- Status
Thanks Hoogie for giving us the straight scope on what happened in this case. Over and over threads like this reiterate that the vendor is faultless and all of the blame resides with the cc processor. Well at least in the cases involving madvapes as well as AVE, it was the vendors site itself that was hacked. Not good.
Wonder if these reported hacks perhaps share a common e-commerce web platform rather than a common cc processor?
Thanks for posting an update. I ordered from Madvapes earlier this month, and it was a relief to see I missed the hack dates. Sorry for the people that it happened to. Thieves are a stinky sack of turd holes 
I've read a few posts in this thread where Mad Vapes are given "props" for coming forward about the breach and informing their customer base. I just want everyone to know that when a breach like this happenes there is a legal obligation to inform customers that personal information may have been compromised. So, yeah, props for following the law and potentially avoiding penalties (which they may face anayway if the website wasn't PCI compliant).
Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.
State Security Breach Notification Laws
Security Breach Notification Laws
Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?
I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.
State Security Breach Notification Laws
Security Breach Notification Laws
Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?
I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
This may be the first time MV admits they were hacked, but if you read through all the credit card hacked/compromised threads, MV comes up a lot when people list the vendors they purchased from.
Remember that many, if not most, ecig companies are at the mercy of the CC processors at this time, due to the lack of FDA regulations, and uncertainty of any possible regulations. Therefore, the industry is considered "high risk", which is why most CC processors will not take on an ecig company, and they are left with finding a high risk company to serve their website. Although that doesn't seem to be the case with Mad Vapes here, from what he said earlier, it is a concern in the industry as a whole right now, and may be why we're seeing such high incidents of this. I'm not saying this is true in every case, but in the majority of the cases, the vendors don't have much of a choice in CC processors, regardless of how much they're willing to spend.
Please see this link from Sarge about Online Shopping Safety:
http://www.e-cigarette-forum.com/fo...-discussion-thread-online-shopping-101-a.html
Please see this link from Sarge about Online Shopping Safety:
http://www.e-cigarette-forum.com/fo...-discussion-thread-online-shopping-101-a.html
Moving this thread to the Madvapes sub-forum in order to give Hoogie the ability to communicate in an appropriate area.
From what I understand, the Vendor is only obligated to only inform those who they have done business with, their customers, and only their customers. They may have only offered a public statement due to being outed by one of their customers whom they informed. But regardless they offered a statement, which is more than they needed to. So I give them props for being transparent, for being honest, and for admitting fault and for fixing their flaw.
Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself
hoog
You should be applauded for your forthright manner of dealing with this. I'm new to vaping and have only placed one order with Madvapes, but I will definitely be a return customer thanks to the way you guys have openly responded to this.
I'm a retired software engineering executive with more than a bit of knowledge of web apps and security. I would be shocked if you are the only company susceptible to this sort of attack.
I see your point and I think it's great that they're following the law in their state.
Now, I'm going to play the bad guy here (just go with me on this for a moment): Where is the public statement? Buried in a subforum ECF? There's no "conspicuous posting of the notice" on madvapes.com. Wouldn't that be a better place for a public statement? But, the law in their state doesn't call for that unless specific criteria are met. But, still, if they're going to be completely open & honest, wouldn't a conspicuous notice on the homepage be just a wee bit better than a post in a subforum on ECF? No?
As someone else said earlier, your ECF handle is well-deserved.
If you think this is a one-time problem with these guys, you are delusional.
You say you trusted your long-term financial security with an (any) online vendor? Well, that's a problem in and of itself.
Stop playing russian roulette and look into virtual credit cards or pre-paids.
Don't be so quick to be hard on MadVapes about this. Any vendor can get hacked by a talented enough black hatter. What is important is how they address such an event. Props to MadVapes for cancelling the orders and alerting their customers to the security breach.
However, I do wish more vendors would use more secure methods of dealing with CC#s like PayPal instead of trying to handle all the transaction security themselves. Using a third party that's specifically dedicated to securing online transactions would take a lot of the pressure and work off of them, and keep their customers more secure.
However, I do wish more vendors would use more secure methods of dealing with CC#s like PayPal instead of trying to handle all the transaction security themselves. Using a third party that's specifically dedicated to securing online transactions would take a lot of the pressure and work off of them, and keep their customers more secure.
If you're concerned about your financial security... then stop buying stuff online, and shut down your online access to your bank account.
If you're concerned about your identity... get off the internet completely.
I can guarantee you that this is probably not the first time your financial information is going to be compromised if you continue to make online purchases. I can also guarantee you that your identity has ALREADY been compromised if you have been online for at least a year... and that certainty only drops to around 70% if you've been online for 6 months.
"Snowden" ring any bells?
Last edited:
Only in the US. There are a few vendors that ship to the US that are headquartered in other countries that have no problem accepting Paypal. I hate Paypal, myself. I really hate the fact that they somehow buckled and put a restriction on e-cig vendors ONLY in the US. Who paid them off?
The one reason I like PayPal is it acts like an extra layer between your bank account and your online purchases, keeping your bank info private, and allowing unauthorized transactions to be reversed/stopped. I've never had a problem getting my money back via PayPal.
Yes, I believe you're correct. I should have put U.S. in there. Thanks for the correction
FYI this thread WAS in the general forum. It was moved here by a mod. SO lay off the vendor on that one.
Wow glad I saw this. Was just about to put an order through for a tank airflow controller. No point in getting my information stolen yet again (about a month ago from a different site) over a $2.95 airflow controller lol. Maybe I'll look around elsewhere.
- Status
Similar threads
