I want a sharkskin but won't order anything from their site anymore.
Vaporshark DNA200
- Thread starter KTMRider
- Start date
- th_trl_thread_readers 0
- Status
$3.50 for US residents but still not worth dealing with cancelling a cc again.
It happened just after my last 2 orders from VS. They need to find a more secure transaction processing center.
What if you just buy one of those preloaded visa or whatever cards from Wal-Mart etc. Won't they work the same as a real cc or debt card? Use it one time and toss it.
Shouldn't have to just to make a purchase from a reputable vendor. If they can't stop this fraud properly, I wont do business with them on principle.
I figured there would be a follow up post along the lines of "shouldn't have to" and you're 100% right. I'm just saying, as a workaround. Considering you really need a shark skin on a VS mod or your shark peels.
If you were to contact VS they would tell you they have recently upgraded site security, you will see a security seal on site that was not there previously, hope this fixes the problem. I would agree to prior comments that letter / email should have been sent out whenever they identified the problem. Not going to worry or stress over it, worst case cancel a card. 100% no matter the vendor need to be smart, for most part if unsure will only use Serve AMEX card, if site does not take, then will find elsewhere. Max I keep on there is 200-300, replacement is 2nd day ups if fraud.
I also will only pay cash at any fast food place, you are providing your card to a high school student or minimum wage worker. Just be smart. VS F'd up, if they fixed as claimed I am good with that. We have had a number of client sites hacked, fix it quickly provide options to prevent and move on. Anyway just saying seems to be getting blown out of proportion and not heard much in way of people contacting source and getting real info.
Sent from my unknown using Tapatalk
I also will only pay cash at any fast food place, you are providing your card to a high school student or minimum wage worker. Just be smart. VS F'd up, if they fixed as claimed I am good with that. We have had a number of client sites hacked, fix it quickly provide options to prevent and move on. Anyway just saying seems to be getting blown out of proportion and not heard much in way of people contacting source and getting real info.
Sent from my unknown using Tapatalk
My order was after the Sucuri site security update.
Vaporshark need to put into consideration that their site may not of been hacked and this could be a result of an inside job.
Vaporshark need to put into consideration that their site may not of been hacked and this could be a result of an inside job.
The VS site is under maintenance and before I forget to ask: does the DNA200 have wireless charging? If yes, can I buy any Qi thingy for that?
Sucuri is a website security validation certificate, not unlike Symantec AntiVirus. It's bs. It does not test transaction processing which is where the problem and security issue lies.
The DNA200 does not have wireless charging. I love Qi charging and use it on my phone and tablet every day and it works great. I also have a rDNA40 that does have wireless charging built in but never use it because it gets too hot so I've been either plugging it in via USB or swapping out the battery. I'm glad they left it out on the DNA200.
The DNA200 does not have wireless charging. I love Qi charging and use it on my phone and tablet every day and it works great. I also have a rDNA40 that does have wireless charging built in but never use it because it gets too hot so I've been either plugging it in via USB or swapping out the battery. I'm glad they left it out on the DNA200.
SECURITY UPDATE
At Vapor Shark, we understand that in today’s world your personal and private information is more important than ever. In late June of this year, we began receiving mixed data regarding a possible breach of security on our retail website. Despite us not immediately understanding the full scope, extent, or cause of what was happening, we immediately had our developers research the issue and ramp up security measures to ensure data safety and security during our investigation which has now been concluded.
Upon further examination, we discovered malicious code which appeared to have been siphoning credit card information from our retail, customer-facing website on or after June 23rd, 2015. Our wholesale website was not affected.
A Sucuri.net blog from the same date released a notice regarding a recently discovered Magento vulnerability which quietly attaches to your code and makes it virtually undetectable unless you actively seek it out, which we did.
See more info on that blog here.
The malicious code was immediately contained, isolated, and completely removed by July 14th, 2015. To supplement our internal security measures, we enrolled the services of Sucuri.net, a leader in internet commerce security. Our website, which is hosted by Amazon, is scanned by Sucuri.net on a daily basis for viruses, malware, and spyware. If any malicious content is found with Sucuri.net it is immediately flagged, isolated, and removed by the development team. Additionally, our site is also protected from intrusion by Incapsula, the same company and service that secures companies like eHarmony, WIX, Newsweek, SIEMENS and Motley Fool.
If you have reason to believe that you may have been affected, please contact your card issuing bank and inform them. We are working with VISA, MasterCard, and American Express regarding this issue and they will be able to address your concerns adequately.
We sincerely apologize for any inconvenience this may have caused. Vapor Shark takes the safety of your personal and private information very seriously. Our website has been free of malicious code since we discovered and corrected the issue; it is secure, it is safe and it is being monitored on a 24 hour schedule. You can check the status of our site at anytime going forward by clicking on the Sucuri banner at the top of our home page or by clicking this link.
Thank You,
Vapor Shark
At Vapor Shark, we understand that in today’s world your personal and private information is more important than ever. In late June of this year, we began receiving mixed data regarding a possible breach of security on our retail website. Despite us not immediately understanding the full scope, extent, or cause of what was happening, we immediately had our developers research the issue and ramp up security measures to ensure data safety and security during our investigation which has now been concluded.
Upon further examination, we discovered malicious code which appeared to have been siphoning credit card information from our retail, customer-facing website on or after June 23rd, 2015. Our wholesale website was not affected.
A Sucuri.net blog from the same date released a notice regarding a recently discovered Magento vulnerability which quietly attaches to your code and makes it virtually undetectable unless you actively seek it out, which we did.
See more info on that blog here.
The malicious code was immediately contained, isolated, and completely removed by July 14th, 2015. To supplement our internal security measures, we enrolled the services of Sucuri.net, a leader in internet commerce security. Our website, which is hosted by Amazon, is scanned by Sucuri.net on a daily basis for viruses, malware, and spyware. If any malicious content is found with Sucuri.net it is immediately flagged, isolated, and removed by the development team. Additionally, our site is also protected from intrusion by Incapsula, the same company and service that secures companies like eHarmony, WIX, Newsweek, SIEMENS and Motley Fool.
If you have reason to believe that you may have been affected, please contact your card issuing bank and inform them. We are working with VISA, MasterCard, and American Express regarding this issue and they will be able to address your concerns adequately.
We sincerely apologize for any inconvenience this may have caused. Vapor Shark takes the safety of your personal and private information very seriously. Our website has been free of malicious code since we discovered and corrected the issue; it is secure, it is safe and it is being monitored on a 24 hour schedule. You can check the status of our site at anytime going forward by clicking on the Sucuri banner at the top of our home page or by clicking this link.
Thank You,
Vapor Shark
If they have no security issues, then why would they need to send out this letter.
"We are working with VISA, MasterCard, and American Express regarding this issue "
What issue?? they forgot to mention customers cards were stolen after July 14th, 2015
"We are working with VISA, MasterCard, and American Express regarding this issue "
What issue?? they forgot to mention customers cards were stolen after July 14th, 2015
Amazing to me that still none in stock anywhere in UK as far as I can tell....
I received that a little while ago as well. Not sure I believe what they're saying entirely. What they are referencing is a code breach on Magento e-comerce sites but in another paragraph they state their sites are hosted by Amazon. Which I assume to be Amazon Web Services, and they have had their share of security breaches and vulnerabilities in the past as well. Does AWS run Magento IDK? But I have read about some of AWS breaches caused both from being misconfigured by the management as well as just having vulnerabilities being exploited.
A major problem, they're stating is their code was compromised but they didn't state how and what was done to prevent it in the future, only that they're scanning now.
In order to do this the attacker had to be able to write to file on the web servers to inject the malicious code either from an external connection or from another system inside the DMZ or one that has access through too the DMZ systems. Or even directly on the infected systems. It could be from improperly configured Firewalls, Servers, Poorly written code or even physical access but it clearly shouldn't happen. It would have been nice to have seen them state how this occurred and what remediation steps they took to prevent it from happening again rather than just that they're now scanning and are using Sucuri & Incapsula to help them. While that's a step in the right direction if they didn't figure out how it happened to begin with there's potential for it to happen again.
A major problem, they're stating is their code was compromised but they didn't state how and what was done to prevent it in the future, only that they're scanning now.
In order to do this the attacker had to be able to write to file on the web servers to inject the malicious code either from an external connection or from another system inside the DMZ or one that has access through too the DMZ systems. Or even directly on the infected systems. It could be from improperly configured Firewalls, Servers, Poorly written code or even physical access but it clearly shouldn't happen. It would have been nice to have seen them state how this occurred and what remediation steps they took to prevent it from happening again rather than just that they're now scanning and are using Sucuri & Incapsula to help them. While that's a step in the right direction if they didn't figure out how it happened to begin with there's potential for it to happen again.
I think VS is monitoring this thread. Coincidental that they released that email 3 months after finding the vunerability and the topic coming up here? My issues happened before and after their stated dates (5/15 and 9/15) so they obviously didn't fix the problem.
My card got used fraudulently today. Kinda funny the same day I get the email from them, my card attempts to get used in two states I don't live in.
- Status
