Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
German software developer Ashampoo has informed its 14 million customers that hackers gained access to its customer database in an embarrassing security breach.
The breach stings particularly for Ashampoo because it offers security software as part of its product portfolio.
Ashampoo chief executive Rolf Hilchner emailed customers and posted a message on the software vendor’s website after discovering that hackers had gained access to one of its servers.
“Like many other companies, we are targeted by organisations of hackers that try to break into IT systems in order to steal data,” he said. “Unfortunately, one of our security systems fell victim to such an attack recently. An unauthorised access to one of our servers took place.”
The company said billing information - including credit card and banking details – had not been compromised in the attack, as that data was stored on a separate system.
Hilchner nonetheless warned that hackers might attempt to use the customer information for financial gain. It could be combined with vulnerabilities in mail server systems of other companies, he said, in order to send alleged order confirmations in their name.
He cited a recent example of online retailer PurelyGadgets, which announced on Facebook that its servers were used to send bogus confirmations of orders. Hilchner said the emails contain a manipulated PDF document as an attachment that could be used to load malicious code upon execution.
“Generally it is always important that you stay suspicious of unknown senders and that you do not respond to requests that tell you to open attachments,” Hilchner said.
He advised customers not to open an attachment and delete any email that claimed to be a confirmation of an order from a company the customer cannot recall purchasing from.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.