Security News > 2022 > February > Warning: Popular e-cigarette store hacked to steal credit cards
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked.
With its presence across the U.S. and Canada, Element Vape sells e-cigarettes, vaping devices, e-liquids, and CBD products in both retail outlets and on their online store.
Vaping site pulls in JavaScript to skim credit cards.
Element Vape's website is loading a malicious JavaScript file from a third-party website that appears to contain a credit card stealer, as seen by BleepingComputer.
Despite supposedly being "One of the world's largest online Vape retailers" of e-cigarettes across retail stores and online, not much is readily known about Element Vape.
BleepingComputer has notified Element Vape of the issue via its Zendesk support site, which at the time of our analysis, did not appear to contain the malicious script.