Security News > 2022 > February > Stop vaping: Major e-cigarette store hacked to steal credit cards
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked.
With its presence across the U.S. and Canada, Element Vape sells e-cigarettes, vaping devices, e-liquids, and CBD products in both retail outlets and on their online store.
Vaping site pulls in JavaScript to skim credit cards.
Element Vape's website is loading a malicious JavaScript file from a third-party website that appears to contain a credit card stealer, as seen by BleepingComputer.
Following this event, Illinois-based consumer Artur Tyksinski sued Element Vape alleging that the vaping retailer "Failed to timely notify affected individuals of the data breach" and didn't have adequate procedures in place to prevent unauthorized access to customers' confidential information.
Last year, the company partnered with PUDO Inc. to make its e-cigarettes and vaping goods available for "Pick-up" across Canada's PUDOpoint Counters.