Hold on, I have continuously been scanning the site since reading the Reddit post, several scans reported fine, except one, which listed an element of Java Script as a warning for long string code injection, today that warning is gone as I scanned at 10:15. False positives can occur, but that fact that the page element warning is gone today is a little odd.
My debit card was compromised yesterday, ordered from WL in June. Seems likely, but can’t be sure. Also have ordered from ECX, DiyVs, RF and NF since then.
Somebody bought $147 worth of Chanel perfume from Neman Marcus! Got it refunded, thankfully. Getting a new card is a hassle, for sure. Keep an eye out on your card activity!
Very sorry to hear.
But thanks for letting folks know, so they can continue to monitor their accounts.
It started the day before, with a random .01ct test charge from New Jersey.
Hopefully you relayed that info to your bank (or better still, hopefully they noticed it and informed you!). It could be helpful!
Any additional means of tracking the pathing can only help (one would think)!
Either way, I hope that the Feds bust the lowlife fucks responsible!!
Has anyone contacted wizard labs and brought this up to them? Maybe it’ll scare them afrom doing it more or stopping them from attempting other people’s if they know we’re aware of it! I for one am done ordering from them now! Also how certain are we that it’s them and not someplace else we ordered from?
Given they’ve been active in Reddit in the past, and the amount of uproar there (and elsewhere), I’m sure they’re aware. But it can never hurt to add one more “voice of concern” to the pile.
Nice it’s complete bs that they would do that! I’ve had my card get screwed last year or so and what a pain to fix the problem! Had to switch all direct withdrawals and other stuff too! So much grief!
I just tried Shopsafe for the first time, very nice. If anyone banks at BA, and hasn’t used it, it works great.
Well, WL’s isn’t doing it intentionally I’m sure. It’s enough of a PR nightmare just to be associated with such, not to mention a victim of it.
And again, we don’t know for certain yet, that they’re linked. It is just far too common that they are named so frequently as of late, to dismiss the distinct possibility yet though. Which is why I posted the heads up to start with. Better to be “armed against the possibility” and use precautions that one might not otherwise use, if you have additional information that may negate, or at least minimize the fallout from such a threat.
I’m sure the Feds have to be involved (given state boundaries are digitally crossed, never mind the credit card fraud issue), but until we get specific information (read as: the issue has been solved, and the offender/offending code is found) all we can do is warn about the potential threat, and use best practices.
Personally, I’m betting there’s a disgruntled (ex-)employee involved. Now whether that’s at WL’s, or their payment vendor… Who knows. As there could be completely unrelated businesses also experiencing c/c fraud that we’d never hear about, unless you had a list of all the businesses served by the payment vendor. It could also be a line of injected code (as above) that’s toggle-able, making things even more complicated to find.
Just too damned many things involved in this complex digital age. =/
I emailed Wizard Labs and told them about it. I said that I am not the only person who has been affected by this and I think they owe it to their customers to alert them that they should check their accounts. I got no response!
That is exactly the same type of stuff purchased with both of my stolen cards! It’s a woman, or a man giving women lots of gifts, but doubtful. It was Neiman Marcus, Chanel, Haute Look, Beauty Box, Sephora, all high end stores, all clothes, makeup, perfume and one pair of expensive sneakers from some expensive sneaker store.
Crazy stuff, right there. Both Neiman Marcus and my bank were helpful. The money was back in my account within 2hrs. I hope you had a good outcome, too.
My bank was very helpful! The woman almost caught the person while making a purchase. She was so bummed she missed it. She said she loves when she can catch them in the act!
It was 2 different cards, 2 different banks, almost $1000 stolen and safely returned!
Although it IS the correct move for them to make, for sure, if indeed WL is the issue… that issue is a huge ugly can of rotten worms! However, it is true, from past mistakes with other companies, sometimes they aren’t a fan of owning up to their boo-boos.
Very true. On Reddit link posted above there are some responses WL sent out to people who had said that it had to be their site because it was the only place the card was used.
“Thank you for your recent order with Wizard Labs. We are sorry to hear about your experience with your credit card. However, we do not store credit card information on file. We have added a 3rd party firewall up to discover any malicious attack on our website. So far we have not found any breach of security but we are going to keep investigating. We will contact you to let you know what the investigation find. I hope this information is helpful and if you have further questions or concerns please e-mail and we will be happy to assist you.”
And later down the road Wizard labs posted on their own. Basically, I feel like it says there is a problem, we aren’t sure what it is, and we aren’t going to specifically admit it was from here…
u/WizardLabs • Jul 4, 2017, 10:12 AM
Wizard Labs takes the privacy of customer information very seriously; your confidence and trust are important to us.
We have been notified by several of our customers that they have experienced fraudulent transactions on their payment card statements. We made it our top priority to examine our systems and began an investigation. Our third-party merchant services provider and server hosting provider conducted vulnerability scans of our system, both resulting in a clean bill of health. Further, our merchant stated that we are currently PCI compliant. Our server hosting provider performed a sweep and scan on our system and have no verified findings. They also confirmed that our SSL is up to date and functioning with AES encryption and SHA-2. As an extra security measure, we engaged a cyber security firm to perform a more in depth screening of our website. They will continue to monitor our website 24/7/365 for any malicious attacks or malware on our system. In addition, we have deployed a third-party firewall adding to Wizard Labs’ primary firewall to provide another level of protection.
It is recommended that you review your payment card account statements closely and report any unauthorized charges or suspicious activity to your card issuer immediately. Contact information is usually on the back of your payment card and included on the account statement. If you believe that your personal information has been compromised please provide any information that will help us further this investigation by contacting us at, firstname.lastname@example.org. Thank you for your letting us know of any issue you have experienced and for your patience as we continue our investigation. We will update this post as soon as we have additional information.
@Bradj86 @moonman and anyone else who got their card stolen. Where where purchases made and do you know what type of things were bought? I think the fact that @Plunderdrum and I both got numbers stolen (2 of my numbers, my debit card and a credit card) and the charges made on all 3 cards were for high end feminine things like Chanel perfume, makeup at Sephora, all were used at Neiman Marcus, it seems like it is one person, probably a woman. And I am guessing as @Sprkslfly said, a disgruntled ex worker for Wizard Labs or their credit processor. If everyone is getting the same kind of charges, it may help them catch this bitch!
I made a list of where charges were made and how many different people mentioned that place from here and Reddit. I made a post there asking for anyone to tell me where their cards were used.
Mine was used to try and buy stuff from the Adidas online store. Luckily it was halted by the bank, almost straight away.
That’s good that it was rejected by your bank. That’s how I first found out about my first card being stolen. You are the 4th person to mention Addidas as a place that they tried to use the stolen number. Last night I wrote down all mentioned places and started counting how many times the same website was mentioned. Many people didn’t specify where on Reddit, but there are a lot more people there who also had this happen. Thanks for your help!