PrawnHub! Hackers redirect Angling Direct customers to adult website

Graham Cluley
Graham Cluley
@[email protected]

PrawnHub! Hackers redirect Angling Direct customers to adult website

Mischievous hackers have breached the IT systems of the UK’s biggest fishing gear outlet, redirecting customers of its online store to an X-rated website.

Angling Direct, which as well as selling fishing equipment online has around 40 stores across the country, announced on the London Stock Exchange that it first detected unauthorised activity on its network “late on Friday 5 November 2021.”

Missing an obvious opportunity to refer to the hackers as “highly sofishticated,” Angling Direct said that it did not believe any customers’ financial details had been accessed by the intruders:

This unauthorised activity shut down the Company’s websites and these remain inactive. Some of the Company’s social media accounts have also been compromised. The Board has appointed external cyber security specialists whose investigations are underway to establish what happened. Work continues round the clock to bring the websites back online while our 39 retail stores across the UK have remained open and continue to trade.

As a precaution, the Company has notified the relevant regulators and law enforcement agencies, including the Information Commissioner’s Office in the UK. We are mindful of our obligations regarding data; it is too soon yet to make any determination around the impact this incident has had on personal data, but we will inform any individuals in line with our regulatory obligations should there be a need to do so. Importantly, the Company does not hold any customer financial data as our website transactions are handled by third parties.

Visitors to the Angling Direct website are currently greeted by a “We will be back soon” holding page.

Back soon

But as recently as yesterday the site was still directing visitors to PornHub.

That’s not the kind of tackle anglers were looking for, I suspect…

Meanwhile, parents posted on Twitter about the effect the hack might have on their innocent children.

Parent tweet

Meanwhile, Angling Direct’s own Twitter account was hijacked by the attackers on Sunday evening, who joked that the company had been sold to MindGeek (the owners of PornHub), and that Angling Direct’s customers could register for a free premium PornHub account.

Angling direct tweet 1

A subsequent tweet by the hackers from the hijacked account invited the IT team at Angling Direct to get in touch if they wanted their data back and access to the company’s DNS records restored.

Angling direct tweet 2

My guess is that the hackers took advantage of sloppy security at Angling Direct, and that allowed them to hijack the social media accounts, redirect website visitors to a pornographic website, and intercept email coming into the company.

Sign up to our free newsletter.
Security news, advice, and tips.

Clearly the company’s DNS records and social media accounts were not properly secured – perhaps they might even have been reusing passwords and not enabled two-factor authentication?

It’s 2021, for Cod’s hake. We should be doing better than this.

For more discussion on this topic, check out this episode of the “Smashing Security” podcast:

Smashing Security #251: 'PrawnHub, Tesla recall, and IoT luggage'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “PrawnHub! Hackers redirect Angling Direct customers to adult website”

  1. Rod Fisher

    Whale Ill be blowed, for Cods sake, there is no need to Carp on about this, but there is a Plaice for this sort of Ling.
    There are some Herring young whipper Snappers around.
    Don't be Shellfish, Prawn is everywhere, you cant avoid it these Dace.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.