Malicious hackers breached the computer systems of the UK’s largest fishing gear store, redirecting customers from its online store to an X-rated website.
Angling Direct, which in addition to selling fishing equipment online has some 40 stores across the country, announced on the London Stock Exchange that it detected for the first time an unauthorized activity on its network “late Friday, November 5, 2021”.
Missing an obvious opportunity to label hackers as “very sophisticated,” Angling Direct said he did not believe intruders had accessed clients’ financial details:
This unauthorized activity has shut down the Company’s websites and they remain inactive. Some of the company’s social media accounts have also been compromised. The Council has appointed outside cybersecurity specialists whose investigations are underway to establish what happened. Work continues around the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade.
As a precautionary measure, the Company has notified relevant regulators and law enforcement agencies, including the Office of the Information Commissioner in the United Kingdom. We are aware of our data obligations; it is still too early to comment on the impact this incident has had on personal data, but we will notify anyone in accordance with our regulatory obligations if this proves necessary. It is important to note that the Company does not hold any financial data from clients as our website transactions are processed by third parties.
Visitors to the Angling Direct website are currently greeted with a waiting page “We will be back soon”.
But just yesterday, the site was still directing visitors to PornHub.
– Kylxn (@kylan_humber) November 6, 2021
This is not the kind of gear that anglers were looking for, I guess …
Meanwhile, the parents posted on twitter on the effect that hacking could have on their innocent children.
Meanwhile, Angling Direct’s own Twitter account was hijacked by attackers on Sunday night, who joked that the company had been sold to MindGeek (the owners of PornHub) and that Angling Direct customers could ” sign up for a free premium PornHub account.
A subsequent tweet from the hackers of the hacked account invited the Angling Direct IT team to get in touch if they wanted to recover their data and restore access to the company’s DNS records.
Guess the hackers took advantage of Angling Direct’s sloppy security, which allowed them to hijack social media accounts, redirect website visitors to a pornographic website, and intercept incoming emails. in the business.
Obviously, the company’s DNS records and social media accounts weren’t properly secured – maybe they could even have reused passwords and not enabled two-factor authentication?
We are in 2021, for cod hake. We should be doing better than that.
Did you find this article interesting ? Follow Graham Cluley on Twitter to learn more about the exclusive content we publish.