Enjoy our roundup of stories that piqued our interest this week.

This week we tackle the following:

  • Juul Suspends Selling Most E-Cigarette Flavors in Stores - Juul will restrict sales of nearly all its flavored pods to the internet, and stop most social media promotion to combat youth vaping, bowing to government and public pressure.
  • Blu E-Cigarettes Will Make Changes To Reduce Teen Vaping - Blu reads the tea leaves and and adds age verification technology
  • Insecure Server Puts Two-Factor, Password Data of Millions at Risk - The risks of placing personal information on the web continues to be risky
  • IRS Failed to Track 11,000 Breached Social Security Numbers for Tax Fraud - The tax agency also failed to review another 15,000 breached ID numbers 

Joshua Bright for The New York Times

Age ID

Facing mounting government pressure and a public backlash over an epidemic of teenage vaping, Juul Labs announced on Tuesday that it would suspend sales of most of its flavored e-cigarette pods in retail stores and would discontinue its social media promotions.

The decision by the San Francisco-based company, which has more than 70 percent of the e-cigarette market share in the United States, is the most significant sign of retrenchment by an industry that set out to offer devices to help smokers quit but now shoulders blame for a new public health problem: nicotine addiction among nonsmoking teens.

Juul Suspends Selling Most E-Cigarette Flavors in Stores


Age ID

According to CNBC, the manufacturer of Blu e-cigarettes plans to raise the minimum age requirement to 21 to buy vape pods in the U.S. The company's CEO told the media outlet that it might also require online retailers to use age verification technology in order to stop minors from purchasing its products.

To the left is a longer story on the overall FDA issue from PBS. 

Blu E-Cigarettes Will Make Changes To Reduce Teen Vaping


Retail ID

Two-factor authentication (2FA) can be one of the best ways of securing your data; that is, unless the codes are kept on an insecure server, leaving millions of password-reset links, cell phone numbers, text message contents, and two-factor codes easily searchable and readable.

That's what Sébastien Kaul, a Berlin-based security researcher, discovered on a Voxox server, TechCrunch reports. Using Shodan, a database search engine, Kaul found that the Voxox server was wide open—no password required—and easily searchable.

Insecure Server Puts Two-Factor, Password Data of Millions at Risk

J. DAVID AKE/AP FILE PHOTO

Law ID

The IRS failed to add more than 11,000 compromised Social Security numbers to a list it uses to help protect taxpayers from identity theft, according to an audit this month from the Treasury Department’s internal watchdog.

Fraudsters used 79 of those Social Security numbers to file phony tax returns in an effort to receive ill-gotten refunds during the 2016 and 2017 tax years, Treasury’s inspector general found.

IRS Failed to Track 11,000 Breached Social Security Numbers for Tax Fraud