Regarding My Freedom Smokes

I’m not sure how many of you deal with MyFreedomSmokes, but if you do and they didn’t contact you already, you might want to read this:

June 8, 2017

Dear Customer,

My Freedom Smokes recently became aware of a potential security incident that may have affected the personal information of individuals who made purchases on myfreedomsmokes.com. We are providing this notice as a precaution to let you know about the incident and to call your attention to some steps you can take to protect yourself. We sincerely regret any concern this may cause you.

What Happened
Although the incident is still under investigation, it appears that between approximately March 7, 2017 and April 25, 2017, an unauthorized individual was able to obtain access to portions of our website and insert malicious code that was designed to capture payment information provided in connection with a purchase.

What Information Was Involved
We believe that the incident could have affected certain information (including name, address, email address, telephone number, payment card account number, expiration date, and card verification value (CVV) of individuals who made a purchase on the website. According to our records, you made a purchase using a payment card during the relevant period and your information may be affected. Please note that because we do not collect sensitive information like Social Security numbers for standard payment card transactions, this type of sensitive information was not affected by this incident.

How Are We Responding
My Freedom Smokes takes the privacy of its customers very seriously, and we deeply regret that this incident occurred. We took steps to address and contain the incident promptly after it was discovered, including an internal investigation into the incident and communicating with the vendor who hosts and operates our website to learn more about what occurred. Further, we have retained an internationally recognized cyber security and digital data forensics firm to assist us in identifying the problem, fixing it, and preventing it from happening again. Also, note that well before this incident My Freedom Smokes moved to a tokenization system to better protect customer information.

What Can I Do
We do not believe that exposure of your payment card number is likely to result in identity theft. We recommend that you review payment card account statements promptly and carefully in order to identify any discrepancies or unusual activity. If you see any suspicious activity, you should immediately notify the issuer of the payment card and, if warranted, to law enforcement or regulatory authorities.

We are including with this letter an attachment listing additional steps you may wish to consider taking if you ever suspect that you may be the victim of identity theft. We are providing this information out of an abundance of caution, even though a loss of payment card information can only result in fraudulent charges, for which you would not be liable.

We take the security of your information very seriously, and we regret any inconvenience or concern this incident may cause you. If you have any questions or concerns about this incident, please do not hesitate to contact us at 1-800-955-9753 at any time of the day or night.

Sincerely,
Joe Joyal
Freedom Smokes, Inc.

Not seriously enough obviously storing cvv numbers with card numbers is a massive no no which defeats the whole idea of having a cvv number.

Exactly. I didn’t think they could legally store CVV numbers, but apparently they can. Whether it’s legal for them to do it remains to be seen.
That’s one reason I dislike ordering from any company that doesn’t use PayPal or some other payment service. I HATE giving out credit card info.

They never said they where storing any info, they said someone inserted code into certain pages of there site to capture information.

Ah right you are my bad

Yep you are correct. I misread or simply misunderstood.

Yes. I got this email on June 6th. I checked my banking statements and everything seems to be okay. However it was super scary to read this. Two days later I got a few emails with “Sales” notifications from MyFreedomSmokes. Interesting, yes?

I agree with @Saxon2 - vendors should offer other payment options like Paypal and maybe even Bitcoin. However you can never go wrong with most major Credit Card companies. I found most are easier to work with when dealing with issues like fraud vs your bank.

This also happened to them back in like 2015 I believe … I have stopped using them even though they were the quickest for delivery to me considering I only live about 90 miles from them. Although, I never noticed any unauthorized charges after they compromised the security of their customer’s finances; but that alone was enough for me to choose a different company.

So basically this crap happened again? Glad I used a prepaid throw away this time around.

that is all i use for my online purchases

Wise men say … Only fools rush in … Oh sorry

This kind of fishing or trapping happens or there attempts being made all the time to many different businesses not just MyFreedomSmokes. They are not at fault for this happening and it seems like they caught the problem before any major issues occurred.
Chipotle just got hit too. This stuff is happening all over lately. My card company tracks my spending habits and when charges pop up that aren’t how I normally make purchase they immediately stop payment and contact me to verify if it’s legit. I try and make sure my card is not stored on any site. That doesn’t ensure this won’t happen though.

See in this case they culprits placed a trap to be triggered when a purchase was made. Hard to detect those buggers these days. MFS is a great vendor to buy from though and they have excellent customer service.

I’ve built and run ecommerce websites… I understand. it happens. They caught it and handled it well imho.
I just placed another order with them on Sunday and it’ll be here on Wednesday

I never said MFS was a bad company or that it was their fault that this happened. I also never said anything about not ordering from them.
All I did was post an email they me so that others that may have purchased from them in that specific time frame that didn’t get a notification from MFS would know about it.
Please don’t put words in my mouth.

Are you referring to my post? If it was I don’t see it and I’ve read it over quite a few times. If that’s how you perceived it was not my intention at all. I was just relating my experience with the subject in general and how I try to avoid those types of situations if possible. If my post offended I apologize as that was not my goal.

No apologies necessary friend. I’m just way overtired and read it with an irritable mindset.
It’s all good. Actually I think I should apologize to you. So … I do.

Well thank you for that my vaping brother. I can sympathize with the over tired feeling as I haven’t had a full nights sleep myself for past two days. I googled this particular happening and the amount of results that popped up was astounding to me. It appears that going to your local store to buy a toothbrush can wind costing you hundreds of dollars and a few weeks of headaches these days. Only one thing left to do well two try and get some rest and keep on vaping.

I got one of these too . At least they tried to get out in front of this one, I’ve seen larger companies do worse! Gonna keep buying from them, just sucks how easy it is to steal this kind of info anymore.