Just went for a look and the site is closed. I thought I would holla out in case some of you have been purchasing stuff online, it mentions checking your banking details :pissed off:
https://www.huntingandfishing.co.nz/
Printable View
Just went for a look and the site is closed. I thought I would holla out in case some of you have been purchasing stuff online, it mentions checking your banking details :pissed off:
https://www.huntingandfishing.co.nz/
Damn, I thought for a moment I had something relevant to say... guess not... Carry on, nothing (new) to see here
If the site is hacked they can then hack your pc/phone etc?
Sent from my SM-G388F using Tapatalk
They can't hack your pc/phone but may be able to log in to other online accounts that use the same password as your h&f account, and might be able to use credit cards that you had used on the website.
Ah
Sent from my SM-G388F using Tapatalk
Its been weeks. They should really sort their shit out. Must be costing them heaps in lost sales.
been like that for month and ahalf maybe. they dont be in any rush to get it going again. even a basic web so you can view producy and prices would be great.
below is a link to the site that hosts/prints their catalogue, just incase you dont have a hard copy
issuu.com/hunting-and-fishing-nz/docs/spring_2016_web
I'm surprised they haven't made an announcement regarding a new site or similar. As stated above, the lost $$$ from not having the site up must be huge.
Oh the shop!
I assumed hunt fish forum [emoji3]
Sent from my SM-G388F using Tapatalk
Ok. I've never used the site. CC details could still be lifted by the hackers if you made a transaction while the website was compromised.
Ideally the user details and passwords were well encrypted, but not everyone uses best practice. Aside from how shockingly shit their service is, http://www.top-gear.co.nz is another one that no one should ever use because their website is insecure as all hell.
The email they sent out to recent customers said that the set had been hacked and potentially credit card information had been taken, then there was a guy reporting that he had some dodgy activity on his card he was trying to sort out with his bank. Check your statements for transactions from russian or china or bloody jamaica mate
That clears it up, if you were online at the time of the hacking then your info could be gathered, but I will check in work Tmo , and see if they were correct in telling us info is not stored. Luckily I don,t buy off them on line.
They had a SSL certificate on their site, so I suspect the traffic was not being intercepted and decrypted on the fly (as this is hard work, vs brute forcing admin credentials). That leaves unencrypted data at rest, or in a database as the most likely places for gathering of this information. Both of these scenarios are stored data, whether they see it this way or not.
Doing a Qualys SSL scan of their site put me off ever doing any online transactions with them, or any of the gun stores to be honest.
It will be interesting if they release what happened, and when they get their site back up, what they have done to stop it happening in future.