I would like to add to the above to clarify that JMHO, but the breach is likely NOT at Madvapes or at their processor due to the controls that both have in place. There are many other things that the people who reported these issues might have in common.
- ECF: We know they all post on ECF. It's not likely they picked up some virus here, but it can happen anywhere if you click a bad link.
- Referral: Maybe they all followed the same referral link to MadVapes site that infected them, especially if it promised some discount or coupon.
- Verification: First, I'm not accusing anyone of lying. I just want to point out that without a third party, or MadVapes themselves confirming they have documentation for these transactions, anyone can post anything on a message board.
Frankly, it could be any bad link somewhere on the internet that is common to vaping, or they could all use an unrelated service that somehow installed a keylogger, and it just happened that MadVapes was their first purchase after doing so. The common sense answer is to be careful about what you click on the internet, and to have up to date protections.
Even with that, new bugs are usually out a while before software is updated to detect them, so have one card that you use for online purchases only. Limit the amount that can accessed on that card. Ensure that it has some form of buyer protection.
Also, I want to give kudos to MadVapes for the
testing it's doing on its juices. I would love to see more vendors adopting this.