MyFreedomSmokes was hacked!

[gnees]

A MFS purchase got my card hacked over a year ago. Now again?

I'm sorry for all the people that this affected.

I work for a mail order company, and know that 80% of company's can NOT recoup from a hack. So for MFS to be hit twice, and still be up and running. I would look inside the company, or their web hosting company. It seems to small of a number to me.

I would love to see how they pass a yearly PCI evaluation. And they should have quarterly scans (at the least) that have to be sent to their banks. To stay in compliance.

Glad I have 12 liters of NIC in the freezer. Never again.

 

[go_player]

Why are they storing all that information? That's fishy to begin with. They only the need the Authorization number for the charge from the bank to guarantee they get paid. They should never under any circumstances store the 3 digit verification code and shouldn't even store the cc number unless you want to keep it on file, then make you re-enter the 3 digit number whenever you use it..

Yep. I do things like this for a living, and if they'd hired me this wouldn't have been possible, because we _would have thrown the necessary information away after authorizing the card_, etc (except under certain circumstances I won't get into here.) That said, they could not have realistically afforded to hire me, so I don't blame them for not having done so.

What does surprise me is that less expensive contractors don't seem to understand this, in the year 2017. It's not like it takes extra work to _not_ store information. If you're Amazon, and have Amazon's infrastructure and security, by all means keep all my info so I can one-click order (still a little shady.) If not, don't store so much info. This doesn't seem hard to me.

 

[gnees]

Not sure why they even ask for the CVV/CVC number. The company I work for never asks for it. It may cost us, half a cent per transaction to do it this way.

 

[numsquat]

I will go back to my original post. If you protect yourself, you can order from any site. If I order from any site, I really won't get hit. I'm sorry but it's on the buyer not the seller to protect the buyer. Outside of cash purchases, it's up to the buyer to protect themselves.

I would not think twice from ordering from them because I know I've protected myself in my methods of ordering online, either from them or anyone else.

 

[Bad Ninja]

I will go back to my original post. If you protect yourself, you can order from any site. If I order from any site, I really won't get hit. I'm sorry but it's on the buyer not the seller to protect the buyer. Outside of cash purchases, it's up to the buyer to protect themselves.

Not if they want my business.
If you can't secure your customers financial information at a simple point of sale transaction you either dont know how to operate a business or you are stealing the info yourself.
Especially after a few years of multiple security breaches.
I ran a business for 2 decades and never had an issue.

I would not think twice from ordering from them because I know I've protected myself in my methods of ordering online, either from them or anyone else.

Maybe you are their target customer, not the normal vaper that have had their cards scammed for over 3 years.

 

[Beamslider]

Well you should take precautions to protect yourself...But it is definitely on the seller to protect any information obtained during a sale.

And no matter if you protect yourself or not....Your information can still be skimmed from or by the site.

 

[David Wolf]

I will go back to my original post. If you protect yourself, you can order from any site. If I order from any site, I really won't get hit.

So tell us how you would protect yourselves ordering from MFS and "not get hit". Even using your bluebird card the minute you load it up you're subject to "getting hit" . The best you can do is minimize the risk window and use a prepaid card, as I do now. Doesn't mean someone can't steal my info and charge something to it.
Online retailers have both a moral and a legal obligation to protect their buyers credit card and other personal information. MFS gets no free pass from me, I won't use them again.

 

[Tonee N]

That's why I have nurmous sources I buy from.

Sent from my SAMSUNG-SM-G870A using Tapatalk

 

[somdcomputerguy]

Removed

That's as asinine as referring to "Internet Explorer" as "Internet Exploder". I don't like IE, so I just don't use it. I very rarely make any kind of negative opinionated type of post, but I just had to now..

 

[numsquat]

So tell us how you would protect yourselves ordering from MFS and "not get hit". Even using your bluebird card the minute you load it up you're subject to "getting hit" . The best you can do is minimize the risk window and use a prepaid card, as I do now. Doesn't mean someone can't steal my info and charge something to it.

I have no accounts linked to the Bluebird. I only load what I'm going to buy with and have carts ready to complete which I can do even before leaving the store. There is never more than $10 on the card until right before the purchase. I don't use any of the other features (savings, fund transfers, etc). I change logon/passwords every three months and only use unique logins/passwords. Even if someone gets my info they can't charge over the balance amount and if there are attempted charges Amex doesn't pay them, will issue you a new card immediately and will transfer my old balance. There is a very slight chance an outside charge could happen right after a reload but it's a very small chance. I only use that card for online purchases except for Paypal.

Online retailers have both a moral and a legal obligation to protect their buyers credit card and other personal information.

I totally agree and also feel consumers need to do everything in their power to protect themselves.

MFS gets no free pass from me, I won't use them again.

I've never used them, probably never will. Just was saying because how I do things I wouldn't be afraid to order from them if I chose to.

 

[WillieB69]

I'm sorry but it's on the buyer not the seller to protect the buyer.

Incorrect.
People should be careful and watch transactions closely and shop only from trusted vendors but it is up to the seller to have the best possible security in place to protect the customer's information. Nothing is foolproof but when your website has been the subject of multiple hacks, it's time to step up your security game.

 

[codger59]

I didn't receive any email either, but my last purchase there was in January - still, just as precaution I canceled card used. Thanks for the heads-up.
I would think that MFS would be required to notify all customers of a breach. Even if not required, it would be a courtesy to any customers they want to keep.
As it is - and with their history - I also requested they cancel/remove my account.

 

[TJVapes]

They're sending emails still. It's just happening in a staged process. You can't send them all at once.

 

[puffon]

When they were hacked last year, it took 4 months to get my e-mail.
My card was compromised before I got the e-mail.

 

[Fozzy71]

They're sending emails still. It's just happening in a staged process. You can't send them all at once.

actually you can quite easily

 

[retired1]

actually you can quite easily

Not if you want to stay off spam blacklists.

 

[Vaping!!!Jables]

I truly do wish they could figure out what is going on. This letter could be a carbon copy of the one I got back in 2015 after they got hacked. Sadly I got bit that time.

If I were a conspiracy theorist I might think a competitor is trying to put them out of business.

More likely that it's an inside job.

Sent from my Z832 using Tapatalk

 

[retired1]

More likely that it's an inside job.

Nope.

I have a pretty good idea how the latest one happened. Has nothing to do with being an inside job. Has everything to do with not keeping their stuff up to date and not availing themselves to additional security checks and routines to prevent unauthorized access.

 

[r77r7r]

Nope.

I have a pretty good idea how the latest one happened. Has nothing to do with being an inside job. Has everything to do with not keeping their stuff up to date and not availing themselves to additional security checks and routines to prevent unauthorized access.

SO, they're ok to order from now?

 

[retired1]

SO, they're ok to order from now?

Given their history, personally I'd never order from them. Ever.