Seen on Twitter:
It appears someone took over the @FastShop account and was using it to tell the Brazilian retailer that they have been hacked and are being extorted. The following was posted last night:
FastShop’s website describes what kinds of personal information FastShop collects:
In general, we collect the following personal data:
1. Full name;
2. RG;
3. CPF;
4. Full address;
5. Date of birth;
6. Email;
7. Password;
8. IP Address;
9. Telephone;
10. Information related to the form of payment.
They also note, “We may collect information about you from other sources, such as other customers, partners and publicly available sources. ” So it sounds like they may have personal information on customers even if customers have not provided it to them directly.
As of the time of this publication, there is nothing on FastShop’s website to indicate that there has been any breach. Nor have the attackers posted any proof. The only thing that seems clear at this point is that the Twitter account was taken over.
This post will be updated when more information becomes available.
Update: FastShop subsequently confirmed the attack after they regained control of their Twitter account. The first has stated that there was no damage to customer accounts.