My son wanted to on-line play games at www.hotwheels.com but I got complauns that it does not work. I checked what got wrong, and I saw this:
It seems that www.hotwheels.com it got forwarded to http://fi.hotwheels.com/
Fact: A large web site stil has their main web page forwarding their users to their internal management console! I see this as a huge potential security problem (I did not try how much I could do with that console because I did not want to be acused of hacking their site).
Still waiting for comments from Mattel I update if I receive more information on this.
27 Comments
Tomi Engdahl says:
It seems that the problem is somewhat related to country where you come from:
From Finland I get what I described on article,
From english speakinc counry I get forwarded to
http://www.hotwheels.com/en-gb/index.html
where everything works.
There has been already two days since I mailed to Mattel, and no answer. It seems that they are not very interested in that their services have problems…
Tomi Engdahl says:
Hot wheels site works well at URL http://www.hotwheels.com/en-gb/index.html
But when http://www.hotweels.com is accessed from Finland, the problem still persists….
Tomi Engdahl says:
Trying to get this information to Mattel and getting them to react to it in any way is complete disaster.
I have sent several e-mails, used twitter etc… They do not seem to get that anything is wrong.
Tomi Engdahl says:
This is not how companies should handle the people that try to inform them on the findings that look like potential serious security issues on their services!
Tomi Engdahl says:
Something happened when you try to contact high enough on organization (=mail to CEO).
Now users from Finland don’t get this admin screen anymore.
The page does not work at all anymore from Finland – stil some problem in redirecting now – but somewhat better.
English page at http://www.hotwheels.com/en-gb/index.html works.
Tomi Engdahl says:
Mattel Names Sinclair Permanent CEO
Mattel chairman has been interim CEO since January; Dickson named operating chief
http://www.wsj.com/articles/mattel-to-make-christopher-sinclair-permanent-ceo-1428000588
Mattel Inc. named Christopher Sinclair as its permanent chief executive, selecting a longtime board member to steer the toy maker through the early stages of a turnaround.
The appointments come at a difficult time for the toy maker, which is losing ground to rivals as its sales and profit slide.
Mattel’s creative department has been slowed by layers of bureaucracy,
Shares of Mattel have lost 44% of their value in the past 12 months.
Tomi Engdahl says:
http://fi.hotwheels.com/ still giving
“This webpage has a redirect loop
ERR_TOO_MANY_REDIRECTS”
Tomi Engdahl says:
Because I have not heard anything back from Mattel from any of my reports, may I conclude that Mattel does not seem to care on the data security and their brand on-line presence?
At least it seems that they have some problems in reacting to security reports sent to them – or is this silence intentional planned operation practice?
And should I be worried on this development then?
Is Mattel’s Hello Barbie a Privacy Threat to Your Child?
http://idt911.com/education/blog/is-mattels-hello-barbie-a-privacy-threat-to-your-child
Mattel Inc.’s new talking doll, Hello Barbie, connects to the Interent and relies on speech-recognition software to communicate with children. Critics say that poses serious privacy threats to children and families, as outlined in this BloombergBusinesss story.
Hello Barbie’s Critics See Talking Doll as Privacy Threat
http://www.bloomberg.com/news/articles/2015-03-25/hello-barbie-s-critics-see-talking-doll-as-privacy-threat
Tomi Engdahl says:
Story continues and http://www.hotwheels.com/ is still down for people in Finland:
I got some reply from [email protected]
NORSTAR (http://norstar.eu/) is distributor in the Nordic countries within toys and licensed products for children.
They represent Hot Wheels and other Mattel products in Finland and other countries.
They said that Mattel head office for European operations is Mattel UK and they gave this contact
address:
http://service.mattel.com/uk/EmailContact.aspx
I sent note there some few days go. They have not replied anything to this or fixed anything…
This all keeps me wondering does Mattel care at all on their on-line operations and on-line security issues at all….
It seems that all around the reaction seems to be that’s not my business – ignore.
Tomi Engdahl says:
It seems that it takes more than month for a toy maker not to fix a pretty simila URL issue on their site (http://www.hotwheels.com/)… So magazines are way faster in this.
After Twitter falls for a URL trick, Gannett fixes a company-wide glitch
http://www.cjr.org/united_states_project/obligatory_joke_url_here.php
How long does it take a major newspaper chain to fix a very public glitch in its CMS?
About a day and a half, apparently—at least, based on what we saw from the Gannett websites this week.
Tomi Engdahl says:
http://www.hotwheels.com/ and http://www.hotwheels.fi are still down.
Tomi Engdahl says:
And also http://fi.hotwheels.com/
Tomi Engdahl says:
This address works http://www.hotwheels.com/en-gb/index.html
Tomi Engdahl says:
I heard yesterday that data leakage news are bad news for stock value of company, it can typically drop 1-10 percent depending on size of incident, publicity and how the situation is handled.
According to the stock data the Mattel Inc. (company that owns Hot Wheels brand) seems to have the lowest stock value just the same time I revealed this news on site possibly hacked!
The data is here:
https://finance.yahoo.com/chart/MAT#eyJpbnRlcnZhbCI6ImRheSIsInBlcmlvZGljaXR5IjoxLCJjYW5kbGVXaWR0aCI6MS40MTUyMjAyOTM3MjQ5NjY3LCJ2b2x1bWVVbmRlcmxheSI6dHJ1ZSwiY3Jvc3NoYWlyIjp0cnVlLCJjaGFydFR5cGUiOiJsaW5lIiwiZXh0ZW5kZWQiOmZhbHNlLCJjaGFydFNjYWxlIjoibGluZWFyIiwicGFuZWxzIjp7ImNoYXJ0Ijp7InBlcmNlbnQiOjEsImRpc3BsYXkiOiJNQVQiLCJjaGFydE5hbWUiOiJjaGFydCIsInRvcCI6MH19LCJsaW5lV2lkdGgiOjIsInN0cmlwZWRCYWNrZ3JvdWQiOnRydWUsImV2ZW50cyI6dHJ1ZSwic2V0U3BhbiI6bnVsbCwic3ltYm9scyI6W3sic3ltYm9sIjoiTUFUIiwic3ltYm9sT2JqZWN0Ijp7InN5bWJvbCI6Ik1BVCJ9LCJwZXJpb2RpY2l0eSI6MSwiaW50ZXJ2YWwiOiJkYXkiLCJzZXRTcGFuIjpudWxsfV0sInN0dWRpZXMiOnsidm9sIHVuZHIiOnsidHlwZSI6InZvbCB1bmRyIiwiaW5wdXRzIjp7ImlkIjoidm9sIHVuZHIiLCJkaXNwbGF5Ijoidm9sIHVuZHIifSwib3V0cHV0cyI6eyJVcCBWb2x1bWUiOiIjMDBiMDYxIiwiRG93biBWb2x1bWUiOiIjRkYzMDMxIn0sInBhbmVsIjoiY2hhcnQiLCJwYXJhbWV0ZXJzIjp7ImhlaWdodFBlcmNlbnRhZ2UiOjAuMjUsIndpZHRoRmFjdG9yIjowLjQ1LCJjaGFydE5hbWUiOiJjaGFydCJ9fX19
Tomi Engdahl says:
How Did Chinese Phishers Get $3M From Mattel? They Asked
https://www.pymnts.com/news/security-and-risk/2016/how-did-chinese-phishers-get-3m-from-mattel-they-asked/
https://apnews.com/f50ded283c41465d9bdfe0f393732ce1
Mar. 29, 2016
WENZHOU, China (AP) — The email seemed unremarkable: a routine request by Mattel Inc.’s chief executive for a new vendor payment to China.
It was well-timed, arriving on Thursday, April 30, during a tumultuous period for the Los-Angeles based maker of Barbie dolls. Barbie was bombing, particularly overseas, and the CEO, Christopher Sinclair, had officially taken over only that month. Mattel had fired his predecessor.
The finance executive who got the note was naturally eager to please her new boss. She double-checked protocol. Fund transfers required approval from two high-ranking managers. She qualified and so did the CEO, according to a person familiar with the investigation who spoke on condition of anonymity because he was not authorized to speak about the matter. He declined to reveal the finance executive’s name.
Satisfied, the executive wired over $3 million to the Bank of Wenzhou, in China.
Hours later, she mentioned the payment to Sinclair.
But he hadn’t made any such request.
Tomi Engdahl says:
How Did Chinese Phishers Get $3M From Mattel? They Asked
https://www.pymnts.com/news/security-and-risk/2016/how-did-chinese-phishers-get-3m-from-mattel-they-asked/
Associated Press has broken news of an incident that began April 30, 2015 — a month after Mattel’s then-new CEO Christopher Sinclair had taken over the top spot in the organization. The story goes that an anonymous financial executive received an email from Sinclair requesting clearance for a $3 million wire transfer to a bank in China to settle the bill for a vendor’s services. Mattel’s corporate policy on funding transfers requires approval from two executive-level managers, which the presence of the unnamed financial exec and Sinclair’s email imposter seemed to satisfy.
According to IT security firm Beazley, incidents of ransomware in 2016 alone are expected to top the figures from the past two years combined, and 2015 sent 60 percent more data breaches to the company’s breach response services unit than 2014.
Mattel wasn’t hit by anything near as sophisticated as a ransomware attack, but that’s just the point: The more companies myopically focus on the perceived high-tech threats, the easier it’ll be for thieves like this to socially engineer their way right through corporations’ front doors.
Hiding Mattel’s actions of simply handing over millions of dollars under the umbrella of a general rise in cybercrime is giving the toymaker and other corporations lax on IT security a big pass.
Tomi Engdahl says:
Why Mattel Inc. Stock Fell 12% in 2015
The toy retailer trailed the broader market and its competitor, Hasbro, last year.
https://www.fool.com/investing/general/2016/01/12/why-mattel-inc-stock-fell-12-in-2015.aspx
Barbie’s back! And so is Mattel
http://money.cnn.com/2015/12/22/investing/mattel-barbie-toys-hasbro/index.html
Since bottoming out for the year on October 2, Mattel (MAT) is up
The company, under newish CEO Chris Sinclair, made a concerted effort to do more marketing for core brands like Barbie, Hot Wheels, Fisher-Price and Thomas & Friends ahead of Christmas.
Tomi Engdahl says:
Friday, October 16, 2015, 4:04 PM, EST
http://business.nasdaq.com/marketinsite/2015/Market-Intelligence-Desk-Equity-Market-Insight-October-2015.html
Mattel is the best performer on the S&P 500, adding 5% to its price on the heels of positive commentary by their CEO on their quarterly earnings call.
Tomi Engdahl says:
Real story: five year old gets accidentially into management console of US stock company web site, on some regions users will get into console instead of web site, it gets week to get message thriugh to them that something is wrong and during that time the company stock value took one billion dollar drop.
Tomi Engdahl says:
How HOT WHEELS Beat Out MATCHBOX
https://www.youtube.com/watch?v=A_Aw1auPWe0
There is no more popular toy in the automotive world than Hot Wheels. Most of us at Donut were introduced to cars through Hot Wheels, and most still collect them to this day. Much like us there are millions of people that are obsessed with Hot Wheels and have incredible collections. How exactly did Mattel create the biggest selling toy in the world? How did it best companies like Matchbox? And how did a failed guitar design save Hot Wheels from losing to the competition?
Tomi Engdahl says:
Mattel ransomware hackers toy with wrong company
https://www.cybertalk.org/2020/11/09/mattel-ransomware-hackers-toy-with-wrong-company/
Mattel Inc., the company that produces Hot Wheels, Batman action figures and Barbie dolls, recently experienced a ransomware attack. No sensitive data was lost. The company managed to independently overcome the attack. It’s a rare success story.
Mattel reports that it has suffered “no material impact to operations or financial condition.” Typically, ransomware attacks lead to business downtime and flurry of frustrating financial costs.
Straightforward emergency response protocols enabled to company to contain the infection. Mattel’s system’s were down for a brief window, but such an encumbrance amidst a ransomware attack is akin to escaping a car crash with just a few scratches to the paint.
Cyber criminals first targeted Mattel in 2015. That attack involved a spear phishing campaign and an accidental transfer of over $3 million. Since then, Mattel has worked to increase its cyber security measures and protocols.
How Did Chinese Phishers Get $3M From Mattel? They Asked
https://www.pymnts.com/news/security-and-risk/2016/how-did-chinese-phishers-get-3m-from-mattel-they-asked/
The media is obsessed with the word “hacker.” It’s become something of a digital boogeyman, conjuring up images of hooded teenagers bent over keyboards in rooms full of computers and their constituent parts. When one of their elusive number strikes at the corporate world, their skills are discussed in nonspecific and vaguely threatening terms — they bypass, they slip through, they disable security systems.
So, why is it that these super-skilled cyberthieves didn’t even break out their passcode generators when they stole $3 million from Mattel? Where were all the corporate firewalls when the hackers asked and received the money they never should’ve been sent?
That has to be haunting the halls of toymaker Mattel’s headquarters now that Associated Press has broken news of an incident that began April 30, 2015 — a month after Mattel’s then-new CEO Christopher Sinclair had taken over the top spot in the organization. The story goes that an anonymous financial executive received an email from Sinclair requesting clearance for a $3 million wire transfer to a bank in China to settle the bill for a vendor’s services. Mattel’s corporate policy on funding transfers requires approval from two executive-level managers, which the presence of the unnamed financial exec and Sinclair’s email imposter seemed to satisfy.
Tomi Engdahl says:
https://www.itpro.co.uk/security/ransomware/357651/mattel-hit-by-ransomware-attack
Tomi Engdahl says:
https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
Tomi Engdahl says:
https://www.upguard.com/security-report/mattel
Tomi Engdahl says:
https://fortune.com/2015/12/04/hello-barbie-hack/
Tomi Engdahl says:
https://www.linkedin.com/pulse/mattel-transfers-3-million-after-phishing-attack-dan-d-augelli
Tomi Engdahl says:
Leluvalmistaja unohti yhden sanan – ja ohjasi lapset pornon pariin
Mattel pyytää anteeksi.
https://www.is.fi/digitoday/art-2000010827600.html
Leluvalmistaja Mattel vetää kaupoista uuden Wicked-elokuvan tähtien Glindan ja Elphaban nukkeversiot. Syynä on se, että 4-vuotiaille ja tätä vanhemmille suunnatut laulavat lelut sotkeentuivat vahingossa aivan toisenlaiseen viihteeseen.
Asiasta kirjoittavat esimerkiksi BBC ja Rolling Stone. Nukkejen paketeissa sekä verkossa olevissa ohjeissa oli väärä verkkosivun linkki. Sen piti olla wickedmovie.com, joka antaa lisätietoja elokuvasta. Sen sijaan osoitteeksi ilmoitettiin wicked.com, joka sisältää pornoa.
Mattel ‘deeply regrets’ porn site misprint on Wicked dolls
https://www.bbc.com/news/articles/c4gz91pp5llo
Mattel Pulls ‘Wicked’ Dolls After Mistakenly Listing Adult Porn Site on Packaging
“We deeply regret this unfortunate error and are taking immediate action to remedy this,” toy company said in a statement
https://www.rollingstone.com/tv-movies/tv-movie-news/mattel-pulls-wicked-dolls-adult-porn-site-packaging-1235161204/