Data Breach- Element Vape Hacked


I have received a letter from Element Vape stating that their e-commerce website had malicious code inserted “creating a window of intrusion” between 12/06/2017 and June 17 2018. They are offering “Lifelock Defender” free of charge for 1 year and also recommend that fraud alerts be placed with all 3 credit reporting bureaus. They also recommend taking steps to monitor and protect against identity theft.


I can scan and post this 4 page letter. Anyone have input on this?


That sucks…

At least I never bought from there. Shipping to Israel is too expensive from the US


I buy a lot from them and they are one of the larger US vendors. They claim to have contained the breach June 17 so my question ( among others) is why the hell they have waited so long to inform us.


I suspect there was forensics needed to determine first, was any impactful information actually obtained, and second, who was affected by the breach.

And of course, the internal debate on whether they should tell anyone and lose trust. Which probably ended only after they found out they were legally compelled to inform.


That’s the least they can do, 7 bloody months it took them to get it out there?!!
I never order from the US because A: it is expensive and B, you need a creditcard and I don’t have one and definitely don’t want one.
Too much of this kind of shit going on with those things.



“While it has not been confirmed that any personal information was in fact taken by the third party intruder, we determined that credit card information of customers who made transactions on our website between December 6, 2017 and June 27, 2018 was at-risk.”

So the actions recommended are to protect against using the info for identity theft. I guess.


I’m reticent to be too critical of them as this is a simple reality today. Hacking has become common place throughout cyberspace and I think an assumption of being secure is never warranted. I appreciate the steps they have taken and really can’t determine if their diligence regarding ongoing security is suffice or no.


There’s also the fact that once these things come to surface, the FBI would almost certainly be automatically involved due to the nature of major players being involved (Mastercard, Visa, AMEX, etc, and then on top of that, Trans-Union, Equifax, and the other credit authorities).

Given the fact that it goes from interstate (and potentially worldwide) commerce, to insurance companies, to fraud, etc… I’m not a bit surprised at the idea of the feds trying to get an accurate picture of things before they allow things to go to public notice, and in effect, “tipping their hand” that they are aware… Until they’ve sufficiently gleaned all the relevant details they can get about the situation.

This is, after all, BIG money involved (which they care far more about than the public’s data).

Not saying I disagree with you BTW…
Just that beauracracy moves slow. WAY too slow sadly.