fyi ammotogo
Posted: Wed Nov 05, 2014 1:39 pm
Dear Customers,
I am sending you this e-mail to inform you of a malicious hacker attack
against AmmoToGo.com "http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" and to sincerely
apologize to you for any inconvenience that it may have caused you. We
believe it is our responsibility to inform you of this matter, so please
read on.
AmmoToGo.com "http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" is a small business and we do
our best to serve you, to run a reputable business, to support the shooting
community, and to overcome challenges like this one.
Here are the highlights:
1. We do not sell any customer information, whatsoever.
2. Last week, another online ammunition retailer was approached by what
appears to be a foreign hacker offering to sell the AmmoToGo.com
customer/e-mail list, and that retailer kindly alerted us of this contact.
3. Our team immediately began investigating and confirmed yesterday that a
portion of our customer/email list was in fact breached and offered for
sale.
4. Additionally, one of our customers reported late last night that they
had received an e-mail from Target Sports USA to an e-mail address that had
only been given to us (we can only deduce that Target Sports USA bought the
list from the hacker and then began to abuse it).
5. In late August (for unrelated reasons), we re-launched our website on a
far more secure and restricted platform that uses secure encryption, that
is actively monitored against brute force attacks, that is protected by an
intrusion prevention system, and that is pro-actively audited quarterly by
a PCI compliance monitor.
6. As a precaution against precisely this kind of malicious hacker attack,
we do not store credit card information and we have no reason to believe
that any credit card information was stolen.
7. We are certain that FOID’s, driver’s licenses, or other government
issued identification remained secure and were never accessed.
8. We have no reason to believe that any further attacks have occurred
since late August, 2014 when we updated to our new secure database and we
are now much better prepared to fend off any future attacks.
9. It is possible that the hacker obtained your AmmoToGo.com
"http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" password. As a precaution, we recommend
that you go here to change your password and if you have used the same
password on another website, we recommend that you change it there also.
10. We are certain that many of our customers are unaffected by this attack
and we sent this e-mail to only those customers that could be affected.
If you receive any unsolicited e-mails from other online ammunition
retailers, please forward their e-mail to us at
HackerAttack@AmmunitionToGo.com "mailto:HackerAttack@ammunitiontogo.com" so
that we can immediately investigate the matter and put an end to the
SPAMing. Our team will work as long and as hard as necessary to fight back
against the hacker and anyone else who buys and abuses the stolen
information.
We look forward to re-earning your trust in the future and again apologize
for this breach. If we find any additional information as our investigation
develops, we will update this page
"http://www.ammunition2go.com/click.html ... UK&u=M&y=X&" with that information.
Scott
Customer Service ManagerAmmoToGo.com
I am sending you this e-mail to inform you of a malicious hacker attack
against AmmoToGo.com "http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" and to sincerely
apologize to you for any inconvenience that it may have caused you. We
believe it is our responsibility to inform you of this matter, so please
read on.
AmmoToGo.com "http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" is a small business and we do
our best to serve you, to run a reputable business, to support the shooting
community, and to overcome challenges like this one.
Here are the highlights:
1. We do not sell any customer information, whatsoever.
2. Last week, another online ammunition retailer was approached by what
appears to be a foreign hacker offering to sell the AmmoToGo.com
customer/e-mail list, and that retailer kindly alerted us of this contact.
3. Our team immediately began investigating and confirmed yesterday that a
portion of our customer/email list was in fact breached and offered for
sale.
4. Additionally, one of our customers reported late last night that they
had received an e-mail from Target Sports USA to an e-mail address that had
only been given to us (we can only deduce that Target Sports USA bought the
list from the hacker and then began to abuse it).
5. In late August (for unrelated reasons), we re-launched our website on a
far more secure and restricted platform that uses secure encryption, that
is actively monitored against brute force attacks, that is protected by an
intrusion prevention system, and that is pro-actively audited quarterly by
a PCI compliance monitor.
6. As a precaution against precisely this kind of malicious hacker attack,
we do not store credit card information and we have no reason to believe
that any credit card information was stolen.
7. We are certain that FOID’s, driver’s licenses, or other government
issued identification remained secure and were never accessed.
8. We have no reason to believe that any further attacks have occurred
since late August, 2014 when we updated to our new secure database and we
are now much better prepared to fend off any future attacks.
9. It is possible that the hacker obtained your AmmoToGo.com
"http://www.ammunition2go.com/click.html ... UK&u=M&y=b&" password. As a precaution, we recommend
that you go here to change your password and if you have used the same
password on another website, we recommend that you change it there also.
10. We are certain that many of our customers are unaffected by this attack
and we sent this e-mail to only those customers that could be affected.
If you receive any unsolicited e-mails from other online ammunition
retailers, please forward their e-mail to us at
HackerAttack@AmmunitionToGo.com "mailto:HackerAttack@ammunitiontogo.com" so
that we can immediately investigate the matter and put an end to the
SPAMing. Our team will work as long and as hard as necessary to fight back
against the hacker and anyone else who buys and abuses the stolen
information.
We look forward to re-earning your trust in the future and again apologize
for this breach. If we find any additional information as our investigation
develops, we will update this page
"http://www.ammunition2go.com/click.html ... UK&u=M&y=X&" with that information.
Scott
Customer Service ManagerAmmoToGo.com