 Poster: A snowHead
|
Just got this from sportpursuit about a potential data hack
email reads
Dear XXXXX,
We are sorry to inform you that we have uncovered evidence that SportPursuit has been the victim of an attempted data hack, which may have affected a limited number of SportPursuit members. The fact that you are receiving this email means that you may be affected.
Our advice is that you remain vigilant over the coming days. Should you see any evidence of unusual activity on your bank account or credit card, you should contact your bank immediately to report this.
The SportPursuit team acted immediately to fix the problem, and the issue has been resolved. You can continue to use our site with confidence that your transactions are secure.
The security of our customers' data is a top priority for us. We take very extensive steps to protect ourselves from hacks and to keep your personal details safe. As far as we are aware this is the first time that our data may have been accessed, and we wanted to immediately inform you so you can remain vigilant and react quickly should there be a problem.
We have a dedicated team of customer service specialists that you can reach on customersupport@sportpursuit.com. FAQs are available on our website (www.sportpursuit.com/data-faqs), we will keep this updated.
We're sorry to bring you this news on a bank holiday weekend, but when it comes to data, our priority is always to give our customers the facts and keep you informed as soon as possible.
Regards,
Blake
Head of Customer Service
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
Me too, but credit card seems to be ok
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
|
They have been hacked as I had a "PayPal" phishing email sent to the email address I had given to sport pursuit. However sport pursuit hasn't sent me an me an email telling me of this. Are you sure the email gas been sent from sport pursuit and not the hackers?
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
@NickyJ, I don't use my first name in my email address, and it was addressed to me (my wife had an email from them as well, different email address, and was same format). It was from this email address customersupport@sportpursuit.com with title Data security issue potentially affecting some members.
so I would think it is genuine.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
|
@NickyJ I haven't had an email, but just checked and I've used PayPal for all transactions. I was wondering if maybe they hadn't sent emails to PayPal-only customers as they would not be at risk from cc fraud in this instance?
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
I don't HAVE a PayPal account.
|
|
|
|
|
|
|
|
|
@Zorrac, fair enough they had my name and the email address I had given to sport pursuit, so they clearly have that data (like you the email they had for me did not contain my name). Given it isn't trying to entice you to login via link as mine was its probably genuine... Wonder why they haven't told every customer? I suppose it could be because I haven't ordered anything for a while. Or thinking about it i never save my cc details with most companies (there are a handful of exceptions but they aren't one of those) maybe that is why.
|
|
|
|
|
|
|
|
|
@NickyJ, I purchased something from them a few weeks ago, so there is probably a time frame on it
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
| Zorrac wrote: |
| @NickyJ, I purchased something from them a few weeks ago, so there is probably a time frame on it |
That makes sense, been a while since I actually ordered something from them.
|
|
|
|
|
|
|
|
|
@Zorrac, I made a purchase last week...
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
Yeah, me too. Recent purchase, same email received. Account ok so far, but a bit of a nuisance as its my main card, and I'm away again on Weds, meaning no time to get a replacement. Grr...
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
|
I would not expect them to hold cc details once a transaction is complete
|
|
|
|
|
|
|
|
|
I got the email but haven't ordered anything since last summer. My payment was by cc not paypal.
|
|
|
|
|
|
You know it makes sense.
|
I got the email but have ordered within the last month. My partner also got the email and hasn't ordered anything since June 2015. Either they have in fact emailed everyone (rather than a limited number of potentially affected members), or they were accidentally keeping cc details a rather long time  .
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
|
got the same email - just to be safe i've changed the password on SP and also Paypal that i use for payments
|
|
|
|
|
|
Poster: A snowHead
|
Still no email for me, even though I've placed an order recently.
Interesting to see they are still not using https for the login.
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
I haven't ordered from them for a while, didn't get their email but did get the PayPal one.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
| holidayloverxx wrote: |
| I would not expect them to hold cc details once a transaction is complete |
Nor would I, that's what encryption is all about. They shouldn't be holding the actual details.
I got the email too.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
|
I had an email warning from SP a few weeks ago after a purchase and was then contacted last Sunday evening by my bank as 13 attempts in 10 minutes on my account one for 7k! They got £99 out which has been re-embursed by the bank and new card.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
I also got fraud alerts from my bank - someone tried to make a payment of £3-something, and another for less than a quid on a dodgy American jewellery website... Must have known I didn't have much money in it 
|
|
|
|
|
|
|
|
|
I just checked and all my purchases with SP have been with PayPal. No unusual transactions showing up so far.
|
|
|
|
|
|
|
|
Damn you SportPursuit. Just ordered the mushette a new POC helmet 
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
|
Nothing heard and I've done a couple of orders this year. Bank account looks OK as well.
|
|
|
|
|
|
|
|
Never got the email but just checked and my purchases have been either using PayPal or Amazon Pay.
@musher, was tempted by the POC gear for my son but so far I've kept my fingers off the 'buy' button.
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
We both bought things from SP but only I got a notice so it looked like different weeks/days were affected.@clarky999, they certainly were not going to get 7k out of that account they tried to use
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
|
Received a replacement credit card out of the blue today. Called to find out why, apparently my bank was notificed of a data breach at a retailer by Visa on the 8th April. They didn't have the retailers name but my guess it was SP, I brought something from them at the start of March.
|
|
|
|
|
|
|
|
|
Just bought a Poc helmet in the current offer and my credit card was refused. Used debit card instead and it went through OK. Bank called to say they had cancelled it due to a suspicious transaction based on information from the police. Must be to do with the Sportpursuit transaction. Both my and Mrs DJL's cards now cut up and awaiting new ones as bank took the decision to cancel cards and change the 16 digit number.
|
|
|
|
|
|
You know it makes sense.
|
|
I presume this doesn't affect customers using Paypal? I just bought some gear today from SP using Paypal checkout. Seemed to go through okay.
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
@uktrailmonster,
I've only ever used PayPal with them and it all seems OK so far.
|
|
|
|
|
|
Poster: A snowHead
|
|
I used paypal with sportpursuit a long while ago, and that email address was only used with them and I just got a paypal phishing email using that email address, it could have only come from their data breach. The fall out from this seems to be a lot larger than i think sportpursuit expected, and they lost quite alot more than they are letting on, plus very naughty to store card info on their server without permission of the holders.
Last edited by Poster: A snowHead on Sat 16-04-16 9:41; edited 1 time in total
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
| DJL wrote: |
| Just bought a Poc helmet in the current offer and my credit card was refused. Used debit card instead and it went through OK. Bank called to say they had cancelled it due to a suspicious transaction based on information from the police. Must be to do with the Sportpursuit transaction. Both my and Mrs DJL's cards now cut up and awaiting new ones as bank took the decision to cancel cards and change the 16 digit number. |
My bank cancelled my card a couple of weeks ago after Sports Pursuit told them my details had been hacked.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
I certainly wouldn't be using a debit card online. At least with credit card there's a buffer between the crook and your bank account, and time to sort something.
It's not just naughty to store card info without permission, it's naughty to store it in one place period. I expect in many of these cases, the "storing" was merely the web devs doing something for convenience, and caching pages. Fine for most of the site, but never ever with anything account related.
That big bike store in Northern Ireland that also sells snowboard stuff did something similar. Got quite a reasonable compensation voucher out of them, when they realised the scale of their grade A cockup. The only time NatWest did anything promptly too, and re-issued me a card based on the store telling them they'd been very naughty.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
The single transaction on that email address goes back to mid 2013, so contary to the email message they sent, they have lost more information than they are suggesting.....probably not getting my custom again..........irresponsible behaviour.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
|
I've put 2 Paypal transactions through SP in the last week and no problems so far. Got some great deals on a new POC helmet, goggles and some socks and pants for my mrs.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
This explains why our credit card provider has stopped our card! A potential answer at last.
|
|
|
|
|
|
|
|
|
Well just had a new card from my bank as 'a security measure', no mention as to what triggered the security measure but guess it was this as I used the card at the start of year.
|
|
|
|
|
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
|
@Gaza, when the trespass jacket I bought from them split around the pocket no tearing just seal, I contacted them about it and the sorted a replacement very promptly. This was despite it being months after I bought the jacket (however I hadn't used it until our weeks holiday after which it happened).
|
|
|
|
|
|
|
|
@Gaza,
Mine turned up without the bolts to mount the chin guard
|
|
|
|
|
|
|
|
FAQ
