Sports fans who shopped online for gear may want to check in with their credit card company. Four websites have been compromised. Hackers obtained complete credit card info including CVVs, along with other private details, for over 1.8 million users in a combined cyberattack. Lawyers for the sites confirmed the attack occurred on October 1. The sites have contacted their customers, stating that an external system breach happened.
From Bleeping Computer:
The sites first learned of the breach on October 15th, and after an investigation, confirmed on November 29th the customers that had their payment information stolen.
The details that have been compromised as a result of this incident are the following:
• Full name
• Financial account number
• Credit card number (with CVV)
• Debit card number (with CVV)
• Website account password
After the conclusion of the investigation, the websites sent notices to the affected individuals on December 16th, 2021.
Details regarding how the attack managed to breach the sites have not been revealed, although it is apparent the actors knew exactly how to exploit their security measures. As of yet, none of the sites are offering identity theft protection services.
“Upon becoming aware of the incident, Tackle Warehouse took the measures referenced above. We also reported the incident to the payment card brands in an attempt to prevent fraudulent activity on the affected accounts,” said a letter to customers.
“We also reported the incident to law enforcement and have worked closely with the digital forensics firm to enhance the security of our sites to facilitate safe and secure transactions.”
The hacked websites are listed below.
• Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear
• Running Warehouse LLC (runningwarehouse.com) – Running apparel
• Tennis Warehouse LCC (tennis-warehouse.com) – Tennis apparel
• Skate Warehouse LLC (skatewarehouse.com) – Skateboards and skating apparel
Source: Bleeping Computer