You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Anyone else had the email that they may have had their data stolen?
Apparently data has been stolen, but we wont find out what for 4-6 weeks.
Edit: Ok, as this is a serious-ish topic I should reveal the above was just a joke on their delivery times. To be more helpful, they have nothing published on their FB/Twitter about any issues?
🙁
I haven't received an email but the website was even slower than usual last night.
The saving are good on some items but the website usability is poor, with pages taking ages to load and the filters being forgotten when you click an item for details. No search function either,increasingly I can't be arsed to use it as it has now becoming as much of a pain as trawling through the rack in TK Max
Apparently data has been stolen, but we wont find out what for 4-6 weeks.Edit: Ok, as this is a serious-ish topic I should reveal the above was just a joke on their delivery times.
Well, you may have been joking but that's about the time it took TalkTalk to let me know my personal data was stolen the most recent time they were careless.
Had this too..
We are sorry to inform you that we have uncovered evidence that SportPursuit has been the victim of an attempted data hack, which may have affected a limited number of SportPursuit members. The fact that you are receiving this email means that you may be affected.
Our advice is that you remain vigilant over the coming days. Should you see any evidence of unusual activity on your bank account or credit card, you should contact your bank immediately to report this.
The SportPursuit team acted immediately to fix the problem, and the issue has been resolved. You can continue to use our site with confidence that your transactions are secure.
The security of our customers' data is a top priority for us. We take very extensive steps to protect ourselves from hacks and to keep your personal details safe. As far as we are aware this is the first time that our data may have been accessed, and we wanted to immediately inform you so you can remain vigilant and react quickly should there be a problem.
We have a dedicated team of customer service specialists that you can reach on customersupport@sportpursuit.com. FAQs are available on our website (www.sportpursuit.com/data-faqs), we will keep this updated.
We're sorry to bring you this news on a bank holiday weekend, but when it comes to data, our priority is always to give our customers the facts and keep you informed as soon as possible.
Regards,
Blake
Head of Customer Service
Got the email. Will contact bank and get a new card. Easiest way
Interesting. Did an order with Sport Pursuit a couple of weeks ago, and my credit card was fraudulently used this week. Of course, I've used it elsewhere, so can't say it's definitely Sport Pursuit, but it's a possible explanation.
Crap news cheshirecat 🙁 I've Just cancelled my card to be safe.
Thanks for the PSA
Bought a couple things on Thursday and don't have the email.
Either they were onto it by then or haven't checked more recent purchases yet. Will keep checking emails and CC account.
I've checked again and I did get the email, arse!
Crap news cheshirecat I've Just cancelled my card to be safe.
Thanks, but not a big deal - the bank's security protocols kicked in (Coop FWIW) and I had the automated call. New card issued, and I won't lose any money. Have other cards, so the only inconvenience is changing the default card on Paypal.
Apparently I spent £700 at ao dot com; if there was some joined up thinking, the police would be round at the delivery address looking for cloned cards etc.
Apparently I spent £700 at ao dot com; if there was some joined up thinking, the police would be round at the delivery address looking for cloned cards etc.
Well their current thinking is to just blame you!
Enlightened thinking there.....
I've used SP in the past but not for years. Haven't had an email so hopefully unaffected.
But - surely they shouldn't be storing CC/bank account info? And unencrypted! It seems to be that info which was compromised, rather than account passwords (which were encrypted?)
Well their current thinking is to just blame you!
> http://www.telegraph.co.uk/personal-banking/current-accounts/banks-shouldnt-refund-online-fraud-victims-says-police-chief/
Enlightened thinking there.....
Don't see how they could prove anything either way. I tend to use my work PC, which is always up to date on malware and anti-virus protection. I suspect this is aimed at phishing attacks rather than card cloning (which could easily be a suspect employee at a physical shop).
But - surely they shouldn't be storing CC/bank account info? And unencrypted! It seems to be that info which was compromised, rather than account passwords (which were encrypted?)
Can't say for sure that the card was compromised at SP. It's my default card, so could have been done anywhere. However, I did order from SP a few weeks ago, so the coincidence factor is there.
I got it but only use Paypal or Amazon payments on there. They don't say anything about that so maybe i should change those passwords. Annoying cos I've had them for years! 😀
Don't see how they could prove anything either way. I
They just don't want to include it in crime figures as it would make them look bad and they are completely unprepared to investigate it, so their clear up stats would look terrible e.g. 0%. Hence they want to blame the victims, just as they did with Rape 10 years ago.
Got the email - cancelled card to play safe
I had the email and I have an order being processed, so I guess it's just possible they may have my CC details stored prior to sending them off to their acquirer. Not something I'm going to lose any sleep about though - I save my worrying for the sites that have had a compromise and not told me.
From their FAQ's
Is payment secure?
All transactions on our site are secure. We use a secure socket layer (SSL) whenever transferring personal information and we only ever hold the last 4 digits of your credit or debit card in our system.
I had the email and I only placed the order on Saturday. Concerned but I'll keep a close eye on my account for the next few weeks....
I got the email too, but it went to my spam folder, so check there if you have used them and haven't seen the email...
Nick
Bit more info from SP...
SportPursuit does not store our members credit or debit card details. However during changes to our website, an error in the code meant that some credit and debit card details were inadvertently stored. They were automatically encrypted by our systems using a strong encryption algorithm. When we became aware that bank details were being stored, we immediately took steps to stop this from taking place and deleted the card details that had been stored. No CVV numbers have been stored on our systems at any point.
I had the email but always use paypal with them. I assume that should be fine as none of my details should be stored with sportpursuit?
I used paypal on an order a few days ago, I got the email.
Doesn't mean I'm at risk though.
Bit of a precautionary email whilst they investigate what data had actually been compromised by the looks of it.
I had a fraudulent payment about 4 weeks ago which is a bit long ago so probably unrelated unless they've had multiple beaches and are only just realising.
Good of them to email people tbh, especially if they're (as they say) emailing people who might not have been affected- that's increasing the reputational hit a fair bit. Obviously it's better to not get hacked in the first place but still.
I've not had an email from them yet?, haven't placed an order for over a month though so perhaps i'm not affected.
Thanks for the heads up, will go look at PP account - as my card I had linked to them is no longer.
Ah ha, this would explain all the recent phishing emails purporting to be from PayPal and other spamming etc attempts to my email account........I was wondering why they were suddenly targeting me big time.
They talk about "SportPursuit members’ encrypted passwords" I hope they mean hashed with a salt not encrypted...
I got the mail. Blocked and deleted the cards to be on the safe side.
I emailed them with some questions and asked them to clarify whether passwords were encrypted or hashed, awaiting a response.
I've not ordered from SP since August last year, but did receive the email today suggested my data may have been compromised, which suggests the error in the code they refer to which meant that some credit and debit card details were inadvertently stored may have been there for some considerable time.
Cancelled my credit card as soon as I received the notification.
I had the email, haven't ordered from them for ages - can't remember how long ago now. Just keeping an eye on cards/ accounts - past experience has shown that the banks' anti fraud stuff is usually pretty good and spots stuff quickly/.
Had a few emails off here the last few days from blatantly hacked accounts
Had the email and just checked my order history. Only ever used a now expired card on there.
We've had the email, but are (currently) just watching and waiting.
Yes , I have suddenly had loads of Paypal phishers on the email address I use for Sportpursuit which has never happened before. Am I naive to assume because I haven't bought anything recently and any cards used are out of date, I am not going be card frauded?
SportPursuit does not store our members credit or debit card details...some credit and debit card details were inadvertently stored.
Boils my piss. If you're going to write an email clarifying what's happened, don't contradict yourself in it!
Well they have to store your full card details (inc CVC number) for long enough to process the payment etc. As to how well they then remove this data, that's another matter.
I was told years ago by Sports Purist that they could not delete my account just stop sending me sale emails. Thats a bit worrying if they have been hacked. I have had no emails from them
No emails here either. Not impressed if they have been hacked and not letting on to everyone.
They have responded to one of my questions where they state they're using salted hashing for passwords. Lots of questions remain unanswered however!