Become a Patron!

Credit Card Fraud - My Freedom Smokes?

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
We have zero evidence of any data being breached outside of the dates I provided previously. I would be more than happy to look into their specific situations further, but would need for them to contact me directly so that I know what account to look into. Please do not post any info here. Best way to reach me is via email: [email protected]
Well, a member just gave you specific information.


As to the others, he now makes the 6th person I know of first hand to have this issue. - im not even bringing up my own.
Bottom line is im not that popular, and to know that many people who have sporadically had the SAME issue over an 18 month timeframe sounds like a whole lot more than just a 'breach'.
Have you Googled 'my freedom smokes credit card fraud'?

Just sayin.
 
Last edited:

Douglas H. Aiken

Bronze Contributor
Member For 4 Years
Member For 3 Years
This. They hold onto the info for a while and seem to use it in waves so as to not draw too much attention.

Also, I would highly recommend you have your bank issue you a new card if they haven't done so already. They caught this transaction and reversed it, but that also means that your card info is still no longer secure.
Valid point. I think I'll do that.
I'm actually surprised the Credit Card company didn't do that automatically.
 

Douglas H. Aiken

Bronze Contributor
Member For 4 Years
Member For 3 Years
We have zero evidence of any data being breached outside of the dates I provided previously. I would be more than happy to look into their specific situations further, but would need for them to contact me directly so that I know what account to look into. Please do not post any info here. Best way to reach me is via email: [email protected]
I just sent you an email a few minutes ago.
Let's see what you find.
It could be totally unrelated.
I would bet if a Hacker successfully breached a major platform vulnerability, they wouldn't limit their raping, ravaging & pillaging to one vendor.
 

Douglas H. Aiken

Bronze Contributor
Member For 4 Years
Member For 3 Years
Well, a member just gave you specific information.


As to the others, he now makes the 6th person I know of first hand to have this issue. - im not even bringing up my own.
Bottom line is im not that popular, and to know that many people who have sporadically had the SAME issue over an 18 month timeframe sounds like a whole lot more than just a 'breach'.
Have you Googled 'my freedom smokes credit card fraud'?

Just sayin.
Don't be so humble. You know you're a Vape Star!
 

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
Not everybody wants to go through all the bullshit involved in setting up a bitcoin account and many non tech savy ex smokers would be screwed.
Some elderly ex smokers aren't good enough with the Internet to do what it takes to use bitcoin.

Bitcoin is dirt simple to setup. A little harder for the vendor though. Compared to setting up a PayPal account I thought it was really easy. I was a beta tester/early adopter of Bitcoin though, so I'm not completly unbiased.
 

Robert B

Gold Contributor
Member For 4 Years
Valid point. I think I'll do that.
I'm actually surprised the Credit Card company didn't do that automatically.

That is surprising your CC company didn't auto-cancel the card. We have Capitol One cards, and if they see suspicious activity, they stop the card, and call us within minutes to verify the charges. If the charges are ok, they start the card again. If not, they send new cards. In the case of the Home Depot and Target compromises, they sent a letter telling us new cards were on the way and to activate them as soon as we receive them.
 

wally

Gold Contributor
Member For 4 Years
ECF Refugee
I had a problem a few years ago where a reputable company employee tried to use my card # at a hotel just a block over from the company I ordered my ecig stuff but my bank caught it and stopped the action before they were able to remove any of my money. So I decided to get a prepay card to be on the safe side. Now when I make an order I put the money in the account right before I make the order. I have been doing this for years now without one problem.
 

ej1024

VU Donator
Diamond Contributor
Member For 4 Years
I had the same problem this year,
They bad people swiped my card at homedepot in the amount of $400 bucks then the next day they tried to purchase again at Macy's, this was 4th of July all in the city of Torrance California, so I went to talk to VAPOR DNA just to make sure they know what's up, and they pretty much assure me that's there system was SECURE!
Going back to freedom smokes, so yeah I think vapor joes had a sale link for 4th of July sale, I tap on the link tried to purchase and it won't go thru, it says that there's something wrong with my card, so after a couple of tries I stopped and contacted the seller and they said their website is OK maybe it was my bank. After a couple of days I was getting email from chase about a purchase in HD!
The sad thing about all this we the victim have to file a police report, the only thing the bank will do is gather all the info make sure it's a fraud so they can get the money back!!the banks are not responsible for looking for the hackers they don't do that, even the stores where fraud took place, they will be notified but they not gonna go after them!
I stop buying online unless they have paypal! For me
EBAY is the safest way! Be careful and VAPEON!


Sent from my iPhone using Tapatalk
 

Jimi

Diamond Contributor
Member For 5 Years
It sounds to me that is why there is so much of this. They need to have an online task force looking for these bastards. The MFS breach was the first time, and hopefully the last, that I was ever caught up in something like this so I don't know much about it. Who picks up the tab on this when they don't catch the thief?
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
Looking at the timespam of the occurrences are we certain it was really a breach? sounds like a convenient way to dismiss an 18month long problem to me. The dates given by the victims don't match the dates given by the vendor. and three of us only used the cards for vape gear.
Something just does not add up to me

Then again I guess it could be MULTIPLE BREACHES

I hate to swing around negativity or false accusations. If I were in the practice of electronic thievery and given the choice of hacking security of Walmart (target, home depot, cabelas) or an online vendor of a niche product coupled with the i would serve the same sentence weather I ripped off 5k or a few million dollars, I'm gonna make it worthwhile. just thinking ya know.
 
Last edited:

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
The vast majority of online transactions while maybe not secure, don't result in fraud. The cyberthieves almost always go after the low hanging fruit. While it is exceedingly difficult if not impossible to fully secure any system and still make it useable, the implementation of best practices DETER most crims. Hacking a very secure system occurs, but is rare. A good analogy would be comparing stats of basement apartment window smashing burglaries to "Pink Panther" style expert heists. The experts don't usually bother with ground floor apartments, their targets are worth the difficulty. There are 10,000 smash and grabs for every well planned Mission Impossible type offence.

For the cybercrims, in many ways its even easier, because they can knock on ten thousand doors a day to find the one that is unlocked. The risk of being reported for suspicious activity by neighbours is not even a factor, and they don't get hungry from walking around.

Most of the large data breaches we hear about are a result of complete indifference to security. The recent Ashley Madison "hack" was in all probability not a hack at all, but an insider with acess making it look like a hack because if an insider is involved, there will be a short list of suspects to investigate.

Insider data theft is greatly under reported. It is far easier to point the finger at Evil Hax0rz, because the company knows that the public will accept a "what can you do, it happens" attitude. It also limits the company's liability, and the outrage they will face from pissed off consumers. This coupled with the fact that many police agencys lack the training to properly investigate cybercrime, makes insider theft a relativly safe option.

Most cybercrims WONT wait a year to release or sell their stolen CC info. The spin that these hyper clever Hax0rz are cunning enough to do this is almost laughable. Credit cards have expirey dates. The longer you wait, the less of your stolen numbers will work. More of them may be cancelled because people switch banks and cards, other fraud etc.

Releasing in batches, is still going to result in being able to track the common point of origen, and the more stale a number, the less it is worth on the secondary market for the "end user" crims. Like any other thieves, cybercrims want to get the money as fast as possible. That is why they are fucking crims.

To be hit twice is shocking. Is a vape shop they type of target a "Master Evil Hax0r" would waste his time with? Its quite a ways further down the trough from Sony, or Target. Not proactivly disclosing a breach definatly makes a target more appealing, but what hacker would safely assume that their target had learned nothin from the first time?

If a company suffers a data breach, is open about it, and hardens their systems to the point they are not an attractive target anymore, it is unlikely there is any inside fuckery. But if they keep mum and hope nobody notices, and play the victim without owning their complacency, it bears a second look. If it is an ongoing occurence, and they still have not learned that proactivly disclosing that their customers may have had their information compromised, I would consider them highly suspect.

As consumers, we are partly responsible for this problem as well. We need to begin holding these companies accountable. If a company experiences no inpact in their bottom line for unethical behaviour, why WOULD they ever change?
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
To be hit twice is shocking. Is a vape shop they type of target a "Master Evil Hax0r" would waste his time with? Its quite a ways further down the trough from Sony, or Target. Not proactivly disclosing a breach definatly makes a target more appealing, but what hacker would safely assume that their target had learned nothin from the first time?

If a company suffers a data breach, is open about it, and hardens their systems to the point they are not an attractive target anymore, it is unlikely there is any inside fuckery. But if they keep mum and hope nobody notices, and play the victim without owning their complacency, it bears a second look. If it is an ongoing occurence, and they still have not learned that proactivly disclosing that their customers may have had their information compromised, I would consider them highly suspect.

As consumers, we are partly responsible for this problem as well. We need to begin holding these companies accountable. If a company experiences no inpact in their bottom line for unethical behaviour, why WOULD they ever change?

This is what I was getting at only this is NOT the first time from THIS vendor. However it is the first time they have spoken about it,
 

wally

Gold Contributor
Member For 4 Years
ECF Refugee
Conclusion to the story will end up getting a prepay card and be done with it lol.
 

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
This is what I was getting at only this is NOT the first time from THIS vendor. However it is the first time they have spoken about it,

I'm picking up what you are putting down. lol

They may have spoken about it, but not BEFORE the issue was raised in this thread. Also either our members are lying that they were not notified, Or sombody else is.

Dustin T wrote:

"I know for certain that we contacted everyone that was affected. (emphasis added) Many man hours and many lawyers were involved to ensure that it was done properly. I can't research or verify anyone's claims without knowing their MFS account info, and no one has provided that info to me yet."

Not too much wiggle room there. He is saying that any of our members who say they were not notified, are liars. Unless there is another option my logic has failed to recognize, in which case I would be happy if someone could point it out to me.

And one would suppose that our "lying members" are not acting spontaneously. What would the odds be? Possible, but not probable. So is there now a conspiracy?

My own personal expectation since Dustin has decided not to respond to this, is that we will see some sock puppets raise their heads and leap to their defence.
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I'm picking up what you are putting down. lol

They may have spoken about it, but not BEFORE the issue was raised in this thread. Also either our members are lying that they were not notified, Or sombody else is.

Dustin T wrote:

"I know for certain that we contacted everyone that was affected. (emphasis added) Many man hours and many lawyers were involved to ensure that it was done properly. I can't research or verify anyone's claims without knowing their MFS account info, and no one has provided that info to me yet."

Not too much wiggle room there. He is saying that any of our members who say they were not notified, are liars. Unless there is another option my logic has failed to recognize, in which case I would be happy if someone could point it out to me.

And one would suppose that our "lying members" are not acting spontaneously. What would the odds be? Possible, but not probable. So is there now a conspiracy?

My own personal expectation since Dustin has decided not to respond to this, is that we will see some sock puppets raise their heads and leap to their defence.
Again though, I take that as alluding to only the one 'mentioned breach'?
When this happened last year (same vendor, same mysterious charges showing up on people credit cards) no one was notified.
As dhaiken said up there he was not notified this time either.
The other member here who got hit was also not notified.

Just putting the trend out there.....
 

Robert B

Gold Contributor
Member For 4 Years
I hate to swing around negativity or false accusations. If I were in the practice of electronic thievery and given the choice of hacking security of Walmart (target, home depot, cabelas) or an online vendor of a niche product coupled with the i would serve the same sentence weather I ripped off 5k or a few million dollars, I'm gonna make it worthwhile. just thinking ya know.

In the case of Home Depot and Target, malware was installed on each cash register (computer) terminal, the card data was captured in real time including the cvv codes. They figured it was a Ukrainian group of hackers that did it. The hackers then sell off the card data on underground websites for as much as $50 per card number depending on how old it is. This card data can be as little as minutes old before it's sold off and used by someone to make a charge to your account. As soon as the breach is discovered, the gig is pretty much over. I read that they estimated the hackers made close to 20 million dollars selling card data in the time it took HD & Target to discover the breech.

In short, these aren't young dickbeater kids doing these hacks, they are highly paid crime ring professionals that will install malware on as many sites as they can no matter the size of the business.
 
Last edited:

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
n the case of Home Depot and Target, malware was installed on each cash register (computer) terminal, the card data was captured in real time including the cvv codes. They figured it was a Ukrainian group of hackers that did it. The hackers then sell off the card data on underground websites for as much as $50 per card number depending on how old it is. This card data can be as little as minutes old before it's sold off and used by someone to make a charge to your account. As soon as the breach is discovered, the gig is pretty much over. I read that they estimated the hackers made close to 20 million dollars selling card data in the time it took HD & Target to discover the breech.
In short, these aren't young dickbeater kids doing these hacks, they are highly paid crime ring professionals

I agree. "Jewel Thief" cybercrims. And they wern't targeting a vape shop in N.Carolina. You also mentioned a valid point I forgot to mention. Cybercrims also rarely "leak the numbers out in batches" precisely because if one is detected, the others they have are usless, because a reputable company would disclose the breach, and plug the hole.

I'm choosing my words carefully in this thread, considering as DustinT wrote " Many man hours and many lawyers were involved to ensure that it was done properly." emphasis added. I don't think Vapor Joe needs the headache of frivolous litigation, its bad enough he may lose a sponsor, but some sponsors may not be worth having. I have every confidence in Vapor Joes integrity, and I'm sure that if such vexatious litigation should occur, that he would have no difficulty securing competent representation Pro Bono. I understand that some of the good people at the EFF vape.

Too bad some companies can find money for lawyers, and not for sufficient security.
 
Last edited:

Sully

Silver Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Member For 5 Years
We have zero evidence of any data being breached outside of the dates I provided previously. I would be more than happy to look into their specific situations further, but would need for them to contact me directly so that I know what account to look into. Please do not post any info here. Best way to reach me is via email: [email protected]
What do you say to all of people that ordered from you last year (like me) that are all getting these same charges now? I didn't order between those stupid dates you keep giving, neither did 90% of the people getting hit with fraud after ordering from MFS..."we were only breached during these two dates"...I'm sure the hackers selectively ignored all of the free credit card data from orders prior to those dates, you also wrongfully stored my CC data. I absolutely did not give permission to store it. In my case, there should have been no data to steal in the first place!!!!
 

Mattp169

Platinum Contributor
Vape Media
Member For 5 Years
FFS people!!!!!!!

did MFS have a breach??? possibly - could it have been their CC processor??? maybe. Could it have been the hosting company??? maybe - something happened thats for sure. Unitl this MFS was a well respected vendor selling great products at great prices. Did they handle it perfectly - maybe not. Are they learning form this - hopefully. Could any of you done better - maybe/maybe not.

Could this happen on an other reputable site - OH YES!!!! Noone is immune from this crap.

If you have an issue with how they handled it fine! If your afraid to do business with them because of this incident - then dont buy anything except with cash. If you want to buy from MFS and are afraid to give them your cc number, use a prepaid. SIMPLE. But please stop beratting them for something that could happen to any retailer
 

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
So that they can continue regretting their actions? So they can come in here and call your fellow mwmbers liars? Have you read, not scannedbut actually carefully read what they have posted here?

If they had been up front. If they had contacted everybody, put on their website, or as best practices dictate, create a website to deal with a breach, if they had offered free credit monitoring to those affected as is their responsability, and been completly honest in this thread, sure.

But they have not. Was your data compromised? I'll bet if it had you would feel differently. I find it interesting that you are so quick to defend a company that acted and is still acting in this way, as opposed to your fellow vapers.

Dustin is a big boy, has an adequate command of the English language, he has been reviewing this thread today, he does not need you to speak for him. The owner of this stellar establishment apparently has enough faith in him that he was sent here.

Let him answer for calling the posters here liars. Or is there a "special relationship" you would like to tell us about?
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
FFS people!!!!!!!

did MFS have a breach??? possibly - could it have been their CC processor??? maybe. Could it have been the hosting company??? maybe - something happened thats for sure. Unitl this MFS was a well respected vendor selling great products at great prices. Did they handle it perfectly - maybe not. Are they learning form this - hopefully. Could any of you done better - maybe/maybe not.

Could this happen on an other reputable site - OH YES!!!! Noone is immune from this crap.

If you have an issue with how they handled it fine! If your afraid to do business with them because of this incident - then dont buy anything except with cash. If you want to buy from MFS and are afraid to give them your cc number, use a prepaid. SIMPLE. But please stop beratting them for something that could happen to any retailer

Dude, you forgot the other question..... could it be someone within MFS? ABSOLUTELY IT COULD be.
We don't know. I know that I personally now know 7 people whom BOUGHT outside of the dates they indicated, and got hit.o
I make 8. I purchased an 80$ item In September of last year and had a series of odd charges on a credit card only used for vaping magically appear.
There are several members here who have had similar experiences, also outside of the dates their rep gave us,
I will bad mouth and say what I want when someone steals from me or my fellow vapors, we have enough people trying to fight us for vaping, the last thing we need is this, or canned responses.

one thing about this forum, we look out for each other, so when something like this happens we will warn each other.

Also go ahead and Google ---'my freedom smokes credit card fraud'. Check reddit and ecf, we aren't special several people are rightfully PISSED!
 
Last edited:

Sully

Silver Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Member For 5 Years
FFS people!!!!!!!

did MFS have a breach??? possibly - could it have been their CC processor??? maybe. Could it have been the hosting company??? maybe - something happened thats for sure. Unitl this MFS was a well respected vendor selling great products at great prices. Did they handle it perfectly - maybe not. Are they learning form this - hopefully. Could any of you done better - maybe/maybe not.

Could this happen on an other reputable site - OH YES!!!! Noone is immune from this crap.

If you have an issue with how they handled it fine! If your afraid to do business with them because of this incident - then dont buy anything except with cash. If you want to buy from MFS and are afraid to give them your cc number, use a prepaid. SIMPLE. But please stop beratting them for something that could happen to any retailer
They had a breach they knew about and never informed me. They stored my credit card info against my will, so the hackers were able to steal it. I have a right to demand answers!
 

Mattp169

Platinum Contributor
Vape Media
Member For 5 Years
@f1r3b1rd YES WARN. WARN AWAY Ive been doing it, youve seen me.

Maybe im over reacting here. Im not sure. It just feels like in this community if someone makes 1 tiny little mistake they are crucified forever about it wheather it is deserved or not. Maybe MFS deserves the crap they are getting. I dont know anymore. like i said crucify them for how they are handling it. I just dont think its fair to crucify them for it happening to them. And if its an inside job, crucify that person not the company. If that person turns out to be an owner, then lets crucify the whole damn place. But lets get our facts straight and be sure before we destroy what has until this incident been to my knowledge a reputable vendor
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
@f1r3b1rd YES WARN. WARN AWAY Ive been doing it, youve seen me.

Maybe im over reacting here. Im not sure. It just feels like in this community if someone makes 1 tiny little mistake they are crucified forever about it wheather it is deserved or not. Maybe MFS deserves the crap they are getting. I dont know anymore. like i said crucify them for how they are handling it. I just dont think its fair to crucify them for it happening to them. And if its an inside job, crucify that person not the company. If that person turns out to be an owner, then lets crucify the whole damn place. But lets get our facts straight and be sure before we destroy what has until this incident been to my knowledge a reputable vendor
Part of what we are doing is trying to get the answers, the problem is they are hiding behind canned responses, I was the one who sent them an email telling them about those thread affording them the chance to speak out about it, instead we got dates of an occurrence that we unsure bout and obviously don't line up with what we know to have happened,
I have yet to see any response from anyone that is out of order, or on par with crucifying them.

Yes you have warned other member in threads to be prudent with their financial information in regards to MFS, which is greatly appreciated.

Unfortunately those who have already been victimized do have every reason to raise hell until they get an answer.
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
I don't see everyone giving shit to Joe for posting nicotine from MFS.....but instead we come here and bash one of their guys who came out and actually had the gaul to be upfront with the knowledge he had. Ashley from Wake n vape got bashed also....mind you different scenario but still...her company is now doing quite well and no longer posts here due to that. I'm pretty fucking tired of people jumping the gun and pointing blame on people. No one company is perfectly secure. Technology changes and hackers get smarter. Yes maybe the company should have emailed alerts to its email list of consumers. But no one is perfect. Like them I will probably get bashed as well and probably shunned from the community. It just seems like we all live in a modern day witch trial and once someone speaks up the guns come out.....I doubt this is a huge conspiracy against the masses. Just a bunch of nerds in a basement who have expensive toys and can exploit sites.

All in all we just need to grow as a community and stop bashing each other. I now understand why people are jumping ship......

So on that note I wait for the next berating so I can excuse myself from this forum....proceed!

Sent from my SM-G900T using Tapatalk
 

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
I wait for the next berating so I can excuse myself from this forum....proceed!

Not going to berate you. You didn't accuse the forum of being liars.

Just curious though, how many times must it occur, and how much lying would it take before you thought that anything other than warm acceptance was warranted?

As far as facing the music, they only posted here because another member specifically asked them to respond. As far as gaul,, its that guys JOB to respond. And when the questions got tough, and after he accused members of lying, he left, and has failed to respond. Some would call that cowardly. I don't know about that, but I sure would not put him up for a medal.
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I'm a little surprised with people being upset about their brethren getting angry for having their credit card erroneously charged through a vendor. or could have easily been any of us,
 

Mattp169

Platinum Contributor
Vape Media
Member For 5 Years
ok guys
let me try and make my position clearer.

maybe i misread some of this thread.

i felt the tone of it was bashing MFS for being hacked and slightly about their way of handling it.

I may have misunderstood that

but based on that I felt the bashing was getting over the top. I also felt the reputation of MFS was being destroyed here because they were hacked and mainly because of the hack.

But if this is mainly bashing due to their handling of the situation thats a different story for me. They are directly responsible for their handling of it.

So bash them for that all ya want imho. I am a little more forgiving of that because there is no manual out there for how to handle it, i was not involved in the fraud and I am not sure how I would feel about it. But if you feel MFS screwed up in how they handled a security breach once they were aware of it, please ignore my earlier comments. If you want direct answers to direct questions you might have better luck calling or emailing them.

If you feel that they deserved bash simply because they got hacked. then my comments are for you.

Maybe I read too much into things or am not staying up to date with all the information fast enough. It just seems the second an accusation is made in this community - before the whole story is known - the crucification process begins. Maybe its my imagination
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
It's not your imagination at all ^

Sent from my SM-G900T using Tapatalk
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
ok guys
let me try and make my position clearer.

maybe i misread some of this thread.

i felt the tone of it was bashing MFS for being hacked and slightly about their way of handling it.

I may have misunderstood that

but based on that I felt the bashing was getting over the top. I also felt the reputation of MFS was being destroyed here because they were hacked and mainly because of the hack.

But if this is mainly bashing due to their handling of the situation thats a different story for me. They are directly responsible for their handling of it.

So bash them for that all ya want imho. I am a little more forgiving of that because there is no manual out there for how to handle it, i was not involved in the fraud and I am not sure how I would feel about it. But if you feel MFS screwed up in how they handled a security breach once they were aware of it, please ignore my earlier comments. If you want direct answers to direct questions you might have better luck calling or emailing them.

If you feel that they deserved bash simply because they got hacked. then my comments are for you.

Maybe I read too much into things or am not staying up to date with all the information fast enough. It just seems the second an accusation is made in this community - before the whole story is known - the crucification process begins. Maybe its my imagination

My primary issue...
From 1996-2010 I was a private investigator for one of the largest international law firms handling contract law and fraud.(so you know how and why I look at things the way I do)
Looking at the approximate transaction dates of dealings with MFS and the date of the unsubstantiated breach nothing lines up.

If the breach was Feb-march of 2015 them how did I get a charge in September of 2014? And how did 3 others that I am personally aware of have the same issue earlier than myself? The others still had the erroneous charges before the unsubstantiated breach.
You see where I'm coming from? To dismiss an action as a result of something that happened 6 months after is ridiculous.
In other words the theft happened before the breach.... so that tells me that the breach is a way to take the attention away from the theft. Or maybe the story about the breach is made up?

Bottom line is no matter what the truth will eventually come out, it always does. But no one was bashing anyone, just trying to sort out the details and collect the information.

Thank you Matt
 
Last edited:

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
Well put Matt. I said all I think I needed to, nothing from them clarifying their postion, or explaing some of their statements. I think we as vapers don't go around looking for villians, we all just want to get along. I see the response by this company as an insult to the whole community, and taking advantage of our good nature.

If this was the first time, who would point a finger? Everybody fucks up, I fuck up, it happens. But to deny it, and then claim that the posters who brought this to the forums attention are not being truthfull, cannot be interpeted as a responsible or positive act.

I'm sorry if I sounded snarky to you, its just the more I look into this, the worse it seems to get.
 

Jimi

Diamond Contributor
Member For 5 Years
I wish vendors would offer the option of making up your order, printing it off,and mailing it to them using a money order for payment. Yes I know it would be a pain in the ass but it was a bigger pain in the ass being a cc victim! I would feel far more secure doing this! Just my opinion.
 

Robert B

Gold Contributor
Member For 4 Years
I wish vendors would offer the option of making up your order, printing it off,and mailing it to them using a money order for payment. Yes I know it would be a pain in the ass but it was a bigger pain in the ass being a cc victim! I would feel far more secure doing this! Just my opinion.

You can do basically the same thing by getting a google wallet cash card that stays separate from your bank acct. Only add money to it when you are ready to use it. That way, it doesn't matter if it gets compromised. The hackers can't use it for anything if there is no money in it, since it's not a credit card, and it's not a debit card connected directly to your bank acct.

Several people in this thread have mentioned it, and it's a damn good idea
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Google wallet is the best honestly

Sent from my SM-G900T using Tapatalk
 

DustinT

Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Member For 5 Years
Part of what we are doing is trying to get the answers, the problem is they are hiding behind canned responses, I was the one who sent them an email telling them about those thread affording them the chance to speak out about it, instead we got dates of an occurrence that we unsure bout and obviously don't line up with what we know to have happened,
I have yet to see any response from anyone that is out of order, or on par with crucifying them.

Yes you have warned other member in threads to be prudent with their financial information in regards to MFS, which is greatly appreciated.

Unfortunately those who have already been victimized do have every reason to raise hell until they get an answer.

I can certainly understand the frustration and I can deal with that. As I often use my own cc on our site for test transactions I was also affected by the breach and saw unauthorized transactions on my bank account, so I know how much of a pain it can be to deal with. However, I need more info from those claiming they were breached outside of the window to look into it for them any further. If all I know about you is your name on this forum and you state the you placed an order with us last year and your cc info has been compromised, then I don't know what account to analyze. Only 1 person from the forum contacted me last night and 1 has done so tonight. I will gladly look into anyone's situation on our end, but for me to look into it for you I need to know where to start. Please contact me at [email protected]

I'm trying to provide any information that I can. We're willing to admit to the breach and I'm being as honest and forthcoming as possible about it, but automatically concluding that we are to blame for everyone that had their info stolen is hardly logical. The breach that occurred on our site was due to a vulnerability in the core Magento code that allowed the attackers to insert malicious code into our site that intercepted sensitive cc info as it was passed to the payment processor. Since the vulnerability was in the core Magento code, all Magento stores were vulnerable to the same attack and many were attacked. With Magento being one of the leaders in eCommerce platforms (serving about 30% of all eCommerce stores) that translates to hundreds of thousands of sites that were vulnerable and many, many thousands that were attacked. The reason anyone knows about our breach is the fact that we were forthcoming with the fact that we were breached, not hiding it like many others have done.

I understand the circumstances surrounding the transactions are that these people ordered from us at some point and that the fraudulent charges they are seeing are similar. It is certainly evidence that they were likely a victim of a similar ordeal, but without further research it is hardly conclusive that it was stolen from our site. If multiple breaches had occurred at MFS it would be likely that we would be getting a spike in customer contacts regarding this issue, which we have not experienced. As many have said here, when attacks occur the usage of the stolen cc info usually occurs in high volume in a small window to get as much out of it as they can before someone notices and shuts said window. When our real breach did occur we identified the problem because we saw a 4x spike in fraud related inquiries. Maybe the people here were the first ones to put together the connection and therefore simply the first of many that will notify us of similar occurrences over the coming days, but I would think that we would at least have started receiving a few phone calls by now. Regardless I do feel it is worth looking into further, which I will do, and we will continue to monitor our site. Once again, anyone that was affected outside of the dates provide, please contact me at [email protected]
 

OneBadWolf

VU Donator
Gold Contributor
Member For 4 Years
ECF Refugee
That is a little better. What are you willing to do for those that you are satisfied are credible? Free credit monitoring is pretty much the least they should be provided with.
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I can certainly understand the frustration and I can deal with that. As I often use my own cc on our site for test transactions I was also affected by the breach and saw unauthorized transactions on my bank account, so I know how much of a pain it can be to deal with. However, I need more info from those claiming they were breached outside of the window to look into it for them any further. If all I know about you is your name on this forum and you state the you placed an order with us last year and your cc info has been compromised, then I don't know what account to analyze. Only 1 person from the forum contacted me last night and 1 has done so tonight. I will gladly look into anyone's situation on our end, but for me to look into it for you I need to know where to start. Please contact me at [email protected]

I'm trying to provide any information that I can. We're willing to admit to the breach and I'm being as honest and forthcoming as possible about it, but automatically concluding that we are to blame for everyone that had their info stolen is hardly logical. The breach that occurred on our site was due to a vulnerability in the core Magento code that allowed the attackers to insert malicious code into our site that intercepted sensitive cc info as it was passed to the payment processor. Since the vulnerability was in the core Magento code, all Magento stores were vulnerable to the same attack and many were attacked. With Magento being one of the leaders in eCommerce platforms (serving about 30% of all eCommerce stores) that translates to hundreds of thousands of sites that were vulnerable and many, many thousands that were attacked. The reason anyone knows about our breach is the fact that we were forthcoming with the fact that we were breached, not hiding it like many others have done.

I understand the circumstances surrounding the transactions are that these people ordered from us at some point and that the fraudulent charges they are seeing are similar. It is certainly evidence that they were likely a victim of a similar ordeal, but without further research it is hardly conclusive that it was stolen from our site. If multiple breaches had occurred at MFS it would be likely that we would be getting a spike in customer contacts regarding this issue, which we have not experienced. As many have said here, when attacks occur the usage of the stolen cc info usually occurs in high volume in a small window to get as much out of it as they can before someone notices and shuts said window. When our real breach did occur we identified the problem because we saw a 4x spike in fraud related inquiries. Maybe the people here were the first ones to put together the connection and therefore simply the first of many that will notify us of similar occurrences over the coming days, but I would think that we would at least have started receiving a few phone calls by now. Regardless I do feel it is worth looking into further, which I will do, and we will continue to monitor our site. Once again, anyone that was affected outside of the dates provide, please contact me at [email protected]
My girl is yelling at me to go to dinner so I did not read your response in its entirety but to say we were the first to put it together is incorrect, I had this exact same conversation with someone in the Provape subforum on ecf over a year ago in regards to mfs,
I asked before but I will again, how many breaches have there been and how often does it occur?
I understand that you are offering to recent occurrences, I do not have the exact dates but I am referring to an overall picture that began 12-18 months ago. And there were several of us at that time, not 1 or 2.
 
Last edited:

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
I'm not bashing or chiming in, but are the ones prior to these recent dates harder to pinpoint? Are they isolated instances?

Sent from my SM-G900T using Tapatalk
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I'm not bashing or chiming in, but are the ones prior to these recent dates harder to pinpoint? Are they isolated instances?

Sent from my SM-G900T using Tapatalk
Their were more! But, the two other people I know for certain of all happened within a weak of each other. Additionally there was a lot of mumbling about it happening to others over on the ecf. It was around the time that VU was getting started.
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
I'm just trying to compile both sides of this to understand what is really going on here. I wish I could see more evidence. Because I'm just seeing it here and it's a bit biased you know?

Sent from my SM-G900T using Tapatalk
 

f1r3b1rd

https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I'm just trying to compile both sides of this to understand what is really going on here. I wish I could see more evidence. Because I'm just seeing it here and it's a bit biased you know?

Sent from my SM-G900T using Tapatalk
Understood. I Googled to see what's up, and there's a ton.
Pm me or ill pm you when I get home later.
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Sounds good man would love to see what you or others have pulled up. Then I can put my head at ease with this mess lol. Not saying I'm an authority on the matter but since I have made a purchase with them in the past it would make me feel better whether or not to do so in the future. I for one have not been a victim of this.

Sent from my SM-G900T using Tapatalk
 

Douglas H. Aiken

Bronze Contributor
Member For 4 Years
Member For 3 Years
My girl is yelling at me to go to dinner so I did not read your response in its entirety but to say we were the first to put it together is incorrect, I had this exact same conversation with someone in the Provape subforum on ecf over a year ago in regards to mfs,
I asked before but I will again, how many breaches have there been and how often does it occur?
Pics or it didn't happen!
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Yeah I want to see this for my own eyes as well

Sent from my SM-G900T using Tapatalk
 

Douglas H. Aiken

Bronze Contributor
Member For 4 Years
Member For 3 Years
I can certainly understand the frustration and I can deal with that. As I often use my own cc on our site for test transactions I was also affected by the breach and saw unauthorized transactions on my bank account, so I know how much of a pain it can be to deal with. However, I need more info from those claiming they were breached outside of the window to look into it for them any further. If all I know about you is your name on this forum and you state the you placed an order with us last year and your cc info has been compromised, then I don't know what account to analyze. Only 1 person from the forum contacted me last night and 1 has done so tonight. I will gladly look into anyone's situation on our end, but for me to look into it for you I need to know where to start. Please contact me at [email protected]

I'm trying to provide any information that I can. We're willing to admit to the breach and I'm being as honest and forthcoming as possible about it, but automatically concluding that we are to blame for everyone that had their info stolen is hardly logical. The breach that occurred on our site was due to a vulnerability in the core Magento code that allowed the attackers to insert malicious code into our site that intercepted sensitive cc info as it was passed to the payment processor. Since the vulnerability was in the core Magento code, all Magento stores were vulnerable to the same attack and many were attacked. With Magento being one of the leaders in eCommerce platforms (serving about 30% of all eCommerce stores) that translates to hundreds of thousands of sites that were vulnerable and many, many thousands that were attacked. The reason anyone knows about our breach is the fact that we were forthcoming with the fact that we were breached, not hiding it like many others have done.

I understand the circumstances surrounding the transactions are that these people ordered from us at some point and that the fraudulent charges they are seeing are similar. It is certainly evidence that they were likely a victim of a similar ordeal, but without further research it is hardly conclusive that it was stolen from our site. If multiple breaches had occurred at MFS it would be likely that we would be getting a spike in customer contacts regarding this issue, which we have not experienced. As many have said here, when attacks occur the usage of the stolen cc info usually occurs in high volume in a small window to get as much out of it as they can before someone notices and shuts said window. When our real breach did occur we identified the problem because we saw a 4x spike in fraud related inquiries. Maybe the people here were the first ones to put together the connection and therefore simply the first of many that will notify us of similar occurrences over the coming days, but I would think that we would at least have started receiving a few phone calls by now. Regardless I do feel it is worth looking into further, which I will do, and we will continue to monitor our site. Once again, anyone that was affected outside of the dates provide, please contact me at [email protected]
I have no dog in this fight, so I try and remain neutral as always and learn as much as I can as a vendor and as a consumer.
I emailed Dustin last night and he responded today. We will work on it offline, and I am sure we will both be happy to disclose the results if any are discovered.
My transactions were not in the time frames he referenced. I was recently wondering how they were hacked in a specific time frame and that previous and post transactions were not captured as well. His explanation of interception during the transaction makes perfect sense to me.
So did his explanation of storing only the last 4 digits of a CC to validate it to a CC Processor database.
Bear in mind, I am merely an Apprentice and not a true Wizard, and never will be. So please accept my opinions as such.
As I mentioned in a previous post, if Hackers breach a major platform, the number of victims, both vendors and consumers, could be huge.
I was only suspicious because of the numerous references to both MFS & Team Beachbody, which is where my charge came from.
I do many online transactions and many of them are Vape related and done with several different cards. I do not have adequate information available to specifically blame MFS at this time. I may be cautious, but I will not cast aspersions.
It is an unfortunate situation for the consumer, the vendor, and other concerned parties.
So let us continue the collaboration in a civil and logical manner to the benefit of all.
They have been a good vendor in my experience and I will reserve judgement until I do have sufficient information to make a logical decision.
 

Sully

Silver Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Member For 5 Years
I like your attitude, and I also emailed today. The fact that there is a Beach Body Fraud page, and nearly everyone ordered from MFS around the same time as me is really too much for me to ignore. I've kinda made my mind up, but am still open to an explanation that makes sense. Just too many people to be a coincidence IMO. Look forward to hearing a response.
 

CTFX

Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Well let's hope the beach body hackers die of melanoma :)

Sent from my SM-G900T using Tapatalk
 

Mattp169

Platinum Contributor
Vape Media
Member For 5 Years
see Dustins response imho is a good one, might be better.

But to expect MFS to pay for creidt monitoring for people who were effecte is asking a bit much.

You do not have you SS or DL stored there. AT most your address phone number and CC were stolen
SO to fix it cacnel the card.

If anyone should be held responsible for the actual breach and all that occurred to MFS customers afterwards, it is MAGENTO for using crappy code.
 

VU Sponsors

Top