Model Boat Mayhem

Mess Deck: General Section => Chit-Chat => Topic started by: Hagar on October 26, 2010, 09:09:33 pm

Title: Hannants Hacked!
Post by: Hagar on October 26, 2010, 09:09:33 pm
Hi Guys. Long time no see.
Just thought I would pass this along. The model shop Hannants has been hacked. The site is now closed "for maintanance".
If you have registered a credit card with them. Watch you statments and best to cancell your card.

Ian M
Title: Re: Hannants Hacked!
Post by: keef666 on October 27, 2010, 07:57:48 am
Yeah!, had e-mail off them today, and wondering if this is how my card was hacked into! and money stolen.
Title: Re: Hannants Hacked!
Post by: tonyH on October 27, 2010, 05:41:59 pm
Thanks for that Ian. Mucks up the rest of my crew though!

Tony
Title: Re: Hannants Hacked!
Post by: longshanks on October 27, 2010, 09:59:21 pm
Think you got problems!!

I passed on the warning to a mate of mine last night..........tooooo late. Been taken for £2500   >>:-(

How are they allowed to hold card details, surely thats asking for trouble?
Title: Re: Hannants Hacked!
Post by: johno 52-11 on October 27, 2010, 10:38:58 pm


How are they allowed to hold card details, surely thats asking for trouble?

If they had followed the correct PCI (Payment card industry) Guidelines they should not be holding card details on the system un_encrypted.

The problem is that a small online shop/business does not normally have the knowledge and skills to build a properly secure system and keep its security upto date. We all know not to use a site for on-line payments if its not HTTPS but we have no knowledge of how its being handled or stored once it gets to the other end.

If the shop is found to have not followed the guidelines they may be subject to paying for some or all of the costs incurred by the card companies which could quite easily put a company out of business.

Title: Re: Hannants Hacked!
Post by: funtimefrankie on October 27, 2010, 11:20:10 pm
Latest email from Hannets....

Dear Customer,

Investigations are still on-going but so far no problem area or trace of illegal entry can be found anywhere. How the card numbers were taken is still a mystery. Two firms are still looking at everything and we hope to have their reports in soon. For now we are still not prepared to fully re-open the website.

We have PARTIALLY re-opened the website. We have done this so you can check that we are telling the truth that the card details have been removed and so that you can use all the other parts of the site. We suggest that while you are logged in you also check any items that are on back order and/or in your cart and adjust as required.

Currently you cannot enter new card details at this time or send orders to us but most other facilities are still operating as usual.

We have temporarily stopped sending out back orders just in case sending the data that goes with ordering is where the problem is. We have been told that it is encrypted everywhere and is not a problem area so now we do not think it is but we need to be certain.

TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as usual, add what you want to buy to your cart as before BUT then email us to say it is there in your cart. We will then download it and have it ready for collection and payment at the show. You do not pay until you collect so we do not need any payment now.

MAILORDERS. WE CAN NOW ACCEPT ORDERS THIS WAY... Please put your order in the cart as normal then TELEPHONE or FAX us with your card details. We will then download your order and attach the card details to the order. We will then be able to process your order. Our email is not secure so we cannot recommend you send your card details that way.

Please be aware that the cart only 'remembers' items if they are actually saved in the cart. Items in the Quick Order only do not get saved.

We will email more information as soon as we can.  Quite a few customers have told us that they are on the emailing (Hot News) list but have not received an email from us. We think this is because they are being stopped as spam. Mostly the customers are with Hotmail, Yahoo, AOL and of course BT. If you can pass our emails to any of your modelling friends please do.

Everyone at Hannants would like to say a massive 'thank you' for the emails, and phone calls of support, help and encouragement you have sent us. With the exception of about 8 people your support has been fantastic.

Congratulations should also go to the worlds banking system who seem to have spotted and stopped the majority of the charges before they got to the customer.

Best regards

Hannants