Midwest Supplies

[mcl]

I see you point about a potential conflict of interest.
However, with all the support and help Bobby_M provides the community I think is public image is very well intact. He is exactly the type of person I like to do business with. Someone we gives back to the community with his experience. He seems to genuinely want to help people and provide them with quality products.

 

[stratslinger]

evrose, I'm just gonna go and point out the fact that the overlap between what BobbyM sells and what MidWest sells is pretty small. And if you're really going to make yourself a note not to deal with BobbyM in the future over his comments here, it's your loss - he's a stand-up guy.

 

[evrose]

I see you point about a potential conflict of interest.
However, with all the support and help Bobby_M provides the community I think is public image is very well intact. He is exactly the type of person I like to do business with. Someone we gives back to the community with his experience. He seems to genuinely want to help people and provide them with quality products.

Fair enough, I'll edit my last comment... but still... being newer here, that's not obvious to me... and my previous point stands. When you're a vendor, you have a different status than that unwashed masses - and that's something one should be careful of.

Anyhow - my point was made I think. Bobby - I'll call a truce. I don't think you were intentionally going out of your way to say bad things about a competitor. Take care.

 

[Dr_Beersgood_Quaffenstein]

Add me to the list as well. All of the fraudulent charges were made on my account between the 2nd and the 5th. I was notified of suspicious activity on my account by my credit card company on Monday and fortunately the larger charge attempts were reversed and or declined. Apparently the fraudulent charges would have racked up to about $1000 if my card company hadnt froze my account. One of the charges was for close to $500 in Sephora, which I had to ask what it is, and is apparently makeup.

 

[scooter1981]

Update on my experience...
SWMBO talked to Discover this morning.
Our account is frozen for 5 - 7 days.
We have new cards coming with new numbers, and our information has to be updated anywhere we have autopay enrolled, which is quite a few places.
They'll apparently do a 90 day investigation to see if they can determine who/when/how/etc the numbers were obtained.

SWMBO is pissed - and it's all my fault for ordering beer stuff.

 

[dgrums]

Add me to the list as well. All of the fraudulent charges were made on my account between the 2nd and the 5th. I was notified of suspicious activity on my account by my credit card company on Monday and fortunately the larger charge attempts were reversed and or declined. Apparently the fraudulent charges would have racked up to about $1000 if my card company hadnt froze my account. One of the charges was for close to $500 in Sephora, which I had to ask what it is, and is apparently makeup.

Mine were all the second to the fifth as well. Was your first charge for like $1 or something really small at Payroll, Apple, iTunes, or SWTOR.com?

 

[dgrums]

Just read through the whole thread and thought I could add to the information here. I got a call Monday morning from Golf Galaxy saying they caught the sale and had it canceled. California IP address with the goods shipped to Delaware. They said the person ordering had my billing information, phone number, and security code. Thus, this couldn't be the result of a card swipe at a store but has to be something online where all of my information is input into the payment authorization. The only online charges I have charged on this card in the past 6 months are Amazon and Midwest Supplies. I love Midwest Supplies and will still continue ordering from them (albeit via PayPal) but its hard not to connect the dots. My brewing partner also posted in this thread and his card was also compromised within days of mine (different banks).

 

[Dr_Beersgood_Quaffenstein]

Mine were all the second to the fifth as well. Was your first charge for like $1 or something really small at Payroll, Apple, iTunes, or SWTOR.com?

Yes. When my credit card company called me they told me there were two suspicious charges for $1.00 for Payroll and something Yahoo related before I got hammered with the larger charges that brought the fraudulent charges to about $1000.

 

[negativereaction]

I am a web developer of various types of sites (including ecommerce sites), and several years ago one of my major ecommerce client sites was hacked using sql injection techniques to eventually gain access to admin tools. They ran off with an absurd number of cc numbers over a several week span before it was noticed; they had hacked one of the processing pages to send the cc data entered into the form as an email to a remote recipient.

So, there does not need to be any magic involved. Once you have a key part of a system breached, you're in and can do ANYTHING you want, and none of it is magical or complex.

 

[njs170]

Add me to the list too. My wife never uses her card and she bought me five kits from Midwest as a present to me and a month later someone was using her card. She never uses it for anything but that one order from Midwest.

I will not order from Midwest again! Plus their shipping rates are horrible!

 

[MikeMSD]

Add me to the list too. My wife never uses her card and she bought me five kits from Midwest as a present to me and a month later someone was using her card. She never uses it for anything but that one order from Midwest.

I will not order from Midwest again! Plus their shipping rates are horrible!

I wouldn't go that far as Midwest is a pretty good company. I'll continue to use them as they have great customer service. I'll probably just use PayPal until they get stuff figured out.

 

[ECUmedford]

I am a web developer of various types of sites (including ecommerce sites), and several years ago one of my major ecommerce client sites was hacked using sql injection techniques to eventually gain access to admin tools. They ran off with an absurd number of cc numbers over a several week span before it was noticed; they had hacked one of the processing pages to send the cc data entered into the form as an email to a remote recipient.

So, there does not need to be any magic involved. Once you have a key part of a system breached, you're in and can do ANYTHING you want, and none of it is magical or complex.

To add to your point....The vast majority of e-commerce sites today are run off of open source software. So once an exploit is found it can be replicated site-to-site pretty quickly. People who are not in the industry may not understand how assimilated web development has become.

Someone asked what we wanted/expected from Midwest. I don't want a thing. I just disagree with their conclusion on 7/8 that mine and my dad's fraudulent charges are not related to our MW purchase.

I want to see an email blast from MW surveying their customer base to find just how wide spread this problem is.

 

[MaxStout]

I'll probably just use PayPal until they get stuff figured out.

I think that is the best take-away point from this whole snafu.

Even though I haven't been hit by this, I have to admit that this thread has made me re-think my online credit card use. Whether it's Midwest, Amazon, Ebay, whatever...going forward, I will now start using PayPal for my purchases. While my CC company has protections in place for this sort of thing, it's just not worth the hassle.

 

[thatjonguy]

I placed an order last week with Midwest via Paypal and it shipped the next day.

Good to see their shipping issues are (hopefully) a thing of the past.

 

[goldenrice]

I ordered from Midwest many times before with great success. However, I placed an order a couple of weeks ago on some components that I needed to have delivered in exactly 8 days. I ordered on a Thursday...the items did not "ship" out until Monday at 6pm....it wasn't even on the UPS truck until Tuesday. Needless to say my items did not come on time. I wrote the company an email about their lack of timeliness shipping items and received no reply. Looks like my money will be spent elsewhere from now on...

 

[mattd2]

To add to your point....The vast majority of e-commerce sites today are run off of open source software. So once an exploit is found it can be replicated site-to-site pretty quickly. People who are not in the industry may not understand how assimilated web development has become.

Someone asked what we wanted/expected from Midwest. I don't want a thing. I just disagree with their conclusion on 7/8 that mine and my dad's fraudulent charges are not related to our MW purchase.

I want to see an email blast from MW surveying their customer base to find just how wide spread this problem is.

So you do want something I get your point though, in situations like this where it is something outside of the companies control that has gone wrong the best thing they can do is give the assurance that they take it seriously. And correct me if I am wrong but it seems like MW was not doing that by ignoring your concerns in the first place!

 

[Shakybones]

I've had 11 successful orders with MW in the past 6 months. Yes, the 50-lb grain bags usually arrive in thoroughly thrashed boxes (well, mostly in...). Still, I've not lost a single grain in shipping. Shipping has always been reasonably prompt, with all orders arriving the next week (I'm in CO, so it's not a huge cross-country trek). The liquid yeast I've ordered has all been still chilled, though I've recently switched to dry because the extra price and effort just isn't worthwhile. The shipping charges are a bit steep, but I'm in the middle of nowhere, so I accept that as the price of doing business.

 

[DrHops]

I'm glad that I stopped using Midwest after their major shipping issues. I got burned several years ago when Austin Homebrew was hacked, the difference between them and Midwest is that the owner admitted the card numbers were stolen, apologized for it, and gave discounts to everyone that it happened to. It's a business, many businesses get hacked every day, it's a fact of life, at least Austin owned up to it and apologized. As far as Bobby M getting attacked, I've been doing business with him for years and will continue doing so, as someone else already mentioned, he's also a homebrewer who has helped 100's of people on this forum with both his great advice and great products, I have improved my homebrew with both.

 

[jkobos]

My Amex was also hit this past Sunday. Mostly online sites, Hulu, GameStop, etc. I ordered for the first time from MW on May 30th this year. Seems like the same attack regardless of whether it was from a MW breach or not. I can't say it's directly connected, but the timing of my card being hit is the same as many on this thread. I do also use that card on amazon which many mention as well. I hope we hear something definitive.

 

[DrunkleJon]

<bad joke> Its a conspiracy. PayPal hacked all these cards so people use it as their only way to buy things online. </bad joke>

I kid. Sites get hacked, cards get stolen. CC numbers get stolen quite often. I wouldn't stop using MW or any other major homebrew supply company solely for the coincedence that several people on a homebrewing site all noticed their cards having been compromised. The time to really worry about it is when a company does not take a report that someone/people who purchased from them have had a compromise seriously and look into their systems for vulnerabilities and do what they can to harden those systems.

 

[BrewingGunner]

As far as Bobby M getting attacked, I've been doing business with him for years and will continue doing so, as someone else already mentioned, he's also a homebrewer who has helped 100's of people on this forum with both his great advice and great products, I have improved my homebrew with both.

I don't think Bobby's site was hacked. I think his card was also compromised. Either way Bobby is a stand up guy, and I find it hard to believe he's bashing MWS to further his business. As its been stated before, the overlap is so small.

 

[ARBrewer]

I got hit with fraudulent charges as well on my Amex used online at MW on 6/28. Based on this thread, i checked my account this morning and fraudulent charges started yesterday. Luckily AmEx is great and I have a new card on the way.

 

[LovesIPA]

It's actually extremely difficult to compromise an encrypted web server.

For someone with any experience at all with computer security, you have an incredibly narrow viewpoint.

You're correct in that breaking the encryption used in web traffic is extremely difficult. So difficult and time consuming that it's almost never done. However, the credit card information doesn't simply disappear when it hits the web server. It has to get stored somewhere, even if it's temporarily. Is the filesystem that the information is stored on encrypted? Seriously doubt it. Is the database that the information stored in encrypted? Doubt that too. What kind of security protocols are in place to make sure no one can access the server from the inside? Surely you know that 80%+ of cyber attacks are done from the inside of a network, right?

I used to work for a startup that accepted credit card transactions on the web. After I started working, I was poking around on the web server. I found a plain text file containing the credit card number, name, and expiration date of every single credit card ever entered on the web site by anyone since it opened.

The servers hadn't been patched in over a year. Dozens of vulnerable services were running. The firewall was stateless (easily hacked).

But the SSL encryption? Solid as a rock.

All the security talk aside, all it takes is one dishonest employee to bypass literally every security protocol you will find at an online retailer.

I also had a credit card issue after buying from Midwest. At some point you have to start believing in coincidences.

 

[unionrdr]

That's why I keep saying Get paypal! Use paypal. Don't use anything but paypal. I've never had a problem with paypal anywhere it's offered that I shop I use it without question. Never a problem with paypal. Do I need to say it again???!!

 

[LovesIPA]

That's why I keep saying Get paypal! Use paypal. Don't use anything but paypal. I've never had a problem with paypal anywhere it's offered that I shop I use it without question. Never a problem with paypal. Do I need to say it again???!!

http://www.paypalsucks.com/

That being said, I still use them. But I absolutely do not ever allow them to withdraw funds from my bank account and I NEVER keep a balance with them.

 

[unionrdr]

I don't keep balances,& they're allowed only that one hit from the 3 different local banks I've ever used. Nobody gets more than one hit from a business. Now if they go to a store or the like,that's different. Stores are really bad for storing numbers for a week or more before turning them in for payment. Stupid thing for them to do,in my opinion. That's just begging for trouble.

 

[427Cobra]

I also had a credit card issue after buying from Midwest. At some point you have to start believing in coincidences.

Just got my replacement card today after getting fraudulent charges yesterday (gotta love Amex). Purchased from Midwest for their as is pin lock keg special.

 

[harritchate]

I ordered with Midwest a month ago and they got me on Monday... problem not yet solved... what a nightmare

 

[wtyoung18]

My card got compromised around the 4th of July, then my new card got compromised two weeks later. I emailed Midwest and told them I'm taking my business elsewhere because they can't secure their website. Any thoughts on how Austin Home Brew or More Beer is?

 

[Shakybones]

...and yet somehow, I'm still unscathed by the massive credit card fraud ring preying on Midwest's supposed negligence. Why don't they like me? Is my card not good enough?