Heads up... Potential credit card theft alert

Hold on, I have continuously been scanning the site since reading the Reddit post, several scans reported fine, except one, which listed an element of Java Script as a warning for long string code injection, today that warning is gone as I scanned at 10:15. False positives can occur, but that fact that the page element warning is gone today is a little odd.

2 Likes

My debit card was compromised yesterday, ordered from WL in June. Seems likely, but canā€™t be sure. Also have ordered from ECX, DiyVs, RF and NF since then.
Somebody bought $147 worth of Chanel perfume from Neman Marcus! Got it refunded, thankfully. Getting a new card is a hassle, for sure. Keep an eye out on your card activity!

5 Likes

Very sorry to hear.
But thanks for letting folks know, so they can continue to monitor their accounts.

3 Likes

It started the day before, with a random .01ct test charge from New Jersey.

2 Likes

Hopefully you relayed that info to your bank (or better still, hopefully they noticed it and informed you!). It could be helpful!

Any additional means of tracking the pathing can only help (one would think)!

Either way, I hope that the Feds bust the lowlife fucks responsible!!

4 Likes

Has anyone contacted wizard labs and brought this up to them? Maybe itā€™ll scare them afrom doing it more or stopping them from attempting other peopleā€™s if they know weā€™re aware of it! I for one am done ordering from them now! Also how certain are we that itā€™s them and not someplace else we ordered from?

3 Likes

Given theyā€™ve been active in Reddit in the past, and the amount of uproar there (and elsewhere), Iā€™m sure theyā€™re aware. But it can never hurt to add one more ā€œvoice of concernā€ to the pile.

3 Likes

Nice itā€™s complete bs that they would do that! Iā€™ve had my card get screwed last year or so and what a pain to fix the problem! Had to switch all direct withdrawals and other stuff too! So much grief!

2 Likes

I just tried Shopsafe for the first time, very nice. If anyone banks at BA, and hasnā€™t used it, it works great.

2 Likes

Well, WLā€™s isnā€™t doing it intentionally Iā€™m sure. Itā€™s enough of a PR nightmare just to be associated with such, not to mention a victim of it.

And again, we donā€™t know for certain yet, that theyā€™re linked. It is just far too common that they are named so frequently as of late, to dismiss the distinct possibility yet though. Which is why I posted the heads up to start with. Better to be ā€œarmed against the possibilityā€ and use precautions that one might not otherwise use, if you have additional information that may negate, or at least minimize the fallout from such a threat.

Iā€™m sure the Feds have to be involved (given state boundaries are digitally crossed, never mind the credit card fraud issue), but until we get specific information (read as: the issue has been solved, and the offender/offending code is found) all we can do is warn about the potential threat, and use best practices.

Personally, Iā€™m betting thereā€™s a disgruntled (ex-)employee involved. Now whether thatā€™s at WLā€™s, or their payment vendorā€¦ Who knows. As there could be completely unrelated businesses also experiencing c/c fraud that weā€™d never hear about, unless you had a list of all the businesses served by the payment vendor. It could also be a line of injected code (as above) thatā€™s toggle-able, making things even more complicated to find.
Just too damned many things involved in this complex digital age. =/

5 Likes

Very true @Sprkslfly I agree with you on this!

3 Likes

I emailed Wizard Labs and told them about it. I said that I am not the only person who has been affected by this and I think they owe it to their customers to alert them that they should check their accounts. I got no response! :rage:

3 Likes

That is exactly the same type of stuff purchased with both of my stolen cards! Itā€™s a woman, or a man giving women lots of gifts, but doubtful. It was Neiman Marcus, Chanel, Haute Look, Beauty Box, Sephora, all high end stores, all clothes, makeup, perfume and one pair of expensive sneakers from some expensive sneaker store.

2 Likes

Crazy stuff, right there. Both Neiman Marcus and my bank were helpful. The money was back in my account within 2hrs. I hope you had a good outcome, too.

6 Likes

My bank was very helpful! The woman almost caught the person while making a purchase. She was so bummed she missed it. She said she loves when she can catch them in the act!

It was 2 different cards, 2 different banks, almost $1000 stolen and safely returned!

7 Likes

Although it IS the correct move for them to make, for sure, if indeed WL is the issueā€¦ that issue is a huge ugly can of rotten worms! However, it is true, from past mistakes with other companies, sometimes they arenā€™t a fan of owning up to their boo-boos.

4 Likes

Very true. On Reddit link posted above there are some responses WL sent out to people who had said that it had to be their site because it was the only place the card was used.

ā€œThank you for your recent order with Wizard Labs. We are sorry to hear about your experience with your credit card. However, we do not store credit card information on file. We have added a 3rd party firewall up to discover any malicious attack on our website. So far we have not found any breach of security but we are going to keep investigating. We will contact you to let you know what the investigation find. I hope this information is helpful and if you have further questions or concerns please e-mail and we will be happy to assist you.ā€

And later down the road Wizard labs posted on their own. Basically, I feel like it says there is a problem, we arenā€™t sure what it is, and we arenā€™t going to specifically admit it was from hereā€¦

u/WizardLabs ā€¢ Jul 4, 2017, 10:12 AM
Wizard Labs takes the privacy of customer information very seriously; your confidence and trust are important to us.

We have been notified by several of our customers that they have experienced fraudulent transactions on their payment card statements. We made it our top priority to examine our systems and began an investigation. Our third-party merchant services provider and server hosting provider conducted vulnerability scans of our system, both resulting in a clean bill of health. Further, our merchant stated that we are currently PCI compliant. Our server hosting provider performed a sweep and scan on our system and have no verified findings. They also confirmed that our SSL is up to date and functioning with AES encryption and SHA-2. As an extra security measure, we engaged a cyber security firm to perform a more in depth screening of our website. They will continue to monitor our website 24/7/365 for any malicious attacks or malware on our system. In addition, we have deployed a third-party firewall adding to Wizard Labsā€™ primary firewall to provide another level of protection.

It is recommended that you review your payment card account statements closely and report any unauthorized charges or suspicious activity to your card issuer immediately. Contact information is usually on the back of your payment card and included on the account statement. If you believe that your personal information has been compromised please provide any information that will help us further this investigation by contacting us at, admin@wizardlabs.us. Thank you for your letting us know of any issue you have experienced and for your patience as we continue our investigation. We will update this post as soon as we have additional information.

4 Likes

@Bradj86 @moonman and anyone else who got their card stolen. Where where purchases made and do you know what type of things were bought? I think the fact that @Plunderdrum and I both got numbers stolen (2 of my numbers, my debit card and a credit card) and the charges made on all 3 cards were for high end feminine things like Chanel perfume, makeup at Sephora, all were used at Neiman Marcus, it seems like it is one person, probably a woman. And I am guessing as @Sprkslfly said, a disgruntled ex worker for Wizard Labs or their credit processor. If everyone is getting the same kind of charges, it may help them catch this bitch!

I made a list of where charges were made and how many different people mentioned that place from here and Reddit. I made a post there asking for anyone to tell me where their cards were used.

6 Likes

Mine was used to try and buy stuff from the Adidas online store. Luckily it was halted by the bank, almost straight away.

4 Likes

Thatā€™s good that it was rejected by your bank. Thatā€™s how I first found out about my first card being stolen. You are the 4th person to mention Addidas as a place that they tried to use the stolen number. Last night I wrote down all mentioned places and started counting how many times the same website was mentioned. Many people didnā€™t specify where on Reddit, but there are a lot more people there who also had this happen. Thanks for your help!

2 Likes