Weavium.com hacked?

I received a notification from PayPal that @weavium (Weavium) issued me a $5 credit if spent at Weavium.com, yet when I went to Weavium.com, the site is no longer a secure site.

Has Weavium.com been hacked? I’ve bought stacks from @weavium so it’s likely @weavium would have information that I utilize PayPal.

Just feels odd. I made a similar post on @weavium’s Black Friday post, but the more I think about this the more alarm bells ring. Maybe this started with a @cartloom hack so @yabdab should review as well?

This $5 credit thing seems like something that should have been part of the Black Friday sale, and now feels like a lure.

I recieved a similar paypal offer from a different vendor, if you purchase the item by a certain date you will get an additional $5 discount. Looks like another way to entice you to buy.

There is no “hack” with Cartloom.
Cartloom has 0 to do with the hosting and security of Weavium.com

Not sure why that was even put out there?


True, why post 2 similar replies on the board re: the site being hacked? Why not create a thread asking if any one has received a PayPal promotion instead of scaring possible customers?


I don’t know why you think the links you’re giving in both posts about this is insecure?

They redirect to https.

And you really need not post twice about the same thing.

If you got something from PayPal then I would think your questions are for PayPal. If you used them to pay with they know who you made purchases from. Perhaps it a PayPal promotion.

BTW, cartloom and Weavem I doubt keep any of your payment information PayPal or other payment gateways are the only ones that get access to that.


@weavium processes sales through Cartloom, and the transaction begins with collecting an email address.

I purchase @weavium software titles through PayPal via Cartloom transactions. When I went to Weavium.com via my phone, it shows the site as not secure.

The common denominator connecting all these events is my email address–that was first collected by Cartloom.

Maybe this isn’t a problem. I don’t know.

Maybe it is a problem. I don’t know that either, that’s why I posted here because the RapidWeaver Forum is where I get answers, though not always.

Who sent you the message? You said PayPal. Who knows your email address and who you’ve been purchasing from? PayPal…


For everyone reading this thread now and in the future, let me assure you that this has nothing to do with Cartloom. It is not even possible for Cartloom.com to effect the SSL certificate of another site. Web hosting and SSL certificates do not work this way. It’s just not possible.

I am still baffled as to why Cartloom was pulled into this thread.


I have just visited Weavium using Chrome, the most pernickety of browsers, and it gives no indication that there is anything insecure with the site.

1 Like

If a site comes-up with a browsers “Not Secure” warning doesn’t mean the site has been hacked. It just means the URL isn’t using SSL or isn’t’ forcing an https connection.

I was unable to get a non-secure connection to the link provided above. But even if I could it has nothing to do with being hacked!!!

Not sure why you would think one thing leads to another in this case.

Could you have gotten a scam email? Happens all the time. You said it was from PayPal. Did you ask PayPal? Did you ask them was Paypal.com Hacked?


weavium.com does not redirect http to https - probably an over-site.

So if you get there from a link http://weavium.com it will come up as insecure. If you get there from a link https://weavium.com it will show as secure.

As pointed out, this has nothing to do with Cartloom and in no way indicated Weavium has been ‘hacked’ although they should fix this issue.


Redirects fine for me Safari, Chrome, Edge and Firefox:


Interesting - it redirects fine on desktop but not on iOS:

Also redirects to https for me on a variety of browsers (and as many others have said, would just mean an insecure site, not a ‘hacked’ one)

The Paypal $5 deal is a PayPal one not a Weavium one (if its like many others they have run) - check with PayPal


I’m seeing a similar situation with a site which I was just about to provide with some information about a personal matter, this site also tries to collect personal information like email addresses and invites you to upload images or documents - but at the last moment realised that the site isn’t secure at all. Maybe thats been hacked too?


1 Like

No, just not secured. I’m in the process of moving to @barchard/chillidog for secure hosting.

1 Like


So if every site that doesn’t use SSL somehow indicates it has been hacked and you should stay away from them, that means that sites that use SSL haven’t been hacked?

Better forget about using stacks anymore as the YourHead site must have been hacked.

The reality is that most of the positively bad sites use SSL, the ones that want your private information. After all, it’s free now and the last thing they want is a warning telling you that the site is not secure.

The only thing that is “Not Secure” when you get that warning is the connection from the host to the client. It has nothing to do with the security of the company or individual that owns the site.


Redirects fine on my iphone.

My results:

http://weavium.com does redirect to HTTPS.

http://www.weavium.com does not.

1 Like

Hi all,

No need to worry. Weavium has not been hacked. Paypal suggested a way to recover lost sales and out of curiosity I clicked on the button. :blush: I believe for some reason the url on paypal was set to http instead of https, which has since been updated.

Sorry for any confusion that may have been caused.