A New Angle: Angling Direct Breach Cripples Retailer for Days!

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

A British fishing retailer’s site has been hijacked & redirected to Pornhub.

A phishing attack ‘par excellence’ perhaps?

The UK’s largest fishing retailer, Angling Direct, experienced a system breach on Nov. 5 that resulted in their domain being redirected to Pornhub. A new ‘Angle’ on cyber-breaches maybe, but days later the site was still down & the extent of the damage to the company’s operation remains unclear — not remotely funny.

Social Media

Also not funny: The adversaries took to the company’s social media to mount a phishing campaign.

Apparently, the attackers obtained login credentials for its Twitter & other social-media accounts, since the hackers were able to alert them, & their customers, to the breach through a Nov. 7 tweet from the Angling Direct feed.

Twitter

1st, the @anglingdirect Twitter feed announced falsely that the fishing gear seller was sold to Mind Geek, the company behind Pornhub, adding that Angling Direct customers were entitled to a free subscription to the adult site!

“Our site has been sold to Mind Geek the founders of Pornhub.

Your data has already been transferred & PornHub premium will be available for your account for a period of 1 year.

Register with our email & you’ll automatically be assigned with premium.

— Angling Direct (@anglingdirect) November 7, 2021

Free Porn Seems ‘Very Phishy’

Followers of the Angling Direct account worked out quickly that the company had been breached.

A few minutes later the hackers sent another tweet announcing their takeover, but the message didn’t make any specific demands for ransom, so what they want in return for the stolen data is unclear.

“For the admin:

If contact shelled to be established to us at hackercontact@anglingdirect.co.uk

We will return the information & access to you.
Otherwise we will automatically remove from our system in 31 days.

Thanks

MASTER

— Angling Direct (@anglingdirect) November 7, 2021

Statement

Besides inspiring Twitter punsters to use phishing, lures, bait, dangling v. Angling & more, the breach forced the Stock Exchange-traded company to put out an official statement on Nov. 8 acknowledging the incident. It’s unclear exactly what kind of an attack it was.

“This unauthorised activity shut down the company’s websites & these remain inactive,” the Angling Direct statement read. “Some of the company’s social-media accounts have also been compromised.

Specialists

The Board has appointed external cyber-security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online, while our 39 retail stores across the UK have remained open & continue to trade.”

As of early Nov. 9, the main site was still down. Later, an Angling Direct spokesperson explained,

“Just to follow up here – we can confirm after engaging with our advisers & providers we have managed to take back control of our website. The rollout will take some time to flow through in all areas, but the process is underway.”

Personal Data

Angling Direct revealed in its statement that both police & regulators have been alerted to the breach & potential exposure of personal data.

“We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data, but we will inform any individuals in line with our regulatory obligations should there be a need to do so,” the statement commented.

“Importantly, the company does not hold any customer financial data as our website transactions are handled by 3rd parties.”

Angling Direct’s share price has dropped since the compromise, priced on Nov. 4 at 69.89, according to the Stock Exchange, & as of Nov. 9, days into the breach, the shares are trading at 61.74.

Virtual Conference November 2021

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds