- Seiko USA website defaced; attackers claim Shopify backend breach
- Threat actors allege theft of full customer database, demand ransom within 72 hours
- No dark web leak yet; unclear if Seiko negotiated or if attackers were bluffing, company previously hit by BlackCat ransomware in 2023
Premium watch manufacturer Seiko has had its US website defaced over the weekend in an incident in which it allegedly also lost sensitive customer data.
Last weekend, the “Press Lounge” section of the Seiko USA website displayed a new page called “HACKED”. In it, the unnamed threat actors said they accessed the company’s Shopify backend and pulled sensitive customer information.
“This is an urgent security notification regarding your Shopify store. Your customer database has been compromised,” the page allegedly said. “We have successfully breached your Shopify store’s security systems and downloaded the entire customer database.”
Article continues below
Demanding negotiations
Without showing a sample of the stolen files, the threat actors said they obtained people’s names, email addresses, phone numbers, purchase records, transaction details, addresses, shipping preferences, account creation dates, and various customer notes.
They gave the company 72 hours to reach out and negotiate paying a ransom, otherwise the crooks would publish the stolen treasure on the dark web. They told the company to look for a specific customer account inside the Shopify admin panel (ID 8069776801871), and use the email associated with that account to begin negotiations.
Seiko has not yet issued an official statement regarding the attack. It did restore its website, though.
Even though the weekend is already behind us, the data has not yet surfaced anywhere on the dark web. Furthermore, no threat actors claimed responsibility for the attack. It could mean that Seiko came to an agreement with the attackers, or that the miscreants were simply bluffing and never had any data to begin with.
The company is no stranger to ransomware attacks. Back in July 2023, it was struck by the infamous BlackCat ransomware gang and lost 60,000 “items of personal data” from three departments – Group, Watch, and Instruments. The data included names, phone numbers, email addresses, and postal addresses.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/4adJ3T5YpKFvEjfzbkU6nL-2560-80.jpg
Source link
