Jump to content

credit cards on Hannants compromised


Recommended Posts

I have just responded to Hannants' e-mail with details of the thefts from my account on Friday - and I have also reassured them that, as a customer, they have my sympathy for this serious criminal attack against their business and that I will definitely continue to buy from their website in future.

For the vast majority of us, our banks will have stopped any personal loss, and we just have to deal with the inconvenience of a temporary loss of credit cards - However, for Hannants (and any other business affected) this could have a very real effect on profitability for some time to come; since Hannants are a significant world-wide player, could also have a very real effect on our hobby (and the willingness to order on-line from any other modelling retailer).

Blame the criminals, not Hannants.

Link to post
Share on other sites
  • Replies 215
  • Created
  • Last Reply

Top Posters In This Topic

Blame the criminals, not Hannants.

quoted for the truth

I will continue to do business with hannants, as this could have happened to any of the large number of online hobbyshops that i deal with.

good luck hannants and i hope the damage to your business is small

Link to post
Share on other sites
The point is you were quick to condemn Hannant's for storing the credit card details in an un-encrypted format, but you have absolutely NO evidence that this is the case.

I said nothing of the sort (though frankly my personal suspicion would be their encryption is simplistic). Try reading my posts instead of imagining what I might have posted.

The most recently posted response from Hannants - which I've had by email too - is a far better response from them than the initial one. None of the wishy-washy blaming it on something 'between' a server and a bank - a simple "we don't know". It does them a great deal of credit and indicates they are taking it seriously now. Deleting the database at this point, of course, is bolting the stable door after the horse has been stolen. And used on a ram raid. :cheers:

Link to post
Share on other sites

My last order at Hannants - October 10th.

Attempt to charge my card with large amounts in Euro - October 22nd.

Luckily Citibank stopped those transactions and after contacting me, rejected them. The card was cancelled.

Link to post
Share on other sites
Hello guys

I would like to warn you, that most probably somebody somehow stole details about credit cards registered on hannants and misused them for online transactions (in my case 2x 900$). At the moment there are 8 people confirmed from Czech Republic and Slovak Republic and all of us got call directly from our banks and our credit cards are blocked. Cards are registered (at least) in four independent banks (so hacking into the bank is out of question), we do live in different towns and even countries (camera on cash maschine is out of question) and I personaly used this particular card online only once - on hannants.

I recommend at least to check your bank account, in case you will notice some unathorised transactions, please, contact also hannants. (And block your credit card, of course)

I understand, that I am not permanent member on ARC, so you might consider this message as a spam, so I provide you links to two Czech modelling forums at least to check out, that something is written there ... (in czech language)

modelweb

modelforum

IPMS Nymburk forum

I contacted hannants, they started investigation. I also appologize to them, as this might have serious impact for them and I understand they will not go public until they are 100% sure. But at this moment I am really convinced that the information leaked from hannants and I think it is fair to warn you.

Jan (Honza) Jezl

think i will visit hannants in person for my next order,just to be on the safe side,hope the lowlife/lowlives in question get caught

Link to post
Share on other sites

I am from Taiwan, 12 hours ago I received a call from my bank regarding 3 suspicious credit card transactions in the UK on Monday.

fortunately, those transcation were rejected, the card was canceled. This card was used for shopping online, and my last order in hannants was in Aug. 2010.

Edited by thepmw
Link to post
Share on other sites

I'm a regular at Hannants so tomorrow, first thing in the morning, I'm checking my details. Well, okay, second thing.

I just wanted to spend a word on top-up credit cards or debt cards as you prefer: they're a life saver, get one, it pays off. Even if you're afraid it might get stolen and only keep € 50 on it, they can be topped up by anyone, even abroad.

A coworker of mine sent one to her mother in Latin America, and tops it from the local post office for a € 1 fee. Beat that, Moneygram.

Anyway, most important - even if you have a single cent on them, always block your debt card if it gets stolen. It's like when they steal that oil-leaking lemon of a car that was rusting away in your backyard: even if you're glad to get rid of it, you have to report the theft, because if it's used for a crime and is traced back to you, you're in for a loooong chat with the boys in blue.

Link to post
Share on other sites
I said nothing of the sort (though frankly my personal suspicion would be their encryption is simplistic). Try reading my posts instead of imagining what I might have posted.

The most recently posted response from Hannants - which I've had by email too - is a far better response from them than the initial one. None of the wishy-washy blaming it on something 'between' a server and a bank - a simple "we don't know". It does them a great deal of credit and indicates they are taking it seriously now. Deleting the database at this point, of course, is bolting the stable door after the horse has been stolen. And used on a ram raid. :deadhorse1:

Whatever.

In any case Hannant's appear to be totally innocent in this whole affair. This may well be related to a FUBARed upgrade by Sage Pay over the weekend, which apparently significantly reduced the security of their payment system for 'some' clients. God bless those System Engineers, eh?

Vince

Link to post
Share on other sites

While I in NO way blame Hannant's for the criminal enterprise that has apparently committed these acts, I am more than a bit chapped at them for not sending that email to their entire customer database. I checked not even a minute ago and I have yet to receive an email notifying me of this, I can only wonder how many of Hannant's customers don't frequent the internet modeling forums and may be unaware of this breach. I can also only wonder at how many of those unaware people have been victims of fraud that they be totally unaware of or not know the source of. I cannot thank Jan enough for bringing this to our attention :deadhorse1: , so that:

a. I could delete my card details myself yesterday.

b. Be aware of the situation and monitor it even more closely than I normally do.

The scary thing for me is that I just paid that CC that was stored on Hannant's site completely off and it has a $10,000 limit, that is scary even if I would not be responsible for any fraudulent activity. If I wouldn't take such a huge hit on my credit rating, I would just close it totally, but I'm really hoping to get my rating above 730 and closing it would ruin that for the time being.

Edited by madmanrick
Link to post
Share on other sites

Would everybody just calm down for a second with the blame game!

First of all, Hannants itself is indeed probably innocent. But, the first time we were made aware of this problem is from this message posting, so regardless of whether or not Hannants is to blame (they as a company are not IMHO), people still got their numbers hacked after making a purchase with Hannants during the past couple of weeks at least and maybe a month at the most. As such, kudos to the first poster for getting the word out. I say leave it up with this title for now (although I see it has been changed from "Hannants Hacked" to "CCs on Hannants compromised" as in the case of Spruemeister, not ALL fraudulent transactions have been caught by the CC fraud prevention people. As such, there are still likely victims waiting to discover what happened. They just have to read this thread to know something hinky could be going on.

As for whether it was the American company that provided the CC processing or the holding bank where the leak originated from, Hannants still is contracted with them and regardless of who is responsible, Hannants still uses those firms and those firms are going to have to make some serious security changes to plug the leak. More then likely Hannants themselves won't be using that firm in exactly the same way until they get some assurances that the leak has been plugged so they can begin damage control.

I got the same email from Hannants today after I emailed them last night. It says there will be another email to all Hannants customers pretty soon, probably once they have some facts as to what is going on. So if you haven't gotten an email yet, don't panic and don't get ticked. But check your bank statements very carefully.

Link to post
Share on other sites

It is still ongoing too. A local club member emailed me after I sent him a heads up (he shops at Hannants as well). He got a call from the fraud prevention people just this afternoon! So while the leak may have been stopped, there are some ticking time bombs floating around out there. So check your card statements!!!

Link to post
Share on other sites
While I in NO way blame Hannant's for the criminal enterprise that has apparently committed these acts, I am more than a bit chapped at them for not sending that email to their entire customer database. I checked not even a minute ago and I have yet to receive an email notifying me of this, I can only wonder how many of Hannant's customers don't frequent the internet modeling forums and may be unaware of this breach. I can also only wonder at how many of those unaware people have been victims of fraud that they be totally unaware of or not know the source of.

Thank you a lot for your reaction, that's exactly what I had on my mind while I was frustrated from Hannant's actions. Add to this, that many of hannant's customers are abroad and if they do check modeling forums, vast majority of them (me including) check only forums in their countires in their native language - (that was the reason why I complained about statement from Hannants on britmodeller). You know, to make a shoping on Hannants you do not need to be perfect english speaker. Not counting (as I mentioned before) that it took me huge effort to convince Hannants to start investigation and without that it's possible nothing is happening till today. And it's wednesday morning and I still haven't receive email from Hannants ...

It is still ongoing too. A local club member emailed me after I sent him a heads up (he shops at Hannants as well). He got a call from the fraud prevention people just this afternoon! So while the leak may have been stopped, there are some ticking time bombs floating around out there. So check your card statements!!!

And this is confirmation of my deep concern...

Link to post
Share on other sites

One thing I noticed is that when I checked my payment info on their site before deleting it, it was showing 7 numbers after all those Xs. The first four were definetely the last four on the card I had used, followed by three other numbers, which I'm pretty sure was the CVV number (hopefully I'm wrong).

AFAIK, there has not been any unusual charges made using my card, but I'm witholding judgement as to who's to blame/responisible, but, if those last three were in fact the CVV number, then maybe Hannants should assume some responsibility in this for including it with the payment info.

Edited by afspret
Link to post
Share on other sites

My last order from Hannants was on August 23rd.

According to my CC company, beginning on October 25, my card was hit four times.

$1.00 from the Dunkin Donuts website. (I didn't know they had one.)

$2.85 from skype.com

$235.00 from aeropostale.com

oceancharters.com (I don't remember the amount.)

All were denied. The criminals didn't have the CVV number, which Hannants does/did not store.

Link to post
Share on other sites
Thank you a lot for your reaction, that's exactly what I had on my mind while I was frustrated from Hannant's actions. Add to this, that many of hannant's customers are abroad and if they do check modeling forums, vast majority of them (me including) check only forums in their countires in their native language - (that was the reason why I complained about statement from Hannants on britmodeller). You know, to make a shoping on Hannants you do not need to be perfect english speaker. Not counting (as I mentioned before) that it took me huge effort to convince Hannants to start investigation and without that it's possible nothing is happening till today. And it's wednesday morning and I still haven't receive email from Hannants ...

And this is confirmation of my deep concern...

Just wanted to say "thanks" for the heads up Jan.

Link to post
Share on other sites
While I in NO way blame Hannant's for the criminal enterprise that has apparently committed these acts, I am more than a bit chapped at them for not sending that email to their entire customer database. I checked not even a minute ago and I have yet to receive an email notifying me of this, I can only wonder how many of Hannant's customers don't frequent the internet modeling forums and may be unaware of this breach. I can also only wonder at how many of those unaware people have been victims of fraud that they be totally unaware of or not know the source of. I cannot thank Jan enough for bringing this to our attention :monkeydance: , so that:

a. I could delete my card details myself yesterday.

b. Be aware of the situation and monitor it even more closely than I normally do.

The scary thing for me is that I just paid that CC that was stored on Hannant's site completely off and it has a $10,000 limit, that is scary even if I would not be responsible for any fraudulent activity. If I wouldn't take such a huge hit on my credit rating, I would just close it totally, but I'm really hoping to get my rating above 730 and closing it would ruin that for the time being.

I haven't shopped at Hannants for a long while (I use Relish Models mostly) & they do not have my debit card details but even I got an e-mail off them yesterday.

Link to post
Share on other sites

They hit my CC in three times:

1 EURO in Thomas associated (I don´t know what is this)

30 EUROS on Vodafone Spain (A telephone company, this is not my telephone company)

10 EUROS + 20 euros again on Vodafone.

CC cancelled

Link to post
Share on other sites

I would like to thank Jan for this topic :thumbsup:

I got my CC cancelled just in case ,I am sure that some kind of list with all CC details must be wandering somewhere...

maintenance.png

Edited by toniosky
Link to post
Share on other sites

Phone call from Banks Fraud Department - querying a few transactions:

First 3 recent transactions check out OK, 4th transaction carried out this morning however was for 97p in USA not OK.

Card Cancelled, new one on the way.

Of note - Card was never used at Hannants so it seems it is down to any CC or DC transactions carried out in the last few weeks.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...