Hackers Obtained Credit Card Info for over 1.8 Million Users from Sports Gear Sites

Hackers gained access to credit card information for approximately 1.8 million users through at least six different types of sports gear sites between February and March 2018, according to a report from InformationWeek. The compromised websites were used by customers who purchased goods such as basketballs, baseball bats and soccer balls off the internet with their credit cards during that time period. Experts say these practices are common among e-commerce platforms in order to avoid fraud charges associated with what is known as “chargebacks.”

The “sports equipment stores” is a website that sells sports gear. Hackers obtained credit card information for over 1.8 million users from the site. The hackers then used the stolen credit card information to make purchases on other websites and rack up charges of more than $1 million.

Mastercard image

Sports lovers who purchased merchandise online can contact their credit card company. A total of four websites have been hacked. In a coordinated onslaught, hackers stole entire credit card information, including CVVs and other confidential information, for over 1.8 million consumers. The assault took place on October 1, according to the sites’ lawyers. Customers have been contacted by the sites, who have been informed that an external system compromise occurred.

The following is an excerpt from Bleeping Computer:

The breach was discovered on October 15th, and following an investigation, the clients who had their payment information taken were verified on November 29th.

The following information has been compromised as a consequence of this incident:

• Website account password • Full name • Financial account number • Credit card number (with CVV) • Debit card number (with CVV)

On December 16th, 2021, the websites delivered notifications to the impacted people when the investigation was completed.

The specifics of how the assault succeeded to access the sites have not been published, but it is clear that the perpetrators were well-versed in how to circumvent their security procedures. At this time, none of the sites provide identity theft protection.

“As soon as Tackle Warehouse became aware of the occurrence, it took the steps outlined above.” In order to avoid fraudulent behavior on the affected accounts, we also notified the occurrence to the payment card companies,” read a message to consumers.

“We also informed law enforcement about the event and collaborated with a digital forensics company to improve the security of our sites in order to ensure safe and secure transactions.”

The websites that have been hacked are mentioned below.

Gear Warehouse LLC is a company that sells fishing tackle (tacklewarehouse.com) – Fishing equipment • Warehouse Running LLC (runningwarehouse.com) – Running clothing • LCC Tennis Warehouse (tennis-warehouse.com) – Tennis clothing Skate Warehouse LLC is a company that sells skateboards (skatewarehouse.com) – Skateboards and skate clothing

Bleeping Computer is the source of this information.

Table of Contents