Hackers breach security vendor's defences

Ashampoo informs 14 million customers.

German software developer Ashampoo has informed its 14 million customers that hackers gained access to its customer database in an embarrassing security breach.

The breach stings particularly for Ashampoo because it offers security software as part of its product portfolio.

Ashampoo chief executive Rolf Hilchner emailed customers and posted a message on the software vendor’s website after discovering that hackers had gained access to one of its servers.

“Like many other companies, we are targeted by organisations of hackers that try to break into IT systems in order to steal data,” he said. “Unfortunately, one of our security systems fell victim to such an attack recently. An unauthorised access to one of our servers took place.”

The company said billing information - including credit card and banking details – had not been compromised in the attack, as that data was stored on a separate system.

Hilchner nonetheless warned that hackers might attempt to use the customer information for financial gain. It could be combined with vulnerabilities in mail server systems of other companies, he said, in order to send alleged order confirmations in their name.

He cited a recent example of online retailer PurelyGadgets, which announced on Facebook that its servers were used to send bogus confirmations of orders. Hilchner said the emails contain a manipulated PDF document as an attachment that could be used to load malicious code upon execution.

“Generally it is always important that you stay suspicious of unknown senders and that you do not respond to requests that tell you to open attachments,” Hilchner said.

He advised customers not to open an attachment and delete any email that claimed to be a confirmation of an order from a company the customer cannot recall purchasing from.