Miscreants have hijacked the systems of Angling Direct, diverting traffic from its websites to Pornhub and threatening to wipe its internal data.
The London Stock Exchange listed retailer of fishing tackle products and equipment said it is "currently managing a cyber security incident after detecting unauthorised activity on its network late on Friday 5 November."
It further told the City this morning:
"This unauthorised activity shut down the Company's websites and these remain inactive. Some of the Company's social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade."
The statement says Angling Direct has contacted the law enforcement agencies and the UK's data watchdog, the Information Commissioner's Office.
We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data, but we will inform any individuals in line with our regulatory obligations should there be a need to do so. Importantly, the Company does not hold any customer financial data as our website transactions are handled by third parties.
As matters currently stand, the Board does not anticipate that this incident will have a detrimental impact on underlying trading and the Company will continue to assess any cost exposure that this incident may create. The Board will provide a further update as and when appropriate and apologises for any disruption that has been caused to customers by this incident.
We have asked the company to comment further. The oddness showed up on Angling Direct's Twitter feed last night at 22:43 UTC when an individual tweeting from the corporate Twitter account claimed the site had been "sold" to MindGeek, the company that bought PornHub in 2010, and that the fishing-tackle retailer's customers (or perhaps its owners, it wasn't clear) would be able to make use of a "premium" PornHub subscription the miscreants had signed up for using an Angling Direct email addy.
Our site has been sold to MindGeek the founders of Pornhub.— Angling Direct (@anglingdirect) November 7, 2021
Your data has already been transferred and PornHub premium will be available for your account for a period of one year.
Register with our email and you’ll automatically be assigned with premium.
Twitter detectives quickly began to speculate that Angling Direct might have used the same password for Twitter as it did for its other systems, and that the passwords were not protected by multi-factor authentication.
In a note to Angling Direct's admins, the criminal/s, referring to themselves as MASTER, said they could be contacted at email@example.com.
- Trouts on a plane: Utah drops fish into lakes from aircraft and circa 95% survive
- Marine archaeologists catch a break on the bottom of the Baltic Sea: A 75-year-old Enigma Machine
- Talk about making a rod for your own back: Pot dealer's seized €54m Bitcoins up in smoke after keys thrown out with fishing gear
- After 20-year battle, Channel island Sark finally earns the right to exist on the internet with its own top-level domain
"We will return the information and access to you. Otherwise we will automatically remove [SIC] from our system in 31 days," the tweet from last night added.
In addition to its 39 brick-and-mortar stores that sell all manner of fishing paraphernalia, Angling Direct had 7.4 million people visit its UK website in its fiscal 2021. It runs another three stores in France, Germany and the Netherlands.
The business turned over £67.6m in its fiscal '21, up 27.1 per cent on the prior year. Online sales shot up 39.9 per cent year-on-year to £35.3m, with international accounting for 12.4 per cent. Profit before tax was £2.6m versus a pre-tax loss of £1.5m.
According to a source, the whole domain is currently directing 30,000 people a day to PornHub. Google appears to have indexed the redirect and searches for the brand name warn visitors of adult content.
"Apart from sales lost during the hack while the site is down, the loss in consumer trust and the potential for customer data breaches, there is the additional cost of the site potentially losing some of its ranking in Google long term, which would also natively impact sales," our source said.
The Reg's in-house double entrendre generator exploded this morning when we fed Angling Direct, PornHub, tackle, and rods into the system. While the situation for Angling Direct is not funny, we couldn't resist quoting one reader that contacted us.
"Angling Direct or should that now be called 'Dangling Erect' suffered a DNS redirect... Online level of innuendo is amazing - this was not the sort of rod I was after? And look at the size of that tackle box." ®