Midwest Supplies

Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
DrHops said:
As far as Bobby M getting attacked, I've been doing business with him for years and will continue doing so, as someone else already mentioned, he's also a homebrewer who has helped 100's of people on this forum with both his great advice and great products, I have improved my homebrew with both.
Click to expand...

I don't think Bobby's site was hacked. I think his card was also compromised. Either way Bobby is a stand up guy, and I find it hard to believe he's bashing MWS to further his business. As its been stated before, the overlap is so small.
 
I got hit with fraudulent charges as well on my Amex used online at MW on 6/28. Based on this thread, i checked my account this morning and fraudulent charges started yesterday. Luckily AmEx is great and I have a new card on the way.
 
sfgoat said:
It's actually extremely difficult to compromise an encrypted web server.
Click to expand...

For someone with any experience at all with computer security, you have an incredibly narrow viewpoint.

You're correct in that breaking the encryption used in web traffic is extremely difficult. So difficult and time consuming that it's almost never done. However, the credit card information doesn't simply disappear when it hits the web server. It has to get stored somewhere, even if it's temporarily. Is the filesystem that the information is stored on encrypted? Seriously doubt it. Is the database that the information stored in encrypted? Doubt that too. What kind of security protocols are in place to make sure no one can access the server from the inside? Surely you know that 80%+ of cyber attacks are done from the inside of a network, right?

I used to work for a startup that accepted credit card transactions on the web. After I started working, I was poking around on the web server. I found a plain text file containing the credit card number, name, and expiration date of every single credit card ever entered on the web site by anyone since it opened.

The servers hadn't been patched in over a year. Dozens of vulnerable services were running. The firewall was stateless (easily hacked).

But the SSL encryption? Solid as a rock.

All the security talk aside, all it takes is one dishonest employee to bypass literally every security protocol you will find at an online retailer.

I also had a credit card issue after buying from Midwest. At some point you have to start believing in coincidences.
 
That's why I keep saying Get paypal! Use paypal. Don't use anything but paypal. I've never had a problem with paypal anywhere it's offered that I shop I use it without question. Never a problem with paypal. Do I need to say it again???!!:drunk:
 
unionrdr said:
That's why I keep saying Get paypal! Use paypal. Don't use anything but paypal. I've never had a problem with paypal anywhere it's offered that I shop I use it without question. Never a problem with paypal. Do I need to say it again???!!:drunk:
Click to expand...

http://www.paypalsucks.com/

That being said, I still use them. But I absolutely do not ever allow them to withdraw funds from my bank account and I NEVER keep a balance with them.
 
I don't keep balances,& they're allowed only that one hit from the 3 different local banks I've ever used. Nobody gets more than one hit from a business. Now if they go to a store or the like,that's different. Stores are really bad for storing numbers for a week or more before turning them in for payment. Stupid thing for them to do,in my opinion. That's just begging for trouble.
 
LovesIPA said:
I also had a credit card issue after buying from Midwest. At some point you have to start believing in coincidences.
Click to expand...

Just got my replacement card today after getting fraudulent charges yesterday (gotta love Amex). Purchased from Midwest for their as is pin lock keg special.
 
My card got compromised around the 4th of July, then my new card got compromised two weeks later. I emailed Midwest and told them I'm taking my business elsewhere because they can't secure their website. Any thoughts on how Austin Home Brew or More Beer is?
 
...and yet somehow, I'm still unscathed by the massive credit card fraud ring preying on Midwest's supposed negligence. Why don't they like me? Is my card not good enough?
 
Ordered through Midwest again two weeks ago. My order shipped the day after I placed it, it was delivered a day early, and all items were carefully packaged and intact. The rewards program they had also offset the cost of the shipping. I have 0 complaint against these guys, I've used them time and time again, and will continue to as their prices are pretty darn good.
 
I might be a new member, but I am not new to this forum, I have been lurking for a long time, and this is the first time I thought I would throw in my 2 cents.

I just wanted to add my name to the list of credit card fraud victims. I have had 2 cards come up with fraud on them. The first card was a debit card that I almost never used. The only places I made purchases from were Home Depot (in-store), Westlakes (in-store) and Midwest Supplies. The fraudulent charges showed up on July 5th, about a month after my Midwest Supplies order. I didn't think to much of it, until I had another card with fraudulent charges show up on it on August 6th, after another order from Midwest Supplies. After speaking with the credit card fraud dept, I asked if they receive information or updates on massive credit breaches at large companies, ie. Home Depot, Westlakes etc. She told me that neither had, had a breach and that in store transactions generally are not where credit card fraud comes from. That only leaves Midwest Supplies as a likely culprit.

This led me to do a quick Google search on the topic, and low and behold a thread on homebrewtalk.com all about it. I am not a big believer in coincidence. Especially after seeing so many other people with the same issue.

I have to admit, I am really sad and frustrated. It is like having a girlfriend cheat on you. I love Midwest and their kits, customer service has always been second to none, but I find it seriously hard to trust ordering from them.

I think I will look into the Paypal idea for sure. Or just start ordering from another HB or my LHBS. Or maybe it is time to switch to ordering bulk grains and milling myself.
 
Has anyone totaled up the number of people on this thread with fraudulent charges possibly connected in someway to Midwest Supplies transactions? I would love to know the number of people whose cards were comprimised, but dont have the time to go back through all the pages. Perhaps we should start keeping count.
 
I'm glad to hear they seem to be getting back on track. The last order I placed was a few days before everyone started having the credit card issues. The biggest portion of the grains didn't get packed, even though the packing list said they were. When they shipped the grains they exploded all over a UPS truck. The final shipment barely made it intact, but did get to me. Then they refunded the excessive shipping amount. It's accurate for what the carriers charge, but not in line with what other suppliers charge.
 
Taking personal shots at someone who disagrees with you doesn't strengthen your position. It makes you look petty, even in the eyes of the people who agree with you.
 
This thread is silly and should be closed. Credit card fraud is extremely common, especially among people who use the internet. Everyone on this thread uses the internet. Everyone in this thread is a homebrewer, which means they already have a much higher likelihood of having shopped at Midwest than the general population. Finally, the vast majority of people who shop on Midwest use credit cards. There are bound to be plenty of people who have shopped at midwest and also experienced credit card fraud, simply by general probability.

So far as I can tell, nobody has been able to link any fraudulent transactions to Midwest in any way more substantial than vague coincidence. It's stupid and unfair to drag a reputable, upstanding company (and proprietor), who is following all the required precautions to keep their customers safe, through the mud with basically no evidence. This is pointless and should stop.
 
daksin said:
This thread is silly and should be closed. Credit card fraud is extremely common, especially among people who use the internet. Everyone on this thread uses the internet. Everyone in this thread is a homebrewer, which means they already have a much higher likelihood of having shopped at Midwest than the general population. Finally, the vast majority of people who shop on Midwest use credit cards. There are bound to be plenty of people who have shopped at midwest and also experienced credit card fraud, simply by general probability.

So far as I can tell, nobody has been able to link any fraudulent transactions to Midwest in any way more substantial than vague coincidence. It's stupid and unfair to drag a reputable, upstanding company (and proprietor), who is following all the required precautions to keep their customers safe, through the mud with basically no evidence. This is pointless and should stop.
Click to expand...

Despite all the joking around and arguments, I am glad this thread was posted here. I've had to deal with fraud cases before and one had a huge domino effect I don't care to experience again. I can't take the risk even if there is no solid proof. It's like walking up to a sign that says mine field and there are bodies all around it. You don't know how they died but you have a pretty good idea of what might have happened.

As far as Midwest being reputable, upstanding, and whatnot...that's really not the point. Whether it is a result of their negligence or not, the end result is still the same for me if I have to cancel a card. Furthermore they aren't my old high school buddies, they're not even my in-laws. They are a business, and there are plenty of other businesses out there that aren't getting this attention.
 
I don't understand why if Midwest have paypal, people are still using a CC? It takes all of 10 minutes to setup your paypal account linked to your CC. Saying that I did get hit through my paypal account once, but I only noticed it because I was looking through my charges and saw a reversal from paypal and thought WTF, then a day or so before the reversal there was a charge for the same amount - paypal caught it and did what they had to do without me having to kick up a fuss.
 
Teromous said:
It's like walking up to a sign that says mine field and there are bodies all around it. You don't know how they died but you have a pretty good idea of what might have happened.
Click to expand...

Yes, it's exactly like that.

In fact, you should probably cut up all your cards now, destroy your computer and cellphone, and adopt a strict cash-only policy. Better yet, just barter for what you need.
 
Could that be a point we had in mind when we made the op. Could be. We have found other ways to get our supplies.
More people are having problems so wherever the breach is its NOT fixed yet. That tells me there must be a lot of finger pointing and no one cares about the card holders.
 
I'm both shocked and amazed that more HBT members that shop at MW have been victims of CC fraud since April. It's almost as if this is an epidemic in our society or something.

So, how much in actual dollars have you permanently lost due to MW's supposed negligence?
 
Shakybones said:
Yes, it's exactly like that.

In fact, you should probably cut up all your cards now, destroy your computer and cellphone, and adopt a strict cash-only policy. Better yet, just barter for what you need.
Click to expand...

You could be an extremist, or you could simply order from one of the many sources that aren't having problems.
 
I like Midwest. They're my sole online homebrew supplier and continue to be. That doesn't change the fact that out of my entire circle of friends who shop online on a regular basis, only two have had their credit card information compromised: the two home brewers who shop at Midwest. Both of us also had similar charges against our accounts. Lets take a poll. How many people who were compromised had a $1 charge from "Apple," "iTunes," or "Payroll?" I'm still going to shop with Midwest (via paypal) because they are a great company but that doesn't change the fact that I'm going to believe that this came from a breach in their website. All of the people who said this happened said it was the first week of July and the first week of August. No other days. That's also too coincidental.
 
daksin said:
This thread is silly and should be closed. Credit card fraud is extremely common, especially among people who use the internet. Everyone on this thread uses the internet. Everyone in this thread is a homebrewer, which means they already have a much higher likelihood of having shopped at Midwest than the general population. Finally, the vast majority of people who shop on Midwest use credit cards. There are bound to be plenty of people who have shopped at midwest and also experienced credit card fraud, simply by general probability.

So far as I can tell, nobody has been able to link any fraudulent transactions to Midwest in any way more substantial than vague coincidence. It's stupid and unfair to drag a reputable, upstanding company (and proprietor), who is following all the required precautions to keep their customers safe, through the mud with basically no evidence. This is pointless and should stop.
Click to expand...

According to this logic, there ought to be similar threads for AHS and Northern Brewer as I type this, and they should reoccur rather regularly. Where are they?
 
AZ_IPA said:
There was one a couple years ago from when AHS was allegedly hacked...
Click to expand...

Yes, but that doesn't prove his argument. As I read it, according to him, the rules of probability mean that there will always be an overlap of HBT credit card users, and HBT credit card fraud victims who order from the same site and mistakenly believe that site is responsible.

I suppose maybe it just pops up every couple years when someone makes a post about it? Feasible I suppose. But if this forum isn't a place for folks to talk about this, then where? I think saying it should be closed and that it is simply explained by probability and statistics is wrong on both counts.
 
So I've had my PayPal account hacked 2 times. I've never had a fraudulent charge on my credit card. Nor has even one of the homebrewers I know ever had their CC hacked. I won't shop at Midwest now after 30 people have had the same problem and its still happening. Not worth the trouble.
 
Between the shipping issues, and the fraud charges on my card I won't be shopping there anymore, which is too bad because I enjoyed their kits. But what really gets to me is the pure lack of communication from the vendor. I've sent emails, etc.. and nothing..
 
AZ_IPA said:
There was one a couple years ago from when AHS was allegedly hacked...
Click to expand...

For what it's worth, the folks from Austin came forward on that exact thread and let everyone know that they found the source of the breach (their payment processor) and attempted to make good (a pretty quickly expiring 10% discount, if memory serves - I never took advantage, myself).
 
I'm too lazy to read the entire thread. Can someone please count for me the number of people that have presented proof that Midwest is responsible for the fraud on their credit card?
 
I understand that cards get hacked all of the time and so do websites. I look at my event logs of my sites and I see constants brute force attacks.

What I don't understand it why Midwest hasn't shut down the credit card system for now, or at least changed it. I know it's a big deal to switch, but come on, with all of these stories something is not right. I'd venture to say that the server itself was compromised, since that is the only place that the encrypted data could be read.
 
NervousDad said:
What I don't understand it why Midwest hasn't shut down the credit card system for now, or at least changed it. I know it's a big deal to switch, but come on, with all of these stories something is not right. I'd venture to say that the server itself was compromised, since that is the only place that the encrypted data could be read.
Click to expand...

Because whatever bad publicity this thread might generate hasn't significantly impacted their online business, which is booming right now. MW can barely keep up with the orders they receive now. I doubt this issue has put anything more than a microscopic dent in their sales. The 30 or so disgruntled people in this thread comprise only a tiny fraction of their customer base. If MW isn't hurting for business, they have no motivation to change anything--particularly a major CC system overhaul. OTOH, had this issue come to the attention of a large group of people (i.e., via mainstream media), they would be scrambling to fix it.
 
I think they should get back into this thread with some type of statement and a "feel good" discount. Maybe only 30 people have come forward with an issue but this thread has 14,000 views. I just spent $150 with Northern Brewer that could have gone to Midwest and I'm certain I'm not the only one.
 
the_trout said:
I think they should get back into this thread with some type of statement and a "feel good" discount. Maybe only 30 people have come forward with an issue but this thread has 14,000 views. I just spent $150 with Northern Brewer that could have gone to Midwest and I'm certain I'm not the only one.
Click to expand...

From what I've read NB owns Midwest or vice versa ..
 
Shakybones said:
I'm too lazy to read the entire thread. Can someone please count for me the number of people that have presented proof that Midwest is responsible for the fraud on their credit card?
Click to expand...

If you haven't read the entire thread and the people's stories about their individual cases of fraud, why are you the loudest voice to say that it's mere coincidence? Nobody has claimed that they have proven that its Midwest nor has anyone said that they want something in return for the company. Not many have said that they will never shop there again. Some have even said they will continue to shop at Midwest. But the fact that all the fraud has happened in the same two one week windows and all with similar charges and all on cards that have been stored on Midwest account profiles (while the cards not stored there are fine) makes it too much for coincidence. Read these people's posts before dismissing them as coincidence.
 

Similar threads

heathm922
Heath's New Member Introduction
Replies
1
Views
258
wallyLOZ
wallyLOZ
Gunshowgreg
Pepsi Company, CO2 bottle exchange
Replies
14
Views
889
Gunshowgreg
Gunshowgreg
BeerNsteadofH2O
Mash hopping
Replies
2
Views
762
Tomahawk47
Tomahawk47
J
Pectic Enzyme and what brand yeast to use
Replies
13
Views
572
Johnny2
J
hilljack13
Bottled water only option for now
Replies
28
Views
1K
hotbeer
hotbeer

Latest posts

Back
Top