Last Updated: September 1, 2025

⚠️ IMPORTANT — Global Security Advisory & Possible Credit Card Breach

We recently became aware of reports of unauthorized charges that may have affected certain Private Tabs user accounts and payment details. As of September 3, 2025, a total of 18 customers have informed us that they observed unauthorized transactions on credit cards stored within Private Tabs.


What We Know So Far

  • Reports involve credit card numbers manually entered into the “Credit Card” and “Notes” fields inside Private Tabs.
  • These fields are encrypted, but they are free-text fields (meaning you can enter any data you choose).
  • At this time, we have no confirmed evidence that Private Tabs was breached.
  • Card providers reported by customers include Slash, Bill, Global Rewards, and Capital One.
  • We received one report involving a Private Card, but all other reports relate to card data manually stored in text fields.
  • Secondary Private Cards (and tokenized cards) appear unaffected.
  • All impacted accounts reported to us had not enabled Two-Factor Authentication (2FA).


WATCH THE LATEST SECURITY UPDATE VIDEO FROM JASON


🔒 Immediate Actions We Have Taken To Help Protect You!


  • Masked & Deleted All Full Credit Card Numbers – All stored cards in Private Tabs have been updated to display only the last 4 digits. Full card numbers have been permanently deleted from our database, going beyond simple encryption.

  • UI Restricted to 4 Digits for Non–Private Cards  – The credit card text field has been updated to allow only the last 4 digits of non–Private Cards to be stored. Full card numbers can no longer be entered. 

  • Independent Security Audit – We have engaged a third-party security firm to perform a full review of our systems and provide recommendations.

  • Two-Factor Authentication (2FA) Enforcement – 2FA has been activated by default for all accounts. Currently, users may disable this, but we are evaluating whether to enforce mandatory 2FA for all users moving forward.


🚨  NEXT STEPS: TO PROTECT YOURSELF AND YOUR CARDS

We strongly recommend you complete the steps below. Even if you have not observed fraud, following these steps will help secure your accounts and prevent future issues.



STEP 1 – Confirm 2FA Is Enabled in Private Tabs
Go to Settings → Security → Enable 2FA for your Private Tabs login.
Never forward 2FA codes to shared inboxes — anyone with access could log in to your account.


STEP 2 – Watch for Unexpected Logout Prompts
 If someone else attempts to log in, you may receive a prompt or be logged out.

• If this happens, do not approve the login. Immediately change your password and verify your account security.


STEP 3 – Refresh All Credit Cards Stored in Private Tabs & Report
• If you use virtual credit cards from a third-party provider, log in to that provider directly.

• Cancel and recreate cards. Review and report any suspicious transactions.

• Even if no fraud has appeared, we recommend contacting your card provider and notifying them.


STEP 4 – Reset Profile Passwords and Enable Marketplace 2FA
• Change all stored account passwords to strong, unique passwords.

• Enable 2FA wherever available (email, marketplaces, financial services, etc.).


PLEASE CLICK THE GREEN BUTTON AND COMPLETE THE SURVEY
THIS WILL LET US KNOW IF YOU HAVE ANY FRAUD CHARGES OR OTHER SECURITY QUESTIONS


PLEASE CLICK HERE – REPORT ANY ISSUES OF FRAUD AND SELECT YOUR SECURITY OPTIONS

Even if you were not impacted, we still need you to complete the survey to
provide feedback on your preferences and security needs.

🔒 What We’ve Done to Support You EVEN MORE

We’re also making it easier to stay informed, get help, and resolve issues quickly.



📨 Better Communication

  • New “Updates” Bar in Private Tabs – Important status messages now appear directly inside Private Tabs when you log in, so you never miss a critical notice
    .
  • System Status Page status.privatetabs.com provides real-time visibility into outages or service issues.

  • Private Updates & Feature Requests – Roadmaps, features, and videos are now securely accessible only inside Private Tabs, keeping sensitive updates private.



🤝 Better Support

  • Instant Remote Assist – Our support team can securely request one-click screen sharing to resolve issues faster.

  • “Drop In” Account Manager Access – Connect instantly with your account manager or team via live video chat — no need to schedule a meeting first.  Just visit our support team page, click the person you want to talk to and "drop in" on a live video call! If they are their desk you will see a icon called "drop in" just click to instantly start talking.

  • Tiered Support Levels

Always Ready AI Agents During Non-Business Hour :  24/7 AI-powered phone support for immediate help - fully trained on Private Tabs powered by GetVoiceBot.com

Dedicated Customer Service Agents :  These folks are always ready to answer the call, they don't actually solve the issue.  Rather they take your info and fwd it to the support team.  This way someone always picks up during business hours and if it's a simple question they can quickly answer it. 

Dedicated Support "Solvers":  These folks jobs are to spend as much time as needed with you on the phone or over live chat to help solve your issue.  Previously people where going to voicemail because everyone was a dedicated support "solver" so if everyone was busy no one was answering the phone or live chat.  That is no longer the case. 

A Note from the Founder, Jason — A Personal Commitment to “Do Better”
I hear you. I want to return every call and build a personal relationship with every customer — but with thousands of users and other commitments, that’s not always possible. My responsibility is to make sure you get the support you need when you need it, while also ensuring our software continues to run smoothly and evolve with new features. I do my best to balance it all, but I know there are times I’ve dropped the ball — and for that, I’m sorry.


That’s why we’ve built a strong support team and new tools designed to earn your trust and respond quickly. Reach out anytime Monday–Friday, 9 AM–4 PM Central at 414-326-4100 x1, or use our new “Drop In” feature for instant support.


My promise is simple: we’re listening, we’re improving, and we will continue to do better.


Thank you for trusting your business with us.
— Jason

🚀 FUTURE PLANED SECURITY ENHANCEMENTS by Sept 30, 2025

  • The TM password field fix so it auto-completes your 2FA codes again! 
  • Enforce strong, unique passwords with rotation rules.
  • Add “dark web” monitoring via HaveIBeenPwned checks on stored emails.
  • Migrate sensitive data to PCI-compliant tokenization via VGS.
  • Require 2FA prompts before autofill on passwords or credit cards.
  • Introduce idle timeouts (15 min inactivity = re-authenticate).
  • Rotate AWS access to only allow business VPN IPs.
  • Force password resets every 30 days.

    Plus much more, hang in there as we keep innovating and lead the charge with you!


Disclaimers : This advisory is intended solely to provide information and guidance to customers. It does not confirm that any specific customer’s information was compromised.  This notice, as well as any linked videos, sub-pages, or external references, shall not be interpreted as an admission of liability, compromise, or wrongdoing by Smart Innovations, LLC. Customers remain responsible for securing their accounts in line with our Terms of Service.



📞 Questions or Concerns?

If you have questions about this advisory, please contact us:


Private Tabs

Email: support@privatetabs.com

Phone: 414-326-4100 x 1