- Škoda Auto confirms online shop was breached via a vulnerability in ecommerce portal software
- Attackers accessed names, addresses, emails, phone numbers, order info, plus usernames and hashed passwords; payment data not affected
- Shop taken offline, forensics engaged, authorities notified; customers warned of possible phishing attempts despite no evidence of data misuse
Škoda Auto has confirmed its online shop was hit by a cyberattack, and said the hackers might have accessed personal customer files.
The incident occurred when the attackers found a vulnerability in its ecommerce portal software. Škoda did not say exactly when the attack happened, but it did say it was spotted during security monitoring.
“As part of our technical security monitoring, it was discovered that unauthorized persons had exploited a vulnerability in the standard shop software used,” the announcement, machine-translated, reads. “In this way, they were able to gain temporary unauthorized access to the shop system.”
What data was compromised?
In response, the company took the shop offline, and the attackers were ousted from the systems. After that, the incident was handed over to specialized IT forensics crew and reported to the relevant authorities.
The company did not say who the threat actors were, or what the nature of the incident was.
Therefore, we don’t know if this was a ransomware attack, or how many people were affected. Škoda did say that the attackers accessed people’s names, postal addresses, email addresses and, in some instances, phone numbers.
Order information was also compromised, and so were usernames and passwords. These, however, were hashed. Credit cards and other payment information were not taken.
“The technical analysis has shown that access to data stored in the shop was possible in principle. However, due to the nature of the protocols available, it is not possible to trace in all details whether and to what extent data was actually copied or retrieved,” Škoda said, before stressing that there is yet no evidence the data is being used in the wild. Still, customers are warned about potential phishing attacks.
Via BleepingComputer
