Kolsch_Meister
Well-Known Member
hey **** happens my card was used but we caught it and my bank gave us the money back i for one will still use midwest again,if you choose not to you are letting the hackers and crooks win shop midwest
+1!
Important Statement From Midwest Supplies
- Thread starter midwestsupplies
- Start date
Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:
+1!
How is it hypocritical? For instance, I have used Rebel Brewer in the past. They may or may not have superior security but I DO KNOW for a fact that Midwest was lazy about it.
In one case, I know Midwest did not take security seriously. The other is an unknown but I will take my business elsewhere if shown to not take stuff seriously. AND if everyone does the same, it sends a HUGE signal to the other stores that they risk ruin if they don't take things seriously.
I take my business elsewhere as a statement that I will not do businesses that don't take security seriously.
joshrosborne
Well-Known Member
So they offer $25 off coupons (not good for shipping!) to a ton of customers who will probably not shop with them again (hence not use the coupons). I suppose that's one way to pretend to make things right and minimize profit losses all at the same time.
MuddyCreek
Well-Known Member
The issue is not that Midwest was hacked. That can happen. The problem really is that people feel as though they've done a very poor job handling the crisis.
The good news, undoubtedly Midwest folks ARE monitoring this thread and you can bet they are recognizing how seriously their poor situation management is effecting them.
I suspect they'll work very hard to avoid this kind of debacle in the future.
They screwed up big-time and I expect they are as chagrined as anybody about it. I don't know if I'll use them again or not, but if I do, I'll only go through paypal. (That's what I've used with them in the past, and is likely why I haven't seen funky transactions.)
The good news, undoubtedly Midwest folks ARE monitoring this thread and you can bet they are recognizing how seriously their poor situation management is effecting them.
I suspect they'll work very hard to avoid this kind of debacle in the future.
They screwed up big-time and I expect they are as chagrined as anybody about it. I don't know if I'll use them again or not, but if I do, I'll only go through paypal. (That's what I've used with them in the past, and is likely why I haven't seen funky transactions.)
If they wanted to earn trust, they would explain what happened and why. By not explaining, I am left to assume that they really had some amatuer crap going on.
If they explained what they did (for better or worse) and explained how they were resolving it, it would go a LONG way to making me reconsider them.
But without knowing how and why this happened, I cannot use them again.
Like the saying goes, "fool me once, shame on you, fool me twice, shame on me". Well the only way I won't be fooled is avoiding them at this point.
It is amazing to me that they haven't replied to this thread to try and gain some support back.
I've found that Kegconnection normally has better prices. I did have an issue with a bent ball lock keg lid on one order. They shipped a replacement without any issue.
FuzzeWuzze
I Love DIY
This, but you also have to watch all of those as well.
My LHBS fat fingered a 40 dollar order into a 400 dollar order and neither of us noticed. They were very fast to refund me the next day though.
Probably the smartest thing i did long ago was set up my account to notify me via email of any purchase over 100 dollars. Also have Mint.com doing the same.
TheSmithsEra
Well-Known Member
- Joined
- Jul 16, 2012
- Messages
- 519
- Reaction score
- 50
Looks like i wont be giving any first orders to midwest or northern brewer . .
LovesIPA
Well-Known Member
Once the affected credit card has been canceled and replaced, the hackers can do nothing with the information. It's worthless.
That's why I kind of chuckle at people in this thread who are crying for a lifetime of free identity protection. As if having a credit card number stolen entitles you to that. Get a grip, folks.
It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.
Do you not see the difference? One place, Midwest, obviously did not take security seriously. There is no evidence that someone like Rebel Brewer isn't taking it seriously. Lack of evidence is not evidence.
And again, if Rebel isn't taking security seriously, I will leave them as well.
Sir-Brews-Alot
Well-Known Member
Count me in as another with a compromised account. My bank noticed the errant charges and contacted me right away, stopped all transactions, and cancelled my card. Fortunately Citibank was on the ball, since MW clearly doesn't know what they're doing. I received my letter from MW yesterday. I will delete my MW account and never order from them or affiliates again. I guess if they handled things differently I might still give them a chance, but seriously the only recompense, a $25 gift card. FU!
Feel free to send me all of your MW gift certs...
- Joined
- Dec 5, 2007
- Messages
- 1,719
- Reaction score
- 759
So no matter what a merchant may do to compromise your account information you would never stop shopping with them because other merchants also have the potential to do the same?
beernutz said:
I'm not effected by this whole thing bc I never used MW, but logically thinking a place that got hacked would then be on top of things big time going forward where others who haven't been might not be as vigilant. I'd think that now that the issue is resolved with MW they'd be one to not have this happen again..
Not to say my thinking is totally sound/correct or that anyone is wrong to find other retailers or be upset, I would be too!
ghoti
Well-Known Member
They never said what happened or what they did to fix it. If you are going to be straight with your customers do not expect them to be with you very long.
Im also not affected because Ive never used MW. Just to play devil advocate to your rational. It could be logical to think that a place that was lax in security might be so again while a company that has not been breached might be that way because they were more vigilant all along.
Also, not to say that my reasoning is correct, just a possibility. I know I would be really upset if I had gotten caught up in this mess.
ShootsNRoots
Well-Known Member
- Joined
- Mar 27, 2013
- Messages
- 243
- Reaction score
- 34
Now that all y'all quit orderin' from Midwest my orders are shippin' faster than ever. Plus I only get a new credit card issued once every two weeks. That ain't so bad now is it?
Seriously though, I'm leary of most homegrown systems/websites. I don't know if their website/merchant integration was homegrown or professional; or even if they had a professional IT guy in house.
At any rate, if I could be assured that the problems have been resolved, I wouldn't have a problem shopping with them again (except for that slight issue with the darn orders not shipping within 24-48 hrs... what's up with that?).
Perhaps it's the stigma of seeing that website; and that darn checkbox (that I pointed out and asked to have changed in the previous thread) to save my information, that makes me leery of using the site again.
Never had a problem with NB because it's different software (Magento eCommerce?), probably on a different server or virtual machine. (I'm guessing NB is using some homegrown software themselves behind the scenes.)
Well tested commercial software, combined with a knowledgeable systems administrator and up to date OS/DB/etc... usually! (not always!) makes for a secure system.
I've had credit card numbers stolen before, it's not a huge deal, just annoying that you're left without your card for a week or so. I've never dealt with a CC company who doesn't fully cover fraudulent charges.
Obviously we'll probably never get an answer as to who was in charge of the darn server, how the malware got installed etc... but there has to be some sort of assurance that this breech in security has been resolved.
Working in IT myself, I know that security is an ever-present and ongoing process. It takes constant monitoring, updating and watching.
So part of me says screw 'em and part of me says, give 'em a break, what if you were the guy in charge of that server, would you have noticed the breach? Would you have kept it up to date? Would it have made it past you? How supportive of this person was Midwest? etc...
It's easy to place blame (which I'm guilty of) but then you walk a mile in another man's shoe and quickly see what's really goin' down...
Seriously though, I'm leary of most homegrown systems/websites. I don't know if their website/merchant integration was homegrown or professional; or even if they had a professional IT guy in house.
At any rate, if I could be assured that the problems have been resolved, I wouldn't have a problem shopping with them again (except for that slight issue with the darn orders not shipping within 24-48 hrs... what's up with that?).
Perhaps it's the stigma of seeing that website; and that darn checkbox (that I pointed out and asked to have changed in the previous thread) to save my information, that makes me leery of using the site again.
Never had a problem with NB because it's different software (Magento eCommerce?), probably on a different server or virtual machine. (I'm guessing NB is using some homegrown software themselves behind the scenes.)
Well tested commercial software, combined with a knowledgeable systems administrator and up to date OS/DB/etc... usually! (not always!) makes for a secure system.
I've had credit card numbers stolen before, it's not a huge deal, just annoying that you're left without your card for a week or so. I've never dealt with a CC company who doesn't fully cover fraudulent charges.
Obviously we'll probably never get an answer as to who was in charge of the darn server, how the malware got installed etc... but there has to be some sort of assurance that this breech in security has been resolved.
Working in IT myself, I know that security is an ever-present and ongoing process. It takes constant monitoring, updating and watching.
So part of me says screw 'em and part of me says, give 'em a break, what if you were the guy in charge of that server, would you have noticed the breach? Would you have kept it up to date? Would it have made it past you? How supportive of this person was Midwest? etc...
It's easy to place blame (which I'm guilty of) but then you walk a mile in another man's shoe and quickly see what's really goin' down...
I want to make it completely clear that I'm not leaving Midwest because they were hacked or even that the hackers got my cc info. I'm leaving midwest because they lied to us. They said it wasn't them flat out. They should have said we're investigating it, but they didn't. I just think they have handled this whole thing wrong from the start, and this $25 gc is like salt on the wound.
ShootsNRoots
Well-Known Member
- Joined
- Mar 27, 2013
- Messages
- 243
- Reaction score
- 34
The question is, what is the context to "it isn't our problem."
In a normal company the management would've went to the IT and asked 'Was our server breached?'
IT, fearing for their jobs/reputation, would respond, 'Well it passed the PCI check!'
My guess is, that it's that type of miscommunication that occurred.
Did they lie? Yes. Did they lie blatantly, through their teeth? It's a best guess as to what they were told by the IT.
Management would then call in a third party, who would catch the problem, but by then you've dismissed the problem publicly.
At any rate, that's just my take on it. It could swing either way, I suppose.
Getting hacked is a risk that all online vendors take. Most consumers understand that and are willing to give some leeway. What I and many others can not excuse is how Midwest responded to the situation. Denial, blame shifting and avoidance.
Austin Homebrew was hacked. They admitted it, made amends and their customers stood by them (for the most part). Midwest failed to act in good faith and now they have lost me as a customer.
Here they say they were "investigating" this. Why didn't they say that in the forum instead of " its not us"
I have a serious problem with that!
If that's what happened, management
needed to be smart enough to realize IT didn't answer the question that was asked. IT also needs to be smart enough to raise potential problems ahead of time, and document the response from management or lack thereof. Unfortunately the odds of us ever seeing those internal communications are slim and none.
ShootsNRoots
Well-Known Member
- Joined
- Mar 27, 2013
- Messages
- 243
- Reaction score
- 34
Understood. My point is simply that the entire context of the situation will probably never be known and the image presented to the public may have been distorted by internal politics.
I got the letter yesterday. Up until this point ( I don't frequent the forums a lot) I didn't realize there was an issue. I never got any fraudulent charges, perhaps I was lucky. I do a lot of online shopping and over the past 8 years or so my credit card has been used fraudulently 3 times. Never once, until this have I got a notice of a breach from anyone. Obviously Midwest could have handled it better (more promptly), but after being compromised 3 other times I don't get that excited about it. I file a form listing charges that weren't mine and my account is corrected in a few days and a new card sent. Part of the risk of shopping online, and its not even that risky since you're liability is limited. Inconvenience, yes, tragedy, no. I don't shop Midwest that much anyway because I comparison shop first and they often are not the cheapest, but if they have something I want I will still probably shop there. I don't know exactly what happened or where the compromise occurred, but a lot retailers farm out credit card processing to third parties.
I think one lesson anyone should take from this is set up email alerts on your credit card account. Anytime a charge goes through I get an email instantly. That's how I've caught all the other fraud cases and reported within at most hours if they happened while I was asleep.
I think one lesson anyone should take from this is set up email alerts on your credit card account. Anytime a charge goes through I get an email instantly. That's how I've caught all the other fraud cases and reported within at most hours if they happened while I was asleep.
Just placed my Order with the $25.00 coupon 
HawksBrewer
Well-Known Member
This explains everything. My CC was compromised and someone tried to buy an AR-14 assault rifle and a new Canon DSLR. Everything was denied so no money lost, but **** midwest supplies. I'm done shopping there.
user 110879
Member
- Joined
- Feb 23, 2012
- Messages
- 13
- Reaction score
- 1
I am in the same boat. I had two fraudulent charges from Western Union last month that totaled $715. The charges resulted in NSF fees as I was not aware of them until it was too late. I have blocked my card and my bank has temporarily credited me for the charges and fees pending an investigation. I will be forwarding them a copy of the letter. This was a major PITA for me!
Agree, all that example stated was that if MW has that kind of corporate culture (lie, hide info, avoid the problems) then this would be bound to happen. And if that was the case the IT department and directors need a serious shake up.
If this was a big international company you would have seen resignations from the board and management by now.
Although the departure of the CIO on July 25th is a bit suspiciuos
I still have a few doubts that they are taking the matters seriously. Their first issue is storing CCV numbers in their database. This is a no-no in the PCI world.
Also their website still seems pretty insecure, as even their forums are to this day running an old outdated version with multiple vulnerabilities. (just check the stock phpbb changelog on the midwest site, and compare their running version to issues on google.) So should they get our business back? I know they are not getting mine. This whole incident was handled very poorly. At least Austin Homebrew when they were hacked fessed up right away, and fixed all their systems.
Also their website still seems pretty insecure, as even their forums are to this day running an old outdated version with multiple vulnerabilities. (just check the stock phpbb changelog on the midwest site, and compare their running version to issues on google.) So should they get our business back? I know they are not getting mine. This whole incident was handled very poorly. At least Austin Homebrew when they were hacked fessed up right away, and fixed all their systems.
- Joined
- Feb 12, 2013
- Messages
- 93
- Reaction score
- 5
I have a question, which vendors are alternatives for brewing kits?
Especially if Northern and Midwest have/are merged?
Especially if Northern and Midwest have/are merged?
Austin Homebrew
Additionally, I have used high gravity brew:
http://www.highgravitybrew.com/productcart/pc/Homebrew-Ingredient-Kits-c66.htm
Fuzzymittenbrewing
Well-Known Member
- Joined
- Jun 22, 2013
- Messages
- 4,123
- Reaction score
- 1,268
Morebeer.com
I read through this post and the original post started back in the beginning of July and I am a little lost. I cant find a single post in the last thread where they said flat out that it was not them. The last post in that thread they made was about there third party investigation and said it was still ongoing. They have also said that they don't store your complete cc info on there server only the last 4 digits and expiration date, and you can opt out of that. They also stated in the first post here that the info was captured at the time of the transaction. To me this says that there was some sort of malicious software in there network capturing the info and sending it to the hacker. I have never purchased anything from them but reading all this would not keep me from doing so in the future. To me some of these posts look like those advertisements you see around election time if you know what I mean.
if you got NSF fees it must have been debit. I would advise against using debit, especially online because of things like this. It can tie up funds you need or don't even have. Not to mention debit liability is different from credit. At least on credit you have time to dispute and resolve the charges before you would be out any money.
Bluelinebrewer
Well-Known Member
Fuzzymittenbrewing
Well-Known Member
- Joined
- Jun 22, 2013
- Messages
- 4,123
- Reaction score
- 1,268
Aka: backtracking
Bluelinebrewer
Well-Known Member
That post was on 07/09, and that's the last we hear from Midwest until 09/02. However, in their notice to the NH AG's Office, they acknowledge that they knew about the compromise "for sure" on 08/22, and state that they received preliminary information about a possible compromise on 07/19... But wait, they posted on 07/09 that they "didn't think" it was them...
I think everyone's pissed at MWS because instead of just coming right out and saying, "Oh $hit, we might have a problem here" they blew smoke up everyone's kilts and said they didn't think it was them. Just my 2 cents though.
Similar threads
