DataBreaches.Net

Software manufacturer Ashampoo hacked

Posted on by Dissent

Dear Ashampoo customer,

We in the Ashampoo group take data privacy protection very seriously. Therefore we constantly strive to guarantee the maximum possible safety for our technical systems.

Like many other companies we are targeted by organizations of hackers that try to break into IT systems in order to steal data. Unfortunately, one of our security systems fell victim to such an attack recently. An unauthorized access to one of our servers took place. However, subsidiary companies of the Ashampoo group are not affected by this incident.

What happened?

Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately. At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad. That is why the expenditure of the German law enforcement agency was significantly increased and the clearing up has become more difficult.

Which data were stolen?

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected, because our shop service contractors are concerned with this data and it is not stored on our system.

What are the hackers doing with the stolen information?

Among other things hackers try to use the vulnerabilities in mail server systems of other companies in order to send alleged order confirmations in their name. The company PurelyGadgets has for example announced on Facebook that their servers were used to send bogus confirmations of orders.
[Update (21.04.2011): According to the latest findings and in contrast to previously announced by PureleyGadets on Facebook, the servers of PurelyGadgets were not compromised, but the company name has been used for sending fictitious confirmations of orders.]
The e-mails contain a manipulated PDF document in the attachments that apparently uses security vulnerability in order to load malicious code as soon as one tries to open the PDF.

[…]

Read more on Ashampoo