# Online Modelling Store hacked - CC details taken



## ozhawk40 (Oct 26, 2010)

Just a heads up 

My credit card got hit too this past weekend (My bank was on to it pronto), so watchout if you have purchased from Hannants lately.

Hannants hacked - ARC Air Discussion Forums


----------



## lesofprimus (Oct 26, 2010)

Damn, Hannants is screwed....


----------



## Wayne Little (Oct 26, 2010)

Haven't used them.....so I will breathe a sigh of relief for now...


----------



## Lucky13 (Oct 26, 2010)

Haven't used them for a while....will have a look though! Thanks for the headsup mate!


Edit: Their website is down for maintenance now....


----------



## Vic Balshaw (Oct 26, 2010)

Coincidence or not, Hannants web site is currently down for maintenance..................and aren't I the lucky one as my card was compromised some months ago and I haven't updated my details as yet.


----------



## vikingBerserker (Oct 26, 2010)

Thanks for the heads up. On the bright side, it gives me an excuse.

"Why no honey, I did not spend $500 at Hannants, their site was hacked! See this post?????"


----------



## Lucky13 (Oct 26, 2010)

Will cost you a Revell 1/32 He 111 to keep me quiet Sir....


----------



## Airframes (Oct 26, 2010)

Hannant's have sent an e-mail to all on their mailing list, warning of this problem. (Just got it half an hour ago).
They have three Internet security companies looking into this, which has been happening over the last two weeks, but with some evidence of it happening in September. That's when my card was compromised - so probably happened there !
They have closed the web-site temporarily as a precaution, and are asking for anyone who has experienced this problem, via their web-site and ordering system, to inform them with as many details as possible. Apparently, it can be a small 'test' taking of funds, followed by one or more further fraudulent 'transactions', and the sources are in more than one country (my 'robber' was in China).
As a further precaution, Hannant's have deleted all stored data regarding customer's details, card numbers etc, so, if you want to order when they are back up and running, you will need to re-register your details etc.
Let's hope they get this sorted asap, for their sake as much as ours !
B*gg*r, I was about to order some stuff from them too !


----------



## A4K (Oct 26, 2010)

Cheers for the headsup mate! Like Jan, haven't used them for a while, but will check the account just in case...


----------



## JohnAnthony (Oct 26, 2010)

Yup, here's the email...

Dear Customer

We are very sorry to have to tell you that a number of customers who have used our website have had their card details stolen and used by criminals.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES. 
If you see any please contact your company that issued your card.

At the moment no one is sure how this has happened. There are several internet security firms investigating everything and we will keep you all updated as soon as we can. 

There is no sign of any intrusion into the server where the card number and expiry date information that we keep is encrypted*. The CVV number is not stored.

After looking at the information we have received we think this mainly affects some customers who have sent us an order in the last 2 weeks though there are 3 from September.

We have been contacted by about 40 customers so far but are not sure how many others have had their cards compromised but have not told us yet. If you know your card has been compromised PLEASE tell us. Please send us as much information as you can as soon as you can. We need as much information as soon as possible.



Please look out for small 'insignificant' test charges of under $5.00 followed by larger charges of varying amounts. Charges have originated from different countries and in different currencies. 


Until we have found out what has caused this problem and it has been fixed we have closed the website. None of the experts can find any problems with it but until the problem is resolved we prefer not to take any risks.

We have deleted ALL card numbers from the website database. We are aware that a few of you wanted access so you could delete your details but we have done this for everyone.

Paypal. We have been asked why we do not accept it. There are 2 reasons. Firstly when we started work on the new website 4 (four) years ago we could not get it to work with the fully stock controlled warehouse that we wanted to run. We did some trials but it took too long for payments arrive in our bank account which would seriously have delayed the despatch of orders. Things have now improved. Secondly it was too expensive. 3 times the cost of handling Visa and Mastercard. All our payments are now handled by Sage pay, a large British firm. Recently they have started working with Paypal and our website designers had been doing some work to incorporate it into the website. We are going to speed up the work on this and try to get it incorporated quicker.

We will re-open the website as soon as we can but will not be rushing into it.

Thank you for your help and understanding.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES. 
If you see any please contact your company that issued your card.


----------



## vikingBerserker (Oct 26, 2010)

Lucky13 said:


> Will cost you a Revell 1/32 He 111 to keep me quiet Sir....



Damned viking thief...... I respect that!


----------



## Capt. Vick (Oct 28, 2010)

I was a victim. Yesterday someone tried to use my card to buy stuff from an on-line software company and also had a go at buying tickets from Cathey Pacific...twice! Thankfully they couldn't enter the correct CVC so the charges were denied. Unfortunately the account is now closed and I have to wait 7 to 10 for a new one. Oh well it could have been worse...


----------



## Airframes (Oct 28, 2010)

A further e-mail has been sent by Hannant's. The web-site is now partly open, and orders can be placed by telephone/fax. They don't suggest e-mailing card details, and are still looking in to the problem. So far, nothing can be found to identify how/where etc this has happened, and the problem is being treated as serious, being investigated at a high level.
With such a long-standing, trusted company, this would appear to be something beyond their control, and that of the security measures in force, and there are hints (here and elsewhere) that this could be a new, previously unknown, form of 'hacking'.
Coincidentally, at the time I experienced my problem (early September), a 'gang' had just been caught and prosecuted, in the UK, for a similar criminal operation, on a huge scale, involving debit/credit card identity theft. This group, mainly with east European origins, had been operating globally, to the tune of many millions of pounds/dollars worth of fraud.


----------



## rochie (Oct 29, 2010)

got this from Hannants early this morning

Dear Customer,

Two of the investigations into our problem and have come back but failed to find anything significant.

We have analysed a lot (but not all yet) of the information our customers have sent us. We can confidently say that no information was captured as orders were transmitted. This means that we should be able to re-open the website quite quickly.

However it does mean that we still do not know how the data was accessed and so have to recommend that anyone who registered their card details on the NEW website CANCEL the card with their bank. We realise this is annoying, irritating, time consuming and inconvenient but we think it is the safest thing to do under these circumstances.


PLEASE CANCEL ANY CREDIT OR DEBIT CARD THAT WAS REGISTERED ON OUR NEW WEBSITE. (registered on or after March 23rd 2010)


We will re-open as soon as possible with a new system that does not remember the card details. This will be annoying for our customers who order regularly and will not want to enter their card details each time but we think it is the best way to go at the moment.

This will mean that we will not be able to automatically send any back orders. We will NOT be cancelling any back orders and will send you all revised Back Order details as soon as we have decided on the best way to handle them. For the moment you can add any available items to your cart and then phone or fax your card details through. Then we can download the order from your cart and attach the card details. We will charge and despatch as soon as we can.


TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as usual. Add what you want to buy to your cart as before BUT then email us to say it is there in your cart. We will then download it and have it ready for collection and payment at the show. You do not pay until you collect so we do not need any payment now. The country in the delivery address should be Collect from show NOT United Kingdom or any other country.

MAILORDERS. WE CAN NOW ACCEPT ORDERS THIS WAY. BUT ONLY THIS WAY PLEASE. Please put your order in the cart as normal then TELEPHONE or FAX us with your card details. We will then download your order and attach the card details to the order. We will then be able to process your order. Our email is not secure so we cannot recommend you send your card details that way though we know a lot of you will.

PLEASE DO NOT PHONE OR FAX OR POST YOUR ORDERS TO US AT THE MOMENT. WE ARE GRATEFUL FOR FOR YOUR ORDERS BUT CANNOT LOAD THEM TO THE WEBSITE AS QUICKLY AS YOU CAN.

We are sending this email via 2 methods so as to try and get it delivered. We apologise if you receive it twice.

We are still receiving immense amounts of support and help and we thank you all for it.

Best regards

Hannants.
If you want to use the Hot News as an HTML for your own website you can convert it by using this link http://website101.com/cgi-bin/t2h/Mt2h.cgi


----------



## tail end charlie (Oct 29, 2010)

Imagine the fun I had working in China


----------



## BombTaxi (Oct 29, 2010)

Crap. I checked my statement about 15.00, saw nothing untoward, then ordered from them


----------



## Airframes (Oct 29, 2010)

Although Hannant's state the web-site is partly open, I'm still getting the 'Temporarily Closed' message - no web-site access. B*gg*r, I wanted to check on some things too !


----------



## BombTaxi (Oct 29, 2010)

It accepted and charged my order  That was about 1500-ish


----------



## Airframes (Oct 29, 2010)

Hmm. I can't even get access. I'll try re-entering the address, rather than using the 'Bookmark' one.


----------



## Lucky13 (Oct 29, 2010)

*The latest email that I recieved a few minutes ago.....*

_Following our recent credit card security issues, we can confidently say that NO information was captured as orders were transmitted. This means that orders can safely be placed at our website.

We have now RE-OPENED this website but modified the way we work. You cannot save any card details now. When you go to check out you will be asked to enter your card details. As soon as you have sent the order the card details are deleted.

Because we no longer have any card details we will not be able to automatically send any Back Orders. We HAVE NOT cancelled any Back Orders and hope to have a modified system available soon. Sagepay have recently developed a new system which is exactly what we were looking for when the new site was being created. For now please add Back Order items to your cart and send the order when you are ready. When you are logged in you can use the Watching facility to be told by email when a kit you are interested in is available.

TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as shown in Your Account> Change Your Delivery Address Details> Add An Address. Then make this your default address. Next add the items you want to buy to your cart and then go to checkout. You will need to enter your card number to make the system accept your order but it will not be charged. It will be deleted after the order has been sent.

Continuing investigations have ruled out a compromised PC accessing the administration to harvest the card data. The server logs have failed to find any SQL injections. The investigations will continue.
If you want to use the Hot News as an HTML for your own website you can convert it by using this link http://website101.com/cgi-bin/t2h/Mt2h.cgi_


----------



## vikingBerserker (Oct 29, 2010)

Wonder if it was an inside job. Haven't had any issues with my cards (thankfully!).


----------



## BombTaxi (Nov 4, 2010)

Just got off the phone to the bank, card cancelled and a new one on the way after someone tried to spend a big chunk of my money  Still, at least the bank caught it before it was processed


----------



## Capt. Vick (Nov 4, 2010)

vikingBerserker said:


> Wonder if it was an inside job.



My thoughts exactly. I wonder why they haven't mentioned this as a possibility in their E-mail updates? Oh... Never mind.


----------



## Lucky13 (Nov 19, 2010)

Just noticed that Hannants is now accepting PayPal!


----------



## vikingBerserker (Nov 19, 2010)

YES!!!!!!!!!!


----------



## Jayl (Nov 19, 2010)

I ordered decals from them for the BoB build and I had to cancel my card after my bank noticed a strange attempt at a transaction. The good thing about it is that they now accept paypal which is nice.


----------



## HealzDevo (Nov 20, 2010)

Sadly all I can say is that we will need to get used to this stuff until governments and banks get serious about busting the backsides of these gangs. Honestly the world needs a flying squad to take down these criminals whenever and wherever they are hiding without mercy. They know that if they hide in countries such as India, China, Iran, Pakistan and other places there is no will among the Western Countries to do anything about them...


----------



## Lucky13 (Nov 20, 2010)

True! Them b*stards should be boiled alive!


----------



## vikingBerserker (Nov 20, 2010)

A-fricken-men!


----------

