The UK’s biggest fishing shop has been hacked, with its website redirecting keen anglers to an adult website.
Angling Direct, which sells fishing gear online and through stores, said it was hit by the attack late on Friday.
On top of the website redirect, its Twitter account has been compromised to also reference a porn site and to post contact details for the attacker.
The company said it has brought in cyber-security experts to tackle the problem, and alerted authorities.
On Angling Direct’s own Twitter account, the attacker posted a mocking tweet claiming the company had been sold to adult website Pornhub.
“Your data has already been transferred” to the adult video empire, it told fishing enthusiasts, apparently trolling them.
The attacker also posted an email address where they could be reached, along with an offer to return “information and access” to the site. No public demands for ransom were made.
Fishing (or phishing) puns aside, this case will send shivers down the spines of company bosses.
Yes, this attack carries all the hallmarks of an immature teenage hacker having fun but it is no doubt causing serious problems for the victim.
Experts tell me that signs point to employee login credentials having been stolen, allowing the hackers to take over the website and, separately, the Twitter account of the company.
The motive is clear – the hackers want to be paid before they hand back control to the firm.
But in the meantime the company is losing money from potential sales – not to mention trust and reputational damage, as customers are left embarrassed or worse when accidentally visiting an explicit site.
Angling Direct said it is not clear if any personal data has been compromised – and that no payment data could be.
“We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data,” it said in its statement.
“Importantly, the company does not hold any customer financial data, as our website transactions are handled by third parties.”
Angling Direct’s several dozen physical shops remain open for in-store purchases, according to a post by one of the locations on Facebook.
The firm has also posted messages to the Facebook page of at least one local store, apologising to anyone who was “directed away from our site and towards inappropriate content”.