I’m LOLing mostly at the amateur private investigators and speculators.
would indicate a platform weakness
Remember that server OS, webserver software (IIS, Apache) are also key targets for vulns, not just Windows desktops/laptops 😉 And that’s before I’d start blaming CRC or their E-commerce software supplier.
CRC is not the first, and won’t be the last. Lush got taken out recently… TWICE! and given that they took their entire website offline, I’d speculate that they got hit by an OS or Webserver zero-day vuln rather than their e-commerce s/w.
Still checking my CC a/c…
Oh and that’s another vuln 😉 I registered my CC for online banking last night. Only needed CC no., name as written on the front, etc. If a fraudster has my card details they can verify them online directly with my bank. Then go make a purchase, and they have a few days before my bank sends me the authorisation code by snail-mail.