“KandyPens” Has Leaked Full Customer Credit Card Details

  • All purchases made between March 2019 and February 2020 on “KandyPens” come with a risk of credit card exposure.
  • Clients had their details scrapped by Magecart malicious actors, including names, expiration dates, and CVVs.
  • The company isn’t offering protection services, so it’s up to the customers to take the appropriate action now.

If you have bought a vaping pen or an accessory from the online store of the “KandyPens,” you may have had your full credit card details stolen by Magecart malicious actors. The vaporizer products manufacturer and retailer has just informed the California State General Attorney Office of a data breach that could potentially have dire consequences for an undisclosed number of individuals. The company realized that someone had planted a card skimmer on its checkout page in January 2020, and immediately hired a forensic investigator to find out what was going on.

KandyPens reports that purchases made between March 7, 2019, and February 13, 2020, may have resulted in the loss of credit and debit card data. More specifically, the information that may have been stolen by the malicious actors includes the clients’ name, their credit or debit card number, the expiration date, and the security code/verification number (CVV). There’s literally nothing else that one would need to make online purchases by using another person’s card, so this exposure is considered entirely disastrous.

For this reason, the exposed individuals are advised to closely monitor their bank account activity, review their statements, review their purchase history, and report anything that they don’t recognize to their card issuer. The sooner a suspicious activity is reported, the better the chances of having it reversed. Unfortunately, KandyPens isn’t offering a free-of-charge identity protection service for its clients, although their negligence will cause great troubles to them now. We understand that the cost of these services is high, but this is the only way to retain whatever trust is left between a company and its compromised clients.

The vaporizer seller is instead urging its customers to call them at “1-833-968-1687” to address whatever questions they may have in regards to the incident. As for what you can do to avoid this type of event in the future, you should favor electronic payment methods or cash with “pay on delivery” if this is an option. If there’s no other way to pay than using your credit or debit card, ask your bank to activate OTP (one-time passwords) for this kind of payment, so you can confirm them by using your phone every time. Thankfully, phone numbers haven’t been exposed this time, so you can at least stay clear from SIM-swappers.



U.S. Lawmakers Submitted Law Proposal to Help Consumers Cancel Their Subscriptions

American Senators prepare a new law that would help make unsubscribing easier.Too many companies currently exploit the gap in the legislation, engaging...

Support for Old GPRS-Era Encryption Standard Creates Security Issues on Modern Smartphones

Several new models of smartphones still support old network encryption standards from decades ago.This creates a set of problems as there’s a...

Scammers Are Now Sending Fake Ledger USB Devices Over Post Mail

Ledger phishing campaigns are getting increasingly sophisticated and elaborate, as Reddit users report.Some people report receiving “Nano X” replacements via post mail,...