Less than a week ago Vapor Shark, a leading vape retail site, announced that it was hacked with a breach of security on their retail website.
In late June, Vapor Shark began received mixed data that alarmed them of a possible breach of security on their retail website that has become one of the most known and top-selling within the electronic cigarette industry. In spite of this new-found knowledge of the possible breach, they immediately summoned their development team to tighten down on the websites security during the process of the investigation.
After finally discovering the issue, they’ve concluded that there was malicious code inserted into the website that was siphoning their retail customers credit card information. They’ve pinpointed that the code was inserted on or after June 23rd, 2015, but made sure to include that their wholesale website was not affected. This “hack” was all made possible due to a vulnerability pertaining to Magento, which Sucuri.net’s blog released a notice on at the same date. They claim that the vulnerability quietly attaches to your code and makes it virtually undetectable unless you actively seek it out, which is what Vapor Shark did.
The malicious code was immediately contained, isolated, and completely removed by July 14th, 2015. To supplement our internal security measures, we enrolled the services of Sucuri.net, a leader in internet commerce security. Our website, which is hosted by Amazon, is scanned by Sucuri.net on a daily basis for viruses, malware, and spyware. If any malicious content is found withSucuri.net it is immediately flagged, isolated, and removed by the development team. Additionally, our site is also protected from intrusion by Incapsula, the same company and service that secures companies like eHarmony, WIX, Newsweek, SIEMENS and Motley Fool.
Though this is quite a scare for many customers, something like this can be avoided in the future with the necessary steps that Vapor Shark has put in place. Although Vapor Shark is the one responsible for maintaining the security on their website, I’m sure they’ve already had quite a hold on security prior to the attack, but the hackers were able to scape by with the vulnerability in Magento. When there is a site with popularity and high traffic, these are things that are to be expected, so it’s the website’s responsibility to make sure they stay one step ahead at all times.
Anyhow, Vapor Shark has apologized for the inconvenience that it may have caused their customers, and shared that they take the safety of their customers personal and private information very seriously. They also included that the website is now free of any malicious code since they’ve discovered and corrected the issue, as well as sharing that the site is secure and being monitored around the clock.
If you have reason to believe that you may have been affected, please contact your card issuing bank and inform them. We are working with VISA, MasterCard, and American Express regarding this issue and they will be able to address your concerns adequately.