Wiggle Investigates Cyber-Attack

Written by

Online sports retailer Wiggle is investigating a suspected cyber-attack after receiving a series of complaints from customers.

Concerns were raised after customers received emails confirming orders for items from Wiggle that they had not placed. The suspicious orders were set to be delivered to addresses that the confused customers did not recognize. 

The idea that Wiggle had been hit by a possible cyber-attack was first mooted on June 12. One customer reached out to cycling news site Road.cc after failing to illicit a response from Wiggle regarding a £30 order charged to his account that he said was not made by him.

Another Wiggle customer, Kobi Omenaka, took to Twitter to complain that he had received no response from the retailer after informing them that an imposter had used his account to purchase a £237.50 skin-tight cycling suit in dark steel blue. 

Along with an attachment of the order confirmation, Omenaka posted "@Wiggle_Sport someone broke into my account and ordered this. I told customer services as it happened but no one has come back to me."

Twitter user George Slokoski responded to Omenaka's tweet, saying that he had also experienced issues with his Wiggle account.

"Mine also hacked this AM," wrote Slokoski. "Got an email saying my email address has changed to kikogtx+40@gmail.com and shortly after I had a charge for £5."

Another user, Harry Holmes, tweeted, "The same happened to me!" and asked Omenaka if his fake order was also being sent to an address in Twickenham, London.

On June 14, another customer, who uses the handle @hayleybadger on Twitter, tweeted the store: "@Wiggle_Sport Are you under cyber attack? I've received an email to say someone's changed my account to their email address and I can’t access your website."

Wiggle responded to the tweet above with an invitation to discuss the matter over live chat. 

Twitter user @Omidpyc claims Wiggle has been aware of a cybersecurity breach for over ten days but has not gone public with the news.

Earlier today he tweeted: "Just had a call from Ross Clemmons. He says Wiggle are going to put out an announcement (Crossed fingers) and apologized for their dire response over the weekend."

According to @Omidpyc, Clemmons "agreed customer account flow was insecure and it’s been reported to ICO."

What’s hot on Infosecurity Magazine?