Wrongdoers have taken over Angling Direct's computers, redirecting visitors from its websites to Pornhub, and threatened to delete its internal information. In addition to the website redirect, their Twitter account has also been hijacked, referencing a porn site and posting contact information for the attacker.
The London Stock Exchange-listed supplier of fishing gear and equipment said it is now handling a cyber security problem after they found suspicious activity on its network late Friday, November 05.
It further told the City: "This unauthorized activity shut down the Company's websites and these remain inactive. Some of the Company's social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade."
However, Angling Direct stated that it is unclear whether any personal information has been hacked - and that no payment information has been exposed. The attacker also included an email address and a promise to return "information and access" to the website. There were no public ransom requests.
Apart from the phishing, this incident will send chills down the spines of firm executives. Indeed, this assault has all the signs of an immature adolescent hacker having a good time, but it is undoubtedly generating major issues for the victim.
The team has further informed that indicators point to staff login credentials being taken, permitting hackers to take over the company's website and, simultaneously, its Twitter account. The motivation is clear: cybercriminals want to be compensated before relinquishing control to the company.
In the meanwhile, the firm is losing a lot of money on prospective sales, not to mention trust and brand harm, as clients feel embarrassed or worse when they visit an explicit website by accident.
In a statement, the company said: "We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data. Importantly, the company does not hold any customer financial data, as our website transactions are handled by third parties."