PrawnHub! Hackers redirect Angling Direct customers to adult website

Graham Cluley
@gcluley

PrawnHub! Hackers redirect Angling Direct customers to adult website

Mischievous hackers have breached the IT systems of the UK’s biggest fishing gear outlet, redirecting customers of its online store to an X-rated website.

Angling Direct, which as well as selling fishing equipment online has around 40 stores across the country, announced on the London Stock Exchange that it first detected unauthorised activity on its network “late on Friday 5 November 2021.”

Missing an obvious opportunity to refer to the hackers as “highly sofishticated,” Angling Direct said that it did not believe any customers’ financial details had been accessed by the intruders:

This unauthorised activity shut down the Company’s websites and these remain inactive. Some of the Company’s social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade.

As a precaution, the Company has notified the relevant regulators and law enforcement agencies, including the Information Commissioner’s Office in the UK. We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data, but we will inform any individuals in line with our regulatory obligations should there be a need to do so. Importantly, the Company does not hold any customer financial data as our website transactions are handled by third parties.

Visitors to the Angling Direct website are currently greeted by a “We will be back soon” holding page.

But as recently as yesterday the site was still directing visitors to PornHub.

That’s not the kind of tackle anglers were looking for, I suspect…

Meanwhile, parents posted on Twitter about the effect the hack might have on their innocent children.

Meanwhile, Angling Direct’s own Twitter account was hijacked by the attackers on Sunday evening, who joked that the company had been sold to MindGeek (the owners of PornHub), and that Angling Direct’s customers could register for a free premium PornHub account.

A subsequent tweet by the hackers from the hijacked account invited the IT team at Angling Direct to get in touch if they wanted their data back and access to the company’s DNS records restored.

My guess is that the hackers took advantage of sloppy security at Angling Direct, and that allowed them to hijack the social media accounts, redirect website visitors to a pornographic website, and intercept email coming into the company.

Sign up to our newsletter
Security news, advice, and tips.

Clearly the company’s DNS records and social media accounts were not properly secured – perhaps they might even have been reusing passwords and not enabled two-factor authentication?

It’s 2021, for Cod’s hake. We should be doing better than this.

For more discussion on this topic, check out this episode of the “Smashing Security” podcast:

Smashing Security #251: 'PrawnHub, Tesla recall, and IoT luggage'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/fb4ab581-8a40-43df-a7b7-a4a4813c24f9.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on “PrawnHub! Hackers redirect Angling Direct customers to adult website”

  1. Whale Ill be blowed, for Cods sake, there is no need to Carp on about this, but there is a Plaice for this sort of Ling.
    There are some Herring young whipper Snappers around.
    Don't be Shellfish, Prawn is everywhere, you cant avoid it these Dace.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.