Keep a close eye on your credit card statements

[barbee865]

I've been using my debit cards for purchases lately. We've been paying off debt and not using credit cards for anything. Guess I'll be using credit cards from now on for vape supplies.

 

[cherrycakes]

the good thing w/ debit cards is usually if you don't have money in there the purchases won't go through, lol

 

[Plaz]

The sheer number of people in the vaping community getting hit by this breach is truly stunning.

Thieves suck.

 

[erinspeed]

This just happened to us. 4 charges for $29.99 39.99 29.99 and 29.99. All these were to dating sites. I'm a happily married guy with no reason to go to those sites. My bank didn't catch them. I looked at my online statement and found these charges dated for TOMOROW. Like a post-dated electronic check!.

Scumbags.

 

[jazon1]

i had something similar happen once,someone hacked my first paypal account that i had not even used yet and charged $500 in itunes gift cards,im assuming they just turn around and sell them on ebay to get the cash.luckily my bank blocked the charge from paypal but as it turned out paypal payed them anyways and billed me the $500 and by the time i found out about all this ist was to late for me to do anything about it.

 

[xbassman]

This just happened to us. 4 charges for $29.99 39.99 29.99 and 29.99. All these were to dating sites. I'm a happily married guy with no reason to go to those sites. My bank didn't catch them. I looked at my online statement and found these charges dated for TOMOROW. Like a post-dated electronic check!.

Scumbags.

Same thing here as well...
2 pre-authorizations @ match.com and one @ Napster UK.
We caught it the day they appeared though.

Matter of fact I placed an order with Ave a couple of months ago....

BTW- over the last 20 years I've had a CC compromised 4 or 5 times.
Really, as long as you avoid using Paypal or a debit card it'll never hit your bank account.
My bank has already cancelled my card and dispatched a new one.

 

[tA71ana]

I haven't noticed any funny stuff on any of my accounts yet (there's practically no money in them).
Has anyone determined if these breaches are vendor specific?
I didn't order from BWB or AVE but I have ordered from others.
I know if I see amounts like 0.01 and the like I'm about to be hacked; to see the look on the thief's face when the subsequent 1000.00 transaction is declined would be priceless

 

[GwenB]

I recently had a problem as well. My bank, being the awesome bank that it is, caught the problem and never let anything pass. I ended up cancelling my card and ordering another one. Before I started vaping, I very rarely ordered anything from the internet, though I've never had any problems like that before. There were two attempts on my card that the bank caught. The first was an attempt to preauthorize a $0 purchase from Napster. The second was a $1.95 attempt from Epoch, which is a third party biller for internet companies. Upon investigation, I found that the attempt from Epoch was linked to an...adult related website. No one here at home has access to my card, so it was clear that the culprit is some sort of an identity theft attempt. The bank told me that it's common for them to first attempt to authorize very small amounts to gain access to the card. After that, they clean you out. I was just lucky that my bank of awesomeness caught it before it was approved.

Norton doesn't seem to protect as well as I thought it would. Now, I have a new card. Though, I'm scared to order anything else from the internet. I'm not sure how I'm going to fund my vaping from now on.

Now that you mention it, the attempt happened just a few days after ordering from AVE. Hopefully, AVE can get the situation all sorted out. I agree that they are a very pleasant company to do business with.

I received an email from another vendor that stated it must be viruses on our computers. Really?!
Shame too, it was my favorite Brew!

 

[L7D4N]

Yea well. I do all of that and still got hit!

They don't have a vaild SSL Certificate on avejuice.com, it's a Comodo Free CA/SSL that does not appear to encrypt the Traffic, and without a legitimate SSL Handshake to encrypt the Traffic, it still allows "eavesdropping" as reported by Firefox below:

 

[juicejunky]

Happened to me on my Amex last summer. Thousands charged on Alyssa Keys concert, Olympic event, and Jet Blue airline tickets, movie cameras, etc. Amex picked up on the bad charges before I did and amazingly pretty much knew which were fraud. No sweat for me because they fedexed a new card the next day. The movie camera company called me when the charges were cancelled and the camera was to be shipped somewhere in Georgia. The info they had with the order made it clear that the thieves got my card from an internet transaction. I order from pretty much from the same vendors listed below and one I had ordered my brew the week before. If they hacked a CC processor it is difficult to pinpoint the timing of my order and the theft.

I order many things from the internet, so I can't be 100% sure it is ecig related, but I strongly suspect. I'd be very leery of using a debit card, but Amex made the ordeal pretty painless. First time getting hacked for me.

I no longer store credit card numbers on vendor websites. I even delete mine from Amazon every time I order.

 

[Bullette the Cowdog]

They don't have a vaild SSL Certificate on avejuice.com, it's a Comodo Free CA/SSL that does not appear to encrypt the Traffic, and without a legitimate SSL Handshake to encrypt the Traffic, it still allows "eavesdropping" as reported by Firefox below:

Yes & it has been marked by Norton too. Several months ago I was going to order from them & Norton flagged them. I reported it in the AVE forum here, but my comment was (in effect) criticized by posters & Norton was ridiculed there too.

I chose not to go to their website. Tho I would still be interested in their juice if they got a little more professional.

 

[cherrycakes]

holy crap that's like a catastrophe waiting to happen.
anyone know any more about other vendors that were hit? I heard rawr vapor got it as well?

 

[Plaz]

They don't have a vaild SSL Certificate on avejuice.com, it's a Comodo Free CA/SSL that does not appear to encrypt the Traffic, and without a legitimate SSL Handshake to encrypt the Traffic, it still allows "eavesdropping" as reported by Firefox below:

Whoa. I'm surprised Chrome doesn't catch that and notify the user. I've never seen that from their page before.

EDIT: Actually, I'm not getting that warning with Firefox when I connect via https. Is that an extension?

 

[Day]

Damn glad I used my practically maxed out CC that expires this month for my last AVE order. Can't believe with the amount of money these guys are transacting that some of them don't have encrypted SSL certs. Quite frankly shocking, wish I had known before I even ordered. I didn't really want to blame the vendor at first but damn.

So sorry to hear so many of you got hit. I been buying stuff left and right recently, I'm really going to rethink how I'm doing this.

Curious if those that got hit stored their CC with the vendor?

 

[L7D4N]

Whoa. I'm surprised Chrome doesn't catch that and notify the user. I've never seen that from their page before.

EDIT: Actually, I'm not getting that warning with Firefox when I connect via https. Is that an extension?

Nope, no extension, I just go to https://avejuice.com and click the Globe Icon.

I reviewed all the content on the site and the majority of the code references https://avejuice.com/etc..., however when clicking "Your Basket", it always goes to the HTTP version, no matter what I do. It's possible the SSL Certificate is working, but the encryption isn't sticking throughout the site.

 

[mommyofdoom]

Oh wow that's scary... I hope AVE corrects this. I'd hate to have to find a new ADV.

I spent so much on gross ejuice before I found AVE.

 

[Plaz]

Nope, no extension, I just go to https://avejuice.com and click the Globe Icon.

I reviewed all the content on the site and the majority of the code references https://avejuice.com/etc..., however when clicking "Your Basket", it always goes to the HTTP version, no matter what I do. It's possible the SSL Certificate is working, but the encryption isn't sticking throughout the site.

Yeah, I don't think this is the issue. I just signed on on the site, and the login page was securely encrypted. I added a juice to my cart, and went to the checkout page, and it's properly securely encrypted as well. So someone could sniff in on us browsing juices and look at our carts, but not any checkout information, as far as I can tell.

I'm no expert, but my best guess is that the problem exists upstream of the user-vendor connection. Whether it's an intercept between AVE and Authorize.net or an inside job at Authorize.net, or something else.

 

[tA71ana]

Bumping ........

 

[cappss99]

I have my cc email me when there is a transaction, so I always no when I do it.

 

[Gatillero1980]

Their page is securely encrypted, the https trick is not correct, they relay the http to SSL http (https) once you login into your account, besides, the CC form is located in their CC processor, they don't pass your CC through their servers (this is actually a standard way of doing things).

This is clearly a problem in their CC processor and NOT Ave's fault by any means.

EDIT:

BTW, i was hit on Friday by a $650 charge and i didn't order from AVE, i ordered from BWB, AvidVaper, AltSmoke and WizardLabs.