Škoda warns customers their data may have been breached following online shop hit

News
By published

A vulnerability in ecommerce software allowed unauthenticated access

Skoda Epiq
(Image credit: Skoda)
  • Škoda Auto confirms online shop was breached via a vulnerability in ecommerce portal software
  • Attackers accessed names, addresses, emails, phone numbers, order info, plus usernames and hashed passwords; payment data not affected
  • Shop taken offline, forensics engaged, authorities notified; customers warned of possible phishing attempts despite no evidence of data misuse

Škoda Auto has confirmed its online shop was hit by a cyberattack, and said the hackers might have accessed personal customer files.

The incident occurred when the attackers found a vulnerability in its ecommerce portal software. Škoda did not say exactly when the attack happened, but it did say it was spotted during security monitoring.

“As part of our technical security monitoring, it was discovered that unauthorized persons had exploited a vulnerability in the standard shop software used,” the announcement, machine-translated, reads. “In this way, they were able to gain temporary unauthorized access to the shop system.”

Latest Videos From

What data was compromised?

In response, the company took the shop offline, and the attackers were ousted from the systems. After that, the incident was handed over to specialized IT forensics crew and reported to the relevant authorities.

The company did not say who the threat actors were, or what the nature of the incident was.

Therefore, we don’t know if this was a ransomware attack, or how many people were affected. Škoda did say that the attackers accessed people’s names, postal addresses, email addresses and, in some instances, phone numbers.

Order information was also compromised, and so were usernames and passwords. These, however, were hashed. Credit cards and other payment information were not taken.

“The technical analysis has shown that access to data stored in the shop was possible in principle. However, due to the nature of the protocols available, it is not possible to trace in all details whether and to what extent data was actually copied or retrieved,” Škoda said, before stressing that there is yet no evidence the data is being used in the wild. Still, customers are warned about potential phishing attacks.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.