Hackers hacked one of the servers Ashampoo

Received today a letter of the following content:

Dear Ashampoo customer,
')
We are writing to you regarding the important issue. We regret to tell you what we have been accessing. We assume that the attackers were able to purloin data of customers. Sensitive data such as billing information etc. Ashampoo doesn’t store this data.

We read the following website: www.ashampoo.com/datatheft

Yours sincerely,

The ashampoo-team

which can be roughly translated as:

Dear Customer,

We are contacting you about an important issue. We regret to inform you that someone has received unauthorized access to one of our server systems. We believe that intruders could steal customer data. Confidential data, such as payment details, etc. out of danger because we do not store them

We have collected all the information on this incident and posted it at: www.ashampoo.com/datatheft

Respectfully,

Ashampoo-team

Under the cut details (translation)


Dear Clients,

In our company, we are serious about data protection. Therefore, we constantly strive to ensure the highest possible security for our technical systems.
Like many other companies, we are under the gun of hackers who are trying to penetrate information systems in order to steal data. Unfortunately, this time one of our server systems fell victim to such an attack. An unauthorized access to one of our servers was obtained. However, the subsidiaries of Ashampoo are not affected.

What happened?

Hackers got access to one of our servers. We found a gap and immediately sealed it, interrupting the attack, and immediately reported it to the police. Further investigation is ongoing. Unfortunately, hackers have well hidden their tracks, they break off abroad. That is why German law enforcement agencies had to increase spending on the capture of criminals.

What data was stolen?

The stolen pieces of information are names and email addresses. Billing information (such as credit card or bank account information) is certainly not in danger, because it is not stored in our system.

What can hackers do with stolen data?

Among other things, hackers will try to exploit vulnerabilities in mail systems of other companies to send order confirmations made in their name. The company PurelyGadgets , for example, on its page in the FB announced that their servers are used to send confirmation of fictitious orders. Also, an email sent by hackers may contain a PDF file with malicious code. Opening such a file on your computer puts you at risk.

How to protect yourself?

Hackers usually follow the following pattern - they send letters asking you to confirm a fictitious order, or attach various files to emails that the user most often opens and launches. Always be attentive to the letters, the sender of which is unknown to you, and do not open attachments.

If you, for example, received a request for order confirmation from PurelyGadgets or another company, without making the corresponding purchases there, please do not open attachments and immediately delete such letters

Also make sure that you have an antivirus program with updated signature databases.

Using this link you can check the files for malicious code content: www.virustotal.com

Also, do not use the same passwords on different services (eBay, Amazon, etc.) and make your password as difficult as possible, for example, using special characters, numbers, as well as uppercase and lowercase letters. Change your passwords regularly.

We regret…

This whole situation puts us in an awkward position as a respectable software maker. So we would like to apologize again for the inconvenience caused by this.

If you have additional questions about this, our support (security@ashampoo.com) will be glad to help you. All emails on this subject will receive the highest priority.

Thank you for your understanding.

Yours sincerely,

Rolf hilchner
Ashampoo CEO

_________________________

And the old woman is prorukha.

[Update (04/21/2011)] : According to the latest data and in contrast to what PureleyGadets said earlier on its Facebook page, the PurelyGadgets servers themselves were not hacked, but the company name was used to send confirmation of bogus orders.

UPD 2

+

Examples of files attached to letters

Example 1
Example 2

References to Virustotal.