No its not. First it should be covered by their insurance and second, they may have a legal obligation to do so. If there was one breach and one breach only, I might give them a pass.
Become a Patron!
Credit Card Fraud - My Freedom Smokes?
- Thread starter Sully
- Start date
No its not. First it should be covered by their insurance and second, they may have a legal obligation to do so. If there was one breach and one breach only, I might give them a pass.
CTFX
Platinum Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Guidos who hack has my head reeling even more than anything else at this point. I was under the impression those are the idiots who give Italians a bad name smh....new generation I guess
Sent from my SM-G900T using Tapatalk
Sent from my SM-G900T using Tapatalk
Sully
Silver Contributor
Member For 4 Years
Member For 3 Years
Member For 2 Years
Member For 1 Year
Member For 5 Years
I love fishing! And of course I canceled the card...I think that was my second post in this thread. The paper work, affidavits, and 3 month investigation to get my $ back sucks...don't make replacing a card sound so simple tho. I've had to go to the bank 3 times this week and go through "identification process" just to get MY $$ to live...it sucks until I get a replacement. I almost got fucked today, shipping my work laptop next day for upgrades, cost almost $200...I never carry that much, and I had just enough to send it. Bank again tomorrow...I have no debt, and I have no credit cards, this was my bank card.
f1r3b1rd
https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I went through it last year when they got me..i know exactly how you feel. the sad thing is. They have the potential to be a good vendor. after they got me, I went and got a 300$ cc and that's my vape budget, I pay it off every month and won't let them raise the limit. I hate the idea of prepaid and adding money and all that crap, if this gets dinged I'll cancel it and start over, but ifs a low maintenance way to protect my bank acct
I think Dustin was talking about this https://blog.sucuri.net/2015/06/magento-platform-targeted-by-credit-card-scrapers.html
and this https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html#comment-6738
and this https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html#comment-6738
f1r3b1rd
https://cookingwithlegs.com/
Staff member
Senior Moderator
VU Donator
Diamond Contributor
VU Challenge Team
Member For 5 Years
VU Patreon
I hate to be the douche mcdouchebag of the group but check your pm, dude
No douchebaggery was detected, or implied... lol
Ahh I am sorry to hear this guys!
I am always weary when I place an order to a vape vendor I haven't tried before. I don't think I've used MFS before... Maybe once now that I think of it.
I hate putting in my CC info, would rather use PayPal, but most don't have that option.
Also @Robert B I am sorry. It made me laugh a little.. Not that you were affected by the Target breach, but that I may or may not work for them... The only change they've made that I am aware of is implementing the Chip Cards with their target credit and debit cards. The debit cards were the target of the breach as they were directly linked to your checking accounts. Sad, really, and it's not that Target is the only company that offers cards like this, but Target was the one that got hit and hit hard. Anyone is vulnerable, and anyone could fall to this. I hope that the chip card system they are implmenting across the board will fix a lot of the info theft on a physical level, but online shopping still very vulnerable.
I am always weary when I place an order to a vape vendor I haven't tried before. I don't think I've used MFS before... Maybe once now that I think of it.
I hate putting in my CC info, would rather use PayPal, but most don't have that option.
Also @Robert B I am sorry. It made me laugh a little.. Not that you were affected by the Target breach, but that I may or may not work for them... The only change they've made that I am aware of is implementing the Chip Cards with their target credit and debit cards. The debit cards were the target of the breach as they were directly linked to your checking accounts. Sad, really, and it's not that Target is the only company that offers cards like this, but Target was the one that got hit and hit hard. Anyone is vulnerable, and anyone could fall to this. I hope that the chip card system they are implmenting across the board will fix a lot of the info theft on a physical level, but online shopping still very vulnerable.
Evidently Target sent out notices to the card companies. Capitol One sent us a letter saying our credit card was compromised and sent us new cards within a couple days before anything could happen. Same thing happened with Home Depot. Our new Venture chip cards should be here soon. But I think you're right, the chip cards won't help with online fraud.
Always good. I believe next month everyone has to have ttheir chip card readers functioning, most have the hardware but not the software set up.
There are annoyances with it right now. It's software driven. And although said to be safer right now they don't run cards as debit, only credit meaning no cash back. We'll see.
Sent from my LG-D850 using Tapatalk
Are those the dual card readers I saw at our local Target the other day? One side is the magnetic swiper and a slot for the chip reader both on the same unit?
Not only did using your site get one of my cards compromised, THE REPLACEMENT CARD got hit by the Beach Body thing,.
No, it was not during the dates you're swearing by. I never got an email and only knew about the breach from other sources. After I saw that banner on your site that you had upgraded your security, I thought it was safe to trade with you again and use the new number. I was wrong.
I have spent hundreds of dollars at MFS over the last year or better, but you will not get another single penny from me. Please don't ask me to get involved in a lengthy email conversation about my experience. I didn't sign on to be a security consultant for you and have no interest in spending time gathering documents for you. Besides, you have done absolutely zero for the customers you hurt.
If you really want further information, you should contact Capital One and see how many of their customers had charges at Beach Body after shopping with you. Or perhaps follow one of the links posted earlier in the thread containing numerous parties that your website harmed.
Thank God my Citi card can generate virtual account numbers. It's the only one I use now for my monthly ecig shopping. But once again, it will NOT be used at MFS!
Old thread, but unfortunately it looks like it is highly likely that there is some kind of security issue with using credit cards on myfreedomsmokes.com. After using my CC there, my info was breached and someone charged $985.61 at jcpenney.com. MFS is the only place I've used the card other than to do a transfer from one CC to this one that was breached. I did notice on a couple of occasions that MFS saved my CC info when I did not choose that option. When I came back to make other purchases later on, I noticed it and deleted the CC on MFS. I wasn't happy about it and I probably should have just took that as a warning that maybe I should use caution with CC purchases on MFS, but I didn't. Sifting through this thread I believe I saw at least one other person where as their CC info was saved that didn't want it to be. Now I can't say for 100% absolute certainty that MFS is the culprit and that's how my info was compromised, but I can with probably 99% given the circumstances. The CC issuer will do their own internal investigation. Whether or not I'll be notified of any findings, I have no clue. This has never happened to me before. In any case, to play it safe, I won't be using a CC on MFS any longer.
This isn't how CC fraud works. For all you know your CC information was compromised months or years ago and was only used now. All CC transactions go through processing centers - including your balance transfer - and that information is stolen em masse millions of accounts at a time - at the transaction processing centers. Not one at a time via transactions made at one bitty retail location.
And no you won't be notified of any findings. It's actually in the issuing banks agreement with MC VISA et al that they cannot disclose any specific fraud information to you.
So don't make assumptions you can't back up - because you have no way of proving anything. Correlation does not equal causation here.
And no you won't be notified of any findings. It's actually in the issuing banks agreement with MC VISA et al that they cannot disclose any specific fraud information to you.
So don't make assumptions you can't back up - because you have no way of proving anything. Correlation does not equal causation here.
Almost $1000 at JC Penny's? I didn't know there was $1000 worth of merchandise in a JC Penny's.
So had I and without issues, until now. Considering the circumstances as explained in my post and others in this thread, it is the most reasonable conclusion. I've only used this particular CC for MFS purchases and the balance transfer I did from another CC. I've never even used this card in person at any store, gas station, restaurant, etc...
I didn't even know JCPenney was still in business since I never shop there. The JCPenney here locally closed a while back.
Which is why I posted above that I can't with 100% certainty put this on MFS. Maybe you missed that part...
I don't think you can say with 100% certainty that this never happens. Can you?
I guess I should add to my statements above that I'm not blaming MFS directly if my CC info was compromised through their system. It's possible if my info was hacked through purchasing from MFS that it was beyond their control of any security used. I like MFS and have purchased a lot from them and will continue to do so, but only using a pre-paid card. I've always received excellent service from MFS. No matter how my info was stolen, I'm just playing it safe. I've actually called and requested new cards with new account numbers for the other CC's that I have also. Two of those I've never used for MFS purchases.
Very prudent. Is there a possibility that MFS is blameless? of course. Lightening has been known to strike the same spot twice.
The fastest horse does not always win the race either. However, that is the way the betting goes.
I was once told that a single occurrence could be happenstance, twice, is suspicious. Three times, it is enemy action.
Considering the cornucopia of careful, concerned, conscientious, vigilant vendors vigorously vying for vital vaping $, Why take the risk?
They're not the only ones. I received a letter by post mail from Nicopure (Halo ecigs) yesterday that their info was breached and for consumers to take precautions and be on the lookout for any irregular activity. They stated they were bringing in an outside security auditor to go through their systems and try to patch any vulnerabilities and listed the contact for the 3 credit reporting agencies. Seems they're trying to get in front of it and take proactive measures to sort it out.
Every once in a while I'll go to Walmart and throw a couple hundred on a prepaid Vanilla One Visa. That's what I use to buy stuff online. I dont like the idea of people racking up charges to my credit.
Teresa P
Senior Moderator
Staff member
Senior Moderator
VU Donator
Diamond Contributor
Member For 4 Years
Imagine my surprise in getting a phone call from PayPal a couple of weeks ago, informing me that my PP debit card number had been used at Southwest Airlines to purchase plane tickets totalling nearly $800. Livid....absolutely livid....
Imagine my surprise in getting a phone call from PayPal a couple of weeks ago, informing me that my PP debit card number had been used at Southwest Airlines to purchase plane tickets totalling nearly $800. Livid....absolutely livid....
I've been comprised at Home Depot, Target, a few online places, and this. My Wife ordered some things from Prana. Their servers were hacked and malware installed on them. Home Depot and Target both had malware on their point of sale terminals. With Prana, not only was the credit card compromised, but all our personal info and passwords as well. They sent an email asking us to change our passwords, which we did, then later got this letter in the mail. I called them and told them to wipe our accounts completely.
Teresa P
Senior Moderator
Staff member
Senior Moderator
VU Donator
Diamond Contributor
Member For 4 Years
It's pathetic what lowlife losers will do to avoid working a real job. I was lucky, it's cost me nothing but frustration and an early morning trip to the bank in my pajamas to sign stop-payment forms when the transactions hit the bank (needless to say, I don't keep that kind of change in my PayPal account so the charges fell on my backup - my bank account), but it makes me very leery of any online transactions. And storefront dealings aren't much better anymore.
I don't use a debit card, only a credit card tied to the paypal acct. Since they put chip readers in most stores, I only buy from those stores who have chip reader equipment installed. I left a whole cart of groceries at a Kroger a few weeks ago. Most Kroger's have chip readers, this particular one didn't. Prana is too cheap to offer paypal. The poor company only has a 1000% markup on their products..lol
I had a long talk with a Capitol One rep last year. International card theft rings are quite sophisticated. The malware that was installed on Home Depot's point of sale computers for example, captured over 20 million cards. Those card numbers, when fresh, can fetch as much as $50 each. She said, within a month, they are virtually worthless. A lot of the malware comes from Russia. Some thieves purchase this card data and transfer it to a bogus card, walk into a store and purchase anything they want and walk out with the merchandise. The thieves haven't figured out a way to defeat the chip on the card "yet" since the chip generates a new code each time the card is used, and it has to match or the card is declined.
Last edited:
Just got this in my email today
June 6, 2017
Dear Customer,
My Freedom Smokes recently became aware of a potential security incident that may have affected the personal information of individuals who made purchases on myfreedomsmokes.com. We are providing this notice as a precaution to let you know about the incident and to call your attention to some steps you can take to protect yourself. We sincerely regret any concern this may cause you.
What Happened
Although the incident is still under investigation, it appears that between approximately March 7, 2017 and April 25, 2017, an unauthorized individual was able to obtain access to portions of our website and insert malicious code that was designed to capture payment information provided in connection with a purchase.
What Information Was Involved
We believe that the incident could have affected certain information (including name, address, email address, telephone number, payment card account number, expiration date, and card verification value (CVV) of individuals who made a purchase on the website. According to our records, you made a purchase using a payment card during the relevant period and your information may be affected. Please note that because we do not collect sensitive information like Social Security numbers for standard payment card transactions, this type of sensitive information was not affected by this incident.
How Are We Responding
My Freedom Smokes takes the privacy of its customers very seriously, and we deeply regret that this incident occurred. We took steps to address and contain the incident promptly after it was discovered, including an internal investigation into the incident and communicating with the vendor who hosts and operates our website to learn more about what occurred. Further, we have retained an internationally recognized cyber security and digital data forensics firm to assist us in identifying the problem, fixing it, and preventing it from happening again. Also, note that well before this incident My Freedom Smokes moved to a tokenization system to better protect customer information.
What Can I Do
We do not believe that exposure of your payment card number is likely to result in identity theft. We recommend that you review payment card account statements promptly and carefully in order to identify any discrepancies or unusual activity. If you see any suspicious activity, you should immediately notify the issuer of the payment card and, if warranted, to law enforcement or regulatory authorities.
We are including with this letter an attachment listing additional steps you may wish to consider taking if you ever suspect that you may be the victim of identity theft. We are providing this information out of an abundance of caution, even though a loss of payment card information can only result in fraudulent charges, for which you would not be liable.
We take the security of your information very seriously, and we regret any inconvenience or concern this incident may cause you. If you have any questions or concerns about this incident, please do not hesitate to contact us at 1-800-955-9753 at any time of the day or night.
Sincerely,
Joe Joyal
Freedom Smokes, Inc.
June 6, 2017
Dear Customer,
My Freedom Smokes recently became aware of a potential security incident that may have affected the personal information of individuals who made purchases on myfreedomsmokes.com. We are providing this notice as a precaution to let you know about the incident and to call your attention to some steps you can take to protect yourself. We sincerely regret any concern this may cause you.
What Happened
Although the incident is still under investigation, it appears that between approximately March 7, 2017 and April 25, 2017, an unauthorized individual was able to obtain access to portions of our website and insert malicious code that was designed to capture payment information provided in connection with a purchase.
What Information Was Involved
We believe that the incident could have affected certain information (including name, address, email address, telephone number, payment card account number, expiration date, and card verification value (CVV) of individuals who made a purchase on the website. According to our records, you made a purchase using a payment card during the relevant period and your information may be affected. Please note that because we do not collect sensitive information like Social Security numbers for standard payment card transactions, this type of sensitive information was not affected by this incident.
How Are We Responding
My Freedom Smokes takes the privacy of its customers very seriously, and we deeply regret that this incident occurred. We took steps to address and contain the incident promptly after it was discovered, including an internal investigation into the incident and communicating with the vendor who hosts and operates our website to learn more about what occurred. Further, we have retained an internationally recognized cyber security and digital data forensics firm to assist us in identifying the problem, fixing it, and preventing it from happening again. Also, note that well before this incident My Freedom Smokes moved to a tokenization system to better protect customer information.
What Can I Do
We do not believe that exposure of your payment card number is likely to result in identity theft. We recommend that you review payment card account statements promptly and carefully in order to identify any discrepancies or unusual activity. If you see any suspicious activity, you should immediately notify the issuer of the payment card and, if warranted, to law enforcement or regulatory authorities.
We are including with this letter an attachment listing additional steps you may wish to consider taking if you ever suspect that you may be the victim of identity theft. We are providing this information out of an abundance of caution, even though a loss of payment card information can only result in fraudulent charges, for which you would not be liable.
We take the security of your information very seriously, and we regret any inconvenience or concern this incident may cause you. If you have any questions or concerns about this incident, please do not hesitate to contact us at 1-800-955-9753 at any time of the day or night.
Sincerely,
Joe Joyal
Freedom Smokes, Inc.
Thank you for posting this.
Well this is a bummer, In today's world this happens all the time. One time I got hit from Home depo charges another Time United Airlines it's pretty crazy. I recommend a pre paid card for online shopping it's a hassle but we have to protect our selfs.
Sent from my SAMSUNG-SM-G935A using Tapatalk
Sent from my SAMSUNG-SM-G935A using Tapatalk
The last few days I had to upload Photo ID Thanks to the FDA as Vendor's must do so to make the FDA Happy I did not like that AS that just puts more info out their for hackers . Now if the FDA could send me a special FDA Credit card I would feel safe lol lol lol
Sent from my SAMSUNG-SM-G935A using Tapatalk
Sent from my SAMSUNG-SM-G935A using Tapatalk
Just bought some stuff Monday. No fraudulent charges yet but i found all these discussions about mfs and fraud and i got scared. So i called their “fraud hotline” and the lady that answered seemed annoyed and very rude. I asked if there were anymore breaches or if she could confirm the site was safe since the last known breach... she said “i cant answer that but a manager can.” She took my info and said a manager would call me back. I asked, “should I expect a call today?” She sighed loudly and replied exasperatedly “YES sir.... TODAY.” She hung up. I never got a call back.
My theory is it wasnt elite haxors. It was an MFS employee. Either disgruntled or former. They are trying to hide that fact.
Last FxCKING time I order from these lackadaisical pieces of garbage. They wouldnt be so laid back if it were their info out there on the darkweb. Smug a$$holes! Popping up in all these vape forums discussions on their THIEVERY... just to give a boilerplate apology and smarmy platitudes!!! IM DONE
My theory is it wasnt elite haxors. It was an MFS employee. Either disgruntled or former. They are trying to hide that fact.
Last FxCKING time I order from these lackadaisical pieces of garbage. They wouldnt be so laid back if it were their info out there on the darkweb. Smug a$$holes! Popping up in all these vape forums discussions on their THIEVERY... just to give a boilerplate apology and smarmy platitudes!!! IM DONE
crossing them off my list.
Oh! Literally minutes after posting this I was contacted by Joe Joyal at MFS. He tried his best to assure me everything was ok. He said their site is safe and has been since the last breach. But they thought that in 2015 too.
Teresa P
Senior Moderator
Staff member
Senior Moderator
VU Donator
Diamond Contributor
Member For 4 Years
When their POS system isn't being hacked, they're quite good. Shipping is really fast, especially for me since they're in NC and I'm in TN.
Me too. I really liked MFS. They ship uber fast, always have quality/authentic products and they have some of the best prices and hard to find items. All that goes in the shitter if by using their site you open the door to identity theft. Like I’m literally gonna spend $5 more on each pack of coils now just because I cant trust their security much less their employees prudence. So with that, I’m done. Mr Joyal was very polite just not reassuring.