $1.5m not to mention the individual state penalties for not notifying customers in 30 days...

 

[iwarzon]

I purchased one last week will update if this happens

 

[Tpat591]

Wow! This is exactly why they need to send out an email to everyone that purchased from them recently. We shouldn't have to find out about this through a 3rd party site or check our accounts for fraud everyday. I already replaced my card so I don't have to worry about this crap. And yes people have been reporting identity theft after using their site since the dna40.

They've probably been trying to keep it quiet because this could literally cost them millions. According to Reuters the average cost of a security breach this year is $150 per record stolen which includes hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims. Assuming 10k dna200s have been sold by now that's $1.5m not to mention the individual state penalties for not notifying customers in 30 days...

You mean now besides the cc fraud I literally have to be worried that my identity will be stolen as well?

You know I never made the connection before but in July I had found 5 Simm cards in my mailbox from T Mobile for the 5 cell phones "I bought" from them. I called T Mobile immediately and reported this as fraudulent. A couple of days later got the bill for them at the house of like $836 or so billed directly in my name and not on my card. It was about a month after I ordered some subtank ni200 coils from them.

Probably from them as well now that I think about it.

 

[moneymike]

You mean now besides the cc fraud I literally have to be worried that my identity will be stolen as well?

You know I never made the connection before but in July I had found 5 Simm cards in my mailbox from T Mobile for the 5 cell phones "I bought" from them. I called T Mobile immediately and reported this as fraudulent. A couple of days later got the bill for them at the house of like $836 or so billed directly in my name and not on my card. It was about a month after I ordered some subtank ni200 coils from them.

Probably from them as well now that I think about it.

Your identity was already stolen when somebody used your name and card number to make unauthorized purchases. A data breach just means that someone hacked their system and obtained personal information. Identity theft is actually using that info to commit fraud. Most breaches only result in a small percent of identity theft so considering they all happened around the same time I think its perfectly logical to assume VS is to blame and that everyone's info was compromised.

 

[jseah]

I've placed 4 orders with Vaporshark.....3 in April (for the rDNA40 and two orders of coils) and one at the end of August for the DNA200. So far no fraudulent charges on my account. When you placed your orders, did you check the box for them to save your cc details? If you did, that may be where the thieves are obtaining the card info.

 

[Tpat591]

I've placed 4 orders with Vaporshark.....3 in April (for the rDNA40 and two orders of coils) and one at the end of August for the DNA200. So far no fraudulent charges on my account. When you placed your orders, did you check the box for them to save your cc details? If you did, that may be where the thieves are obtaining the card info.

Never did that. Count yourself lucky so far. Keep an eye on your credit. Someone who works there is dirty.

 

[KTMRider]

I've placed 4 orders with Vaporshark.....3 in April (for the rDNA40 and two orders of coils) and one at the end of August for the DNA200. So far no fraudulent charges on my account. When you placed your orders, did you check the box for them to save your cc details? If you did, that may be where the thieves are obtaining the card info.

I don't save my cc info with any online store. The cc I used to buy a DNA200 was a new acct number from the same bank because of fraudulent charges after buying a DNA40 in May of this year.

 

[HandsomeStan]

Woah ill be keeping an eye on my bank account!

Just a heads up if no one has spotted it, dna200 sharks kins are finally in stock
http://www.vaporshark.com/dna-200-shark-skins
Should be included with the vs 200 really

 

[thermoplastics]

So has anyone been contacted by VS about this yet? Florida has some of the biggest penalties for failure to notify affected individuals of a security breach within 30 days. $1000 a day for the next month and $50,000 for each following month (up to 180 days or $500,000). Here's a few sections from the Florida Information Protection Act, most states have similar requirements.

http://www.leg.state.fl.us/statutes...ng=&URL=0500-0599/0501/Sections/0501.171.html

Maybe everyone who has had their CC stolen through VS should start reporting them to the FTC?
https://www.ftccomplaintassistant.gov/#crnt&panel1-1

 

[moneymike]

Maybe everyone who has had their CC stolen through VS should start reporting them to the FTC?
https://www.ftccomplaintassistant.gov/#crnt&panel1-1

Well I would hate for them to go out of business (especially before our warranty runs out) but they need to realize how serious this is. I just ordered a shark skin with bitcoin because there was no way I was giving them my new card info. Thats the last thing I'll buy on their site until this is properly addressed.

For anyone interested, Circle allows you to instantly add money from a debit or credit card and send bitcoin for free. Most other sites take a few days to verify your info.

 

[ThunderDan]

I like the "Available in a variety of vibrant, eye-catching colors" part. Black is truely the most vibrant eye catching color I've seen, such variety.

 

[moneymike]

Didn't notice that. I wanted black anyways but was expecting to see a menu with more color options.