Jump to content

credit cards on Hannants compromised


Recommended Posts

Add me also to the list,

Things happened as follows:

- Sunday 24th october: I got a mobile phone message asking me for authorize a GBP 685 charge at ROX(UK)LTD. I refused the authorization, thinking it may be an error, and told to myself I had to talk with the bank guys about this strange message.

- Monday 25th october: The banks guys called me before I called them. They told me my CC had been blocked because they detected repeated suspicious attempts to charge it. When I tell them about the mobile phone message, they cancelled my CC definitively . Nevertheless, we noticed I had been charged for US$2.85 from a car wreckers establishment at Portland (Oregon). It was the test charge. The bank has refunded it to me, so I haven't lost a penny / cent. Lucky me.

- Tuesday 26th october: I received the Hannants message warning their costumers (I have signed for their mail list). Until then, I completely ignored the possible source for my CC data leak (I should check more often the ARC forum...). My last Hannants purchase was about 10th october, so it makes sense. Nevertheless, I have been purchased from other on-line shops at UK during october.

At the end of the day, I'm quite happy with the VISA security system, since they managed to block all charges but the test one. And I will definitively buy again from Hannants once they reopen.

Edited by Joaquin PM
Link to post
Share on other sites

Well, just got the call and it has happened to me, a $3.39 test purchase to some trucking company and then a $300+ purchase @ WalMart.com. Hope the frickin' b@$t@rds chock on it! Anyway, card canceled and a new one on the way.

FWI, my last purchase from Hannants was back in May, so those who think there going to be fine because they hadn't made a buy for several months, think again, and at least put a hold on your card. I wish I did!

Link to post
Share on other sites
Just talked to my cc company, and despite there being no dubious activity on the account they've suspended the card anyway - seems like they're now cancelling every card that was used with Hannant's regardless.

Vince

I'm very glad to hear this, because when I attempted to do this preemptively 2 days ago, Chase refused my request as there had been "no apparent fraudulent activity." Barely 24 hours later my account was hit and then they allowed me to do it.

Rick

Link to post
Share on other sites

Just got this from Hannants;

Dear Customer,

Two of the investigations into our problem and have come back but failed to find anything significant.

We have analysed a lot (but not all yet) of the information our customers have sent us. We can confidently say that no information was captured as orders were transmitted. This means that we should be able to re-open the website quite quickly.

However it does mean that we still do not know how the data was accessed and so have to recommend that anyone who registered their card details on the NEW website CANCEL the card with their bank. We realise this is annoying, irritating, time consuming and inconvenient but we think it is the safest thing to do under these circumstances.

PLEASE CANCEL ANY CREDIT OR DEBIT CARD THAT WAS REGISTERED ON OUR NEW WEBSITE. (registered on or after March 23rd 2010)

We will re-open as soon as possible with a new system that does not remember the card details. This will be annoying for our customers who order regularly and will not want to enter their card details each time but we think it is the best way to go at the moment.

This will mean that we will not be able to automatically send any back orders. We will NOT be cancelling any back orders and will send you all revised Back Order details as soon as we have decided on the best way to handle them. For the moment you can add any available items to your cart and then phone or fax your card details through. Then we can download the order from your cart and attach the card details. We will charge and despatch as soon as we can.

TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as usual. Add what you want to buy to your cart as before BUT then email us to say it is there in your cart. We will then download it and have it ready for collection and payment at the show. You do not pay until you collect so we do not need any payment now. The country in the delivery address should be Collect from show NOT United Kingdom or any other country.

MAILORDERS. WE CAN NOW ACCEPT ORDERS THIS WAY. BUT ONLY THIS WAY PLEASE. Please put your order in the cart as normal then TELEPHONE or FAX us with your card details. We will then download your order and attach the card details to the order. We will then be able to process your order. Our email is not secure so we cannot recommend you send your card details that way though we know a lot of you will.

PLEASE DO NOT PHONE OR FAX OR POST YOUR ORDERS TO US AT THE MOMENT. WE ARE GRATEFUL FOR FOR YOUR ORDERS BUT CANNOT LOAD THEM TO THE WEBSITE AS QUICKLY AS YOU CAN.

We are sending this email via 2 methods so as to try and get it delivered. We apologise if you receive it twice.

We are still receiving immense amounts of support and help and we thank you all for it.

Best regards

Hannants.

Julien

Link to post
Share on other sites

I just got 5 unauthorized charges today on a different credit card from the one that was on currently file at Hannants. It was a card that I had previously used with them, though. I swapped cards probably earlier this year. I do currently use the other card for other sites, so maybe it's just a coincidence, but it's strange that within less than a week two cards that were on file at Hannants, one current and one previously, had multiple unauthorized charges (multiple small "test" charges all in one day).

If the Hannants database or server were compromised, it may be that every card you ever had in their database was compromised. I'd recommend checking all of the cards you ever used at Hannants, even ones you currently don't have on file.

Link to post
Share on other sites

I had the credit card company call last Sunday night and tell me a single $200.00 charge was made and they knew it was fraud right away. I thought at first it was from my kids on line gaming but once he found out from my wife it was from my model building purchases he threw that right in my face. HA! So much for my great hobby!

Link to post
Share on other sites

I've had to cancel a card as well, at the recommendation of my bank which had blocked it on suspicion of fraud.

I have never at any time made any purchase from Hannants with or without a card.

I have not used that card with any other modelling site!

The only recent internet transaction on the cancelled card - indeed, the only internet transaction - was to a bookseller.

Shane

Link to post
Share on other sites

I was just called from my bank, my credid card is also compromised due to a fraud from USA.

They blocked it in time and will send me a new one.

Problem is: the last time I bought from HANNATS was 4-5 years ago and I never ever buy from HOBBY SEARCH!

Link to post
Share on other sites

With these last couple of comments it is safe to say it was not from Hannants.

I also got the call but Chase took care of it.

this sucks but the credit cards are taking care of it seems like.

Maybe it will not happen again.

Wishful thinking on my part.

Link to post
Share on other sites

I just got the call from my CC company. The perps tried to charge four different times today at Skype for $10 each and the charges originated from Luxembourg. They got denied and I will be issued a new card. I last used my card a few months ago.

Link to post
Share on other sites
I personally do blieve though that this is still the source. It fits the picture all others have mentioned and if they're database stores credit card information for an indefinite period of time I don't see why a purchse 4 months or 4 years ago would make any difference. Just my personal opinion though.

and I also think the same. :rofl:

Link to post
Share on other sites

I've had a card compromised, but looking at the evidence I do not see how it's Hannants. They have done everything they could, they've kept people informed, and there are people here who have never bought from Hannants. Given that this is a modelling website Hannants is simply the common denominator.

This is their latest news, see it for yourselves on the website:

"Following our recent credit card security issues, we can confidently say that NO information was captured as orders were transmitted. This means that orders can now be placed at our website.

We have now RE-OPENED this website but modified the way we work. You cannot save any card details now. When you go to check out you will be asked to enter your card details. As soon as you have sent the order the card details are deleted.

Because we no longer have any card details we will not be able to automatically send any Back Orders. We HAVE NOT cancelled any Back Orders and hope to have a modified system available soon. Sagepay have recently developed a new system which is exactly what we were looking for when the new site was being created. For now please add Back Order items to your cart and send the order when you are ready.

TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as shown in Your Account> Change Your Delivery Address Details> Add An Address. Then make this your default address. Next add the items you want to buy to your cart and then go to checkout. You will need to enter your card number to make the system accept your order but it will not be charged. It will be deleted after the order has been sent."

They will continue to have my confidence and custom - just as soon as my new card arrives!

Link to post
Share on other sites
Following our recent credit card security issues, we can confidently say that NO information was captured as orders were transmitted.

That's not saying that their data base wasn't hacked, just that the data wasn't intercepted during transmission.

They have deleted and are no longer storing credit card info on their database. This hints that they may well have been hacked or so they suspect.

Due to the overwhelming number of their customers whose accounts were nailed in the past few days I don't know how you can discount the possibility that their database was stolen.

They initially announced that a clearing house may have been the problem but shortly thereafter announced that they had no idea where the problem was.

I doubt we'll ever hear where the problem was.

A few people that never did business with them also said that they had problems. This may well have been coincidental. Identity theft is going on all around us all of the time.

It's nice to know that they have changed their billing methods and are improving their security.

Hopefully when all is said and done this won't have hurt their business.

Link to post
Share on other sites

Mine was just compromised. After I initially saw this here a few days ago, I told my spouse to be on the lookout for any suspicious charges and sure enough, one popped up to some website for $150 and neither my spouse or I had ever been to said website. Account has now been frozen and new cards being issued. I had used Hannants website within about the past 6-9 months I imagine. Seems pretty coincidental that we'd never had a problem with our account until this news broke.

Link to post
Share on other sites

Add me to the list. 2 charges made of $.50 and $20, both in Saudi Arabia. CC canceled and new card issued. I can't remember having used Hannants but I guess I must have at some point, as I am receiving their emails.

Scary development for sure.

Ken

Link to post
Share on other sites

My bank anti-fraud unit called saturday morning and told me that an $800 transaction was made in UK. This card was registered on Hannants website. I had last used it for a small transaction in Toronto about three weeks ago.

Link to post
Share on other sites

Darn, they got me too! Visa called me today and so I checked my account. Got charged a test amount of a $1 then got charged with two different prices over $50 each. Got my CC canceled with a new one being issued and yes, I purchased from Hannants late last year. Oh yeah and I also use Paypal.

Hope my fellow modelers check their accounts just to be sure!

Link to post
Share on other sites

me too called this morning, 10 transactions totaling almost $1000. most of them were for the same place, virgin atlantic...some internet tv company and another internet gaming site...and one walmart.com purchase of $1.24

can't comment on the cause or the fault, at first i'd have to believe its got to be more than coincidence that alot of us here are getting hit with the same thing right about now. perhaps hannants was just part of a larger hack attack that focused on the same type of encryption/storage systems...my bank manager said he had a bunch of people he was talking to today (can't imagine they are modelers though)

-peter

Link to post
Share on other sites
me too called this morning, 10 transactions totaling almost $1000. most of them were for the same place, virgin atlantic...some internet tv company and another internet gaming site...and one walmart.com purchase of $1.24

can't comment on the cause or the fault, at first i'd have to believe its got to be more than coincidence that alot of us here are getting hit with the same thing right about now. perhaps hannants was just part of a larger hack attack that focused on the same type of encryption/storage systems...my bank manager said he had a bunch of people he was talking to today (can't imagine they are modelers though)

-peter

hi i havent been hit but as you say,hannants might be part of a larger hack.......the clothes chain "next" have also been hit,so there may very well be more

Link to post
Share on other sites

Thought I'd got away with it, had a letter from Capital One saying they were replacing my card because of suspected suspicious activity and would I please check my account. Checked on the 21st and nothing, great thought I.

Phoned up today to activate the new card and they want to check the last few transactions just to make sure. OK says I thinking it's just a formality. Have you made a donation to NKF in Louisiana? Bought online from a shop in Germany? Been into the Apple Store in ****? Nope, nope and nope. OK, we'll send you a fraud form to sign and we'll re-imburse your money. By the way, we've also stopped two other attempted transactions, both in America. All these were from the 22nd.

At least I'm not out of pocket.

Link to post
Share on other sites

I just got informed by my bank that suspicious online activity had occurred against one of my cards. It has been a while since I purchased from Hannants, so I don't remember if I used that card or not there. But it is odd that it occurs just a couple days after this news hits.

It was a few transactions in a matter of minutes and all from the internet.

Chase caught it and all done. I hope. I am not sure if I have used one or more cards with Hannants in the past. Just checked all my other accounts and nothing erroneous there.

Link to post
Share on other sites

Crazy stuff and it does indeed sound to me like it was a larger hack of some sort. Still, at least Hannants is beefing up their own security. Any idea if word of this larger hack has gotten to the UK media outlets?

Link to post
Share on other sites
Crazy stuff and it does indeed sound to me like it was a larger hack of some sort. Still, at least Hannants is beefing up their own security. Any idea if word of this larger hack has gotten to the UK media outlets?

i'm curious if it's made it to any media outlets...

i haven't heard a thing in the papers or news about it and its got to be huge, wonder if they are still working on it and don't want to encourage the criminals by announcing just how well they made off with this attack.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...