Planet Ice, which operates 14 ice rinks up and down the UK, has revealed that criminal hackers managed to break into its systems and steal the personal details of over 240,000 customers. The first hint most skating and ice hockey fans saw that there could be a problem occurred at the start of last week, when their attempts to book tickets online were met with a terse message explaining that Planet Ice's servers were "Experiencing unplanned server downtime." In the following days, some customers reported receiving an email from Planet Ice that revealed it had discovered its "Ice Account" system had been breached, giving unauthorised parties "External access to the non-financial areas of the system." Although it's obviously a good thing that payment information was not accessed by the hackers, it's easy to imagine how the above information could be exploited by scammers. The passwords were stored as MD5 hashes, and so it's not just a case of ensuring that you change your Planet Ice password but also change your login credentials anywhere else where you might have been using the same password. Fraudsters might attempt to contact Planet Ice customers - using the personal details garnered from the compromised accounts to appear more convincing - in an attempt to phish further information from unsuspecting victims, or point them to bogus websites, or trick them into opening malicious attachments. Planet Ice says that it has notified the Information Commissioner's Office about the breach, and has called in external cybersecurity experts to assist it with its investigation and response. Some Planet Ice customers have turned to social media, angry that the first they heard about the security breach was from media reports or HaveIBeenPwned rather than from the company itself. Which seems a little unfair on poor old Ross, who must be hacking a hell of a time sending out those 240,488 notification emails one-by-one.
This Cyber News was published on www.bitdefender.com. Publication date: Wed, 01 Feb 2023 21:24:03 +0000