-
The email they sent out to recent customers said that the set had been hacked and potentially credit card information had been taken, then there was a guy reporting that he had some dodgy activity on his card he was trying to sort out with his bank. Check your statements for transactions from russian or china or bloody jamaica mate
-
That clears it up, if you were online at the time of the hacking then your info could be gathered, but I will check in work Tmo , and see if they were correct in telling us info is not stored. Luckily I don,t buy off them on line.
-
They had a SSL certificate on their site, so I suspect the traffic was not being intercepted and decrypted on the fly (as this is hard work, vs brute forcing admin credentials). That leaves unencrypted data at rest, or in a database as the most likely places for gathering of this information. Both of these scenarios are stored data, whether they see it this way or not.
Doing a Qualys SSL scan of their site put me off ever doing any online transactions with them, or any of the gun stores to be honest.
It will be interesting if they release what happened, and when they get their site back up, what they have done to stop it happening in future.