If you aren't familiar with what's going on Check out here:
Related Links
- For Reference: Debit card used for supplies compromised twice.
- PART 1/3: Heads Up, Flavor West website giving me virus warnings.
- PART 2/3: PSA: If you buy directly from Flavorwest.com -- Still in Progress
- PART 3/3: PSA: CREDIT CARD HACK: If you have bought directly from Flavorwest.com or plan to, check here now. -- (PART 3/3)
Summary
Basically, Flavorwest's website was hacked under their nose. There was malware planted on the website which secretly sent credit card information to an outside source.
See this blog post for more information: LINK
I'm sure they didn't know, but they weren't keeping track of their shit. That's just negligence. They fixed it, but now they're lying about it ever being a problem.
Response From Flavorwest
From Sarah@flavorwest.com
> Just letting you know where we are at. I had to change companies that deal with my backend because it seems they are just too busy for Flavor West.
>
> The new company did a scan and we do not have the malicious code for the credit card hack in place and we moved our SSL checkout to a different url. The new company is actually going to uprate us to the latest version of Magento which will take care of all this but we do not have a completion date till Feb 1st.
>
> If you want to place an order before and do not feel safe online you can always email the order direct to me and I will take care of you on my end.
>
> Thank for bringing all this to our attention.
My Response to Sarah
> Hello Sarah, I'm seeing now that according to MageReport.com flavorwest.com is now showing up as not having a credit card hack. I'll say that's pretty good. The problem is that either you're not telling the truth to me, the new company who did the scan is not telling the truth to you, or someone else messed up somewhere in the middle. That's a problem.
>
> I've starting to get in contact with various members of the community collecting information on the damage done from the credit card malware installed on your software. This has been happening for months. It did happen. Money was stolen. Your customers were hurt because of the negligence and or incompetence from your company.
>
> I'm very pleased that we were able to plug the hole, but right now you need to get on the phone with ALL of your customers and let them know that you guys messed up and how they can protect themselves further.
>
> I will get back to you soon with more information.
Full Transcripts of Emails: http://pastebin.com/3RJp3Q8H
What We Need To Do
According to MageReport.com, when I originally brought it up to them it showed as "Credit Card Hijack detected? HACKED", now it is showing as "safe."
So They fixed the problem. That's good.
The problem is that they are lying about it or are just incompetent. This shouldn't stand in the diy community. We'll need a collaborative effort to find who all were affected by this leak of credit card information.
This is very much a real problem.
Current Timeframe
The type of credit card malware was first traced to the earliest being May 12th [Source]
Flavorwest was hacked at the latest November 3rd. [Source]
Flavorwest was most likely around October 11th [Source]
Can we get a list of users here who have purchased from flavorwest.com in last 5 months.
snip
- /u/h1p1n3 - Reference - Would you be willing to email them asking about it?
- /u/Manicaeks - Reference - Have you purchased from flavorwest.com in the last 5 months?
I have not. Last time my CC account was hacked and I had fraud, I thought it was from ordering from ECX. It happened twice and that was the only place I could think of that had a connection between the two times I had fraud. However, ECX doesn't think it was their system that caused the fraud so I have no idea what the cause was.
I've sent an email before with no response back but don't mind doing it again. Also this has happened in the past with flavorwest, about 2 years ago. Its here on reddit somewhere.
- /u/gotsanity - Reference - Have you purchased from flavorwest.com in the last 5 months?
- /u/kylez64 - Reference - Have you purchased from flavorwest.com in the last 5 months?
Do we have a specific time frame this happened? I ordered from fw back in late November early December and ordered from vapenw also noticed my card was charged twice afterwards for a total of $50 in two transactions. I thought it would have come from vapenw. The charges were for fandango and a Starbucks refill card. Bank reversed the charges, but still disturbing.
What's a list of all DIY forums/subreddits/facebook groups/websites that might have members who would possibly have purchased things directly from flavorwest.com?
Does anyone have a list, or could someone help spread it around. I don't mind creating a few accounts and creating a few threads directing them to this thread.
This isn't related to any purchases made from FlavorWest, but just as a PSA: check your accounts regularly, especially if you frequently make online purchases from ecig vendors.
Woke up this morning to 40 fraudulent international Vodafone charges on one of my credit cards. This particular card is only two months old and is my "online vape stuff only" card, so I know it came from one of my vaping purchases.
In short, if you've recently bought from MyVaporStore, Direct Vapor, VaporDNA, or Wizard Labs, keep an eye on your cards. I know it came from one of them.
I ordered from them in July of 2016. I'm at work, and I can't sort through and read every thing in this post, should I be concerned?
According to THIS PAGE
> The fraud can be traced back to May 12th, which implies the malpractice went unnoticed for months and is still active.
Flavorwest was hacked at the latest November 3rd. [Source]
Earliest May 12th. Most likely around October 11th [Source]
I would at minimum cancel out your current card and get a new one. We don't know when exactly it happened.
I just ordered from them like 2 weeks ago, I'm fine right?
According to Sarah the fix will be fully applied February 1st.
As of Jan 21st it was showing as fixed. So I would keep an eye on your bank statements at minimum and probably drop Flavorwest an email asking about any potential malware or credit card leaking.
If you're extra worried, I would get a new card sent out from the bank, it's usually pretty hassle free. But you'll be out of a card for a few days.
Hey there, sorry to necro the post.
I ordered some flavors from Flavor West to try them out late last year. Back in November, right before black Friday, my credit/debit card was compromised. I didn't think anything of it, since I do a lot of online shopping and what not. I ordered from Flavor West again a couple weeks ago in March. Well, lo and behold, my card was compromised AGAIN today. Each time, the amount that was charged was over $200 US. Only difference is this time, it had been charged twice adding up to over $400. Now, I don't make a whole lot of money. At least not enough to have over $400 missing from my account for at least 1-2 weeks until my bank can sort it out now. I had recently sent them an e-mail with my inquiry, since the only thing that seemed to stick out was that I ordered from them.
TL;DR Seems to still be happening. Doubt I'll ever order from them again. Both of these times are the only times this has ever happened in my life.