- Seiko USA website defaced; Attackers claim Shopify backend breach
- Threat actors claim entire customer database stolen and demand ransom within 72 hours
- There are no leaks on the dark web yet; It is not clear if Seiko negotiated or if the attackers were lying, the company was already hit by the BlackCat ransomware in 2023.
The US website of premium watch maker Seiko was defaced over the weekend in an incident in which it also allegedly lost sensitive customer data.
Last weekend, the “Press Lounge” section of Seiko USA’s website displayed a new page called “HACKED.” In it, anonymous threat actors said they accessed the company’s Shopify backend and obtained sensitive customer information.
“This is an urgent security notification regarding your Shopify store. Your customer database has been compromised,” the page allegedly said. “We have successfully breached your Shopify store’s security systems and downloaded your entire customer database.”
Article continues below.
Demanding negotiations
Without showing a sample of the stolen files, the threat actors said they obtained people’s names, email addresses, phone numbers, purchase records, transaction details, addresses, shipping preferences, account creation dates, and various customer notes.
They gave the company 72 hours to communicate and negotiate a ransom payment; Otherwise, criminals would post the stolen treasure on the dark web. They told the company to look for a specific customer account within the Shopify admin panel (ID 8069776801871) and use the email associated with that account to begin negotiations.
Seiko has yet to issue an official statement regarding the attack. However, it restored its website.
Although the weekend is now behind us, the data has yet to appear anywhere on the dark web. Furthermore, no threat actor claimed responsibility for the attack. It could mean that Seiko struck a deal with the attackers, or that the bad guys were simply lying and never had any information to begin with.
The company is no stranger to ransomware attacks. In July 2023, it was attacked by the infamous BlackCat ransomware gang and lost 60,000 “personal data items” from three departments: Group, Surveillance, and Instruments. The data included names, phone numbers, email addresses and postal addresses.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
