Jump to content

Thank You Hannants for your UNSAFE website....


Recommended Posts

1) It wasn't Hannant's fault. The hack had nothing to do with their website security.

I'm still waiting for any evidence of this.

People have been saying that it wasn't Hannants but a credit card clearing house that was hacked.

Initially Hannants sent out an e-mail with this claim followed by another e-mail saying that they had no idea where the breach was.

AFAIK, since then Hannants has made no claim that it was the clearing house that was hacked.

People have been saying that no credit card information was ever kept on Hannants servers.

Hannants made changes after the hack and no longer keeps the data on their servers. They used to in fact retain your card info to make transactions faster for those ordering.

A few have said they had cards comprimised that were never used at Hannants.

Yes, identity theft goes on all around us all the time. Coincidental timing is my guess.

I'm still waiting for any news stories to appear regarding the matter. If it was a clearing house there should have been something.

I also figure that if Hannants discovers the answer and it clears them of responsibility that they will post a clear statement on their website stating as much. Will they do so if they find out that they were at fault?

Edited by Maker
Link to post
Share on other sites

This credit card processor has as customers not only Hannants but many other businesses who clients were also hacked. The credit card companies have been getting hacked on a regular bases. This one got noticed because it happened to several here who had purchases from Hannants in common. It could have happened from the purchase of movie tickets or gasoline...this particular processors security was breached and the thieves knew whose accounts to tap...they started small and are working up before their access is cut off. All risk is on the credit card company...not you...its their money they stole, not that from your bank account. Report it and you CC company will issue you an new card/account.

Link to post
Share on other sites
This credit card processor has as customers not only Hannants but many other businesses who clients were also hacked.

What credit card processor (Clearing House?)(Name?)?

How do you know that it was a clearing house and not Hannants?

The initial e-mail that Hannants sent (later essentially retracted when they said they had no idea where the problem was.)?

Comments from others on modeling forums? If so where did they get this information?

I've got nothing against Hannants. I think it's great that they have improved their security and I wish them the best but I still haven't seen any evidence that they weren't the one at fault.

Link to post
Share on other sites
There was a pop up also on their site confirming they had the site checked by professionals and no hacks were found, that it originated in a clearing house in the USA, several UK companies were hit.

I think it would be a good idea if they put this information on their website. There is nothing in the FAQ or info section other than a statement that their site is secure.

If there was a temporary pop-up I missed it.

A final e-mail to all their previous customers explaining exactly what happened would also be nice.

It would also be nice if they named the clearing house and stated that they are now using a different clearing house.

I don't know anything about these clearing houses but I'd think their security would be pretty good.

How do clearing houses work? Do they keep all credit card transactions and info on their data bases? I'd think that they would keep a minumum of info on record and merely clear new transactions through the various credit card companies.

If the hack did indeed affect multiple businesses I'd expect some kind of news story about it.

Another issue that is still not clear is that they were claiming that the hack only concerned customers on their new website during the last year (or 6 months was it?) yet lots of older customers that hadn't used their new website were nailed.

How far back do these clearing houses keep data? I'd think that they wouldn't keep any but merely confirm new transactions through the various credit card companies as orders come in.

Link to post
Share on other sites

i got charged $800 on my credit card in the same days. This card was registered on Hannants site. The transaction was made in UK. So it was Hannants site. You need full info on the card to do a transaction including the 3 digit code at the back of the card. I dont think a clearing house, what ever that is, will keep that much info.

Link to post
Share on other sites
Another issue that is still not clear is that they were claiming that the hack only concerned customers on their new website during the last year (or 6 months was it?) yet lots of older customers that hadn't used their new website were nailed

Think that was on the pop up too, I can understand it being taken down after a period of time though as it isn't exactly good advertising and to be fair they did do everything they could which has got to of hit them trade wise.

Link to post
Share on other sites

a clearing house, by definition needs "that much info" to even do it's job

Hannents, or any other company that takes credit cards just can't do all the work it takes to get the funds transferred from your bank to their's

just a look at the World Census site tells you that it wasn't Hannents fault, it was the clearing house they used to use before this happened,,,,,,,last I looked, it said that their were 80 million cases of identity theft,,,,,just in the USA,,,,,,that's a quarter of one country's population,,,,,take that to global,,,,that's a lot of people

so, okay,,,,,let's blame Hannents,,,,,,,,good on them for having 80 million customers?

also, back when this first happened, there was a flurry of posts,,,,more than half had never purchased from Hannents

you swipe your card at the pump,,,,or key it into a webstore,,,,,the info goes to little batch processing centers all over the world, the amount gets subtracted from your balance at your bank, and goes onto the balance at the vendor's bank,,,,,,called "clearing"

those little centers are scattered all over, just outside of major cities,,,,I worked at the IBM GSS site, just outside of Nashville, TN, in addition to our own work, we backed up places like Mobile and Tampa when the hurricanes come through,,,,so there is no interruption in commerce caused by natural disasters

the reason it didn't affect all CC transactions is that there are multiple sites for each company,,,,,,,,and many different companies doing the work

just as likely that some got hit at a restaurant or gas station as at an online hobby shop,,,,,and as I said, some reported that is what happened to them

Link to post
Share on other sites
i got charged $800 on my credit card in the same days. This card was registered on Hannants site. The transaction was made in UK. So it was Hannants site. You need full info on the card to do a transaction including the 3 digit code at the back of the card. I dont think a clearing house, what ever that is, will keep that much info.

You don't need the 3 digit code, that is an optional requirement by the processors. I've made dozens of purchases without being asked to provide it. It does help prevent fraud though as a secondary measure to ensure the card is in the persons hand giving the numbers.

Link to post
Share on other sites
Think that was on the pop up too, I can understand it being taken down after a period of time though as it isn't exactly good advertising and to be fair they did do everything they could which has got to of hit them trade wise.

There were lots of statements from Hannants quoted on various forums but I don't recall any confirmation stating that a clearing house was responsible.

I understand that they stated that it only affected customers on their new site but lots of people that had only used the old site came forward.

also, back when this first happened, there was a flurry of posts,,,,more than half had never purchased from Hannentsjust as likely that some got hit at a restaurant or gas station as at an online hobby shop,,,,,and as I said, some reported that is what happened to them

I only noticed a few that had never used Hannants but a whole bunch that did.

As I mentioned, identity theft goes on all the time so I'd attribute those few to normal day to day identity theft.

just a look at the World Census site tells you that it wasn't Hannents fault, it was the clearing house they used to use before this happened,,,,,,,

How can you conclude from this that it wasn't their fault or that it was their clearing house?

I'm still waiting for some conclusive proof or a clear statement from Hannants that it was a clearing house.

Link to post
Share on other sites

The other thing to consider is JUST because the stolen card number was used in the UK does NOT mean the theft took place IN the UK. What typically happens is the numbers get compromised, but then the hacker sells the numbers to other people online via websites that hackers hang out at so HE can make money and also to make sure if anyone gets caught that he does not. A hacker who steals CC numbers and then uses them himself is just ASKING to get caught. In my case, the theft occurred after a Hannants order, but the first fraudulent transaction (the test) occurred at St Joseph's hospital in Denver, Colorado. Others had the fraud charges occur in Sweden, France, etc...

I think Hannants is still looking into it. Card theft may be higher these days due to the wikileaks crap going on as hackers are going after Mastercard, Visa and Paypal in retaliation for them cutting off funds. In my case, the next time I place a Hannants order, I will likely go the Paypal route instead of my CC just for an added layer of protection and not having to worry about getting a new card if something DOES happen.

Link to post
Share on other sites
I'm still waiting for any evidence of this.

You clearly have no clue how online credit card processing works then. Do some research before casting aspersions. This was not the fault of Hannants.

Edited by Jennings
Link to post
Share on other sites

lol,,,,,yeap, for the next 17 years it will be Hannants fault

gotta wonder what this topic would look like on a "gas pump" message board

"Helllpp, I've used my card at Texaco for years and years, and then, I ate at Denny's, and Denny's in-the-restaurant-banker compromised my CC info",,,,,,,"well, bud, good thing it wasn't at a model shop,,,,,their "banker's" are even worse."

me?,,,never had a CC problem online,,,,,I use "reloadable debit cards",,,,,the most anyone could get is what's loaded on it,,,,and it's always near empty, anyway,,,,,,,I "load, log on, spend", each time

a big part of this blame game is from not knowing how money is moved in these times

and, ummm,,,the cops that use these boards will tell you,,,,,,it's not he company that is "at fault",,,,,,it's the people stealing electronic info that are to blame

Link to post
Share on other sites
This credit card processor has as customers not only Hannants but many other businesses who clients were also hacked. The credit card companies have been getting hacked on a regular bases. This one got noticed because it happened to several here who had purchases from Hannants in common. It could have happened from the purchase of movie tickets or gasoline...this particular processors security was breached and the thieves knew whose accounts to tap...they started small and are working up before their access is cut off. All risk is on the credit card company...not you...its their money they stole, not that from your bank account. Report it and you CC company will issue you an new card/account.

This logic is eminently flawed in that many of us who had our card details hacked had not made purchases from Hannants in many months, therefore unless the card processor was also retaining the info, there is no way anyone could have accessed that info except through Hannants. I know for a fact that my last order from Hannants was at least 5 months prior to the breach and I had used that card literally ONLY at Hannants in the year before it was used fraudulently. I was attempting to pay that card off and had deliberately avoided using it ANYwhere, not at a gas station, restaurant or any other type of establishment, online or otherwise.

Now again I will reiterate that although I believe that my details had to be obtained from the info I had saved on Hannants website (as there was simply no other way) or some other way involving my purchases with Hannants, I DO NOT BLAME THEM in any way, shape or form. In fact, I just completed an almost $200 transaction with them but a few days ago and I remain a loyal customer of theirs. Obviously, I had suffered no personal loss and I am not upset in any way (nor was I at the time), as the few minutes it took on the phone was inconsequential and the few days it took the new card to arrive weren't an issue, as I had suspended use of that card months ago.

Edited by madmanrick
Link to post
Share on other sites
You clearly have no clue how online credit card processing works then. Do some research before casting aspersions. This was not the fault of Hannants.

I'm merely asking for answers. I'd prefer the answers to come from somebody who can back it up or from Hannants themselves.

So far all I've heard are repeated rumors from forum users and nothing conclusive from Hannants.

I'd like to see the contents of the pop-up that TonyT mentioned but this is the first time I've heard of it. I'm surprised that nobody qouted it on any of the forums (or did I miss this?).

You say it was not the fault of Hannants but how do you know this?

As for my knowledge of online credit card use, I don't know much.

I do know that I feel safer using Paypal.

I do use credit cards when I have to.

If a website offers me a choice of them keeping my data for future transactions I always say no.

If you know something that will shed light on this situation please do share.

lol,,,,,yeap, for the next 17 years it will be Hannants fault

"Helllpp, I've used my card at Texaco for years and years, and then, I ate at Denny's, and Denny's in-the-restaurant-banker compromised my CC info",,,,,,,"well, bud, good thing it wasn't at a model shop,,,,,their "banker's" are even worse."

and, ummm,,,the cops that use these boards will tell you,,,,,,it's not he company that is "at fault",,,,,,it's the people stealing electronic info that are to blame

I don't think anybody, even Hannants is denying that Hannants customers were subject to this incident.

Who is at fault hasn't been answered in my mind.

Hannants has improved their security and now accepts Paypal so I wouldn't hesitate to shop with them even if this previous incident turns out to be their fault. I'm positive that they didn't purposely give out peoples credit card info.

Of course the theives are to blame. The question is how did they accomplish their theft.

Again, I'm not trying to throw Hannants under the bus.

I'd just like to stop hearing from people who don't have any facts where the problem occured.

Like I said previously, a clear statement from Hannants, a valid news story or any kind of fact based proof would put an end to it.

Link to post
Share on other sites

ahh, good,,,,,I think you are one of the people that "gets it" on this topic

you see that it's not "I charged at Hannants, then at Texaco, then Denny's",,,,,and then had your info stolen

it's more like

the people that charged at Hannants

Plus, the people that charged at Gas station A

Plus, the people that charged at Gas station B

Plus, the people that charged at grocery store A

Plus, etc,etc

then,,,,out of all those people,,,,a portion from the millions of them from that huge combined list of vendors had their info stolen in a batch,,,,,,the thieves wouldn't even know where the cards were used

Link to post
Share on other sites
Like I said previously, a clear statement from Hannants, a valid news story or any kind of fact based proof would put an end to it.

You could try contacting Hannant's yourself. Hannant's have said several times in e-mails and on the web site that they have had everything checked their end and as far as they know there was no breach of security attributable to their own system. It's up to you whether or not believe it and whether or not you refuse to believe the knowledgeable replies that have been posted here. As far as Hannant's are concerned an end has been put to it.

peebeep

Link to post
Share on other sites

guess I'm pretty much done with this, too

took me 4 years of college to learn what I needed for that job,,,,,,,pretty hard to just type it all into a thumbnail box, lol (if it could be typed in one of these boxes,,,,,,where the heck was the message before I spent the money on classes??)

I too don't believe that Hannants is going to "repost and re explain" everything that they posted back when this happened,,,,,,and I applaud them for throwing on the emergency brake like they did when they found out

only way to try to explain it this way,,,,,,to a computer

000111101010101000101010100000101010100000010101010000101010111010101010101000 is your bank account, your name, your address, and your money (just like light bulbs turned on and off, in fact, it used to be just that)

move them around via phone or satellite uplink enough,,,and your boss gets money to pay you with,,,,,if I were to intercept it,,,,I'd know which digits I was after,,,,,but, not where it came from or was going,,,,,and even then,,,,it takes a "test steal" to know what the amount is in those digits amounts to

anytime you use electronic money, check your balance often,,,,that is the only way to know

Link to post
Share on other sites

Some may know that Hannants called in a forensic professional company to invstigate: that company is, according to this week's "Hot News", near the conclusion of its investigation, Hannants will advise the results when they have them.

I too suffered, fortunately only the "test shot" of a small amount, and my CC company replaced the card. Inconvenience to me minor, net financial loss nil. I have been for many years, and remain, a loyal Hannants customer - as the man said, it's not their fault, it's the thieving (insert your derogatory term of choice) who perpetrated this crime. Unfortunately for we law-abiding citizens , the criminals do sometimes outwit what is until then seen as sufficient precaution; better measures are put in place, the criminals crack them, and so on - 'twas ever thus.

Edit for the inevitable typos only spotted after hitting the "post" button ... :whistle:

Edited by MikeC
Link to post
Share on other sites

Indeed it is the thieves fault as they are the ones that got our numbers. I highly doubt anyone at Hannants would have a drive hooked up to their server as they clone transactions as they come in and then decide to sell that information. In the short of it, Hannants is just as much of a victim as the rest of us and indeed probably more as I imagine this whole scenario has certainly affected their business at a time when purse strings are a bit tighter then in years past.

I got the update from them as well and the forensic team is downloading data from the final server. So we should have some final firm answers soon. Using a team like that can NOT be cheap by any stretch of the imagination. All things considered, Hannants has done right by these things. First they hit the brakes on the server, then they instituted backup procedures (such as bringing Paypal on) and finally they are doing a full check over their system to make sure things are clean. I don't see too many other companies EVER doing that, and a few of them are bigger then Hannants.

As such, when all is said and done, I will purchase from Hannants again as they will emerge stronger from this whole situation and likely be one of the safest companies out there to buy from.

Link to post
Share on other sites
anytime you use electronic money, check your balance often,,,,that is the only way to know

There is actually another way REX

This is the UK version, or one of them, basically what it is is a VISA card but with NO overdraft facility and not linked to a bank account, you add funds to the card for what you wish to purchase online say and then use that card to buy it, as the card has no facility to overdraw that amount, stealing the card details will get you nowhere as there is not credit or money on it past whatever you transferred to it. so it cannot be used fraudulently unless you have cash on it... another advantage on holiday is you have a fixed ampunt on it if you lose it and it is abused, you only can lose the amount you credited to it..

see

http://www.cardsmart.co.uk/news/o2-to-laun...card-24033.html

Link to post
Share on other sites

yeap, post #16

prepaid debit cards,,,,,,I use Wal-Marts card,,,,,$3 to load any amount,,,,monthly charge of $3,,,,,if I load more than I use (neverrrrr happens, lol)

so, SWMBO says here Rex, here's $200,,,,,,,,I go to Wal Mart (or Green Dot, or whatever), load $197 on it,,,,,click on Sprue Bros or Wolfpak,,,,,and it's emptied right out, lol

only way to get their hands on that money is to somehow grab it in between when I type in the code for the upload, and when I get the cart filled at Sprue Bros

Rex

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...