The effects of the recent cyber attack against the cooperative could be much more harmful than previously believed after the apparent computer pirates boasted to steal large amounts of company data, including customer information.
The “dragonforce” hackers contacted BBCSharing screenshots of their communication with the company, where they claim to have stolen the “customer database and the data card data of the cooperative”.
Co-Op later seemed to confirm the theft, saying in a statement to Bleepingcomputer“” As a result of the ongoing forensic research, we now know that computer pirates could access and extract data from one of our systems. “
Stolen cooperative customer data
“The data that is accessed included information related to a significant number of our current and previous members,” the CO-OP declaration continued.
“These data include personal data of the members of the cooperative group, such as names and contact data, and did not include the passwords of the members, the details of the bank or the credit card, the transactions or the information related to the products or services of the clients or customers with the cooperative group.”
In an attempt to demonstrate his worth, the BBC Dragonforce says shared databases, including usernames and passwords of all cooperative employees, as well as a sample of 10,000 customer data, including cooperative membership card numbers, names, house addresses, electronic emails and telephone numbers.
Computer pirates say that up to 20 million people have registered or registered in the past, with the cooperative rewards program, which means that the range of affected users could be huge.
Dragonforce said they contacted the Cooperativa cyber security chief and other executives through Microsoft equipment, sharing screenshots of extortion messages with the BBC.
The cooperative had told employees to keep their cameras while using Microsoft equipment for meetings, in addition to being told that they did not register or transcribe calls, and verify that all participants were a genuine cooperative staff, which suggested that computer pirates could access internal systems.
CO-OP has more than 2,500 supermarkets, as well as 800 funerals and an insurance business, and uses around 70,000 employees throughout the United Kingdom.
The attack on the cooperative was the third in a variety of incidents that affect the main retailers of the United Kingdom, with Marks and Spencer and Harrods also beaten in recent days.
Dragonforce told the BBC They were also responsible for other attacks, but apparently they did not share any evidence to prove this, and refused to elaborate.
How can I stay safe?
While it is not yet known how precise are Dragonforce’s claims, cooperative clients must be cautious in the next few days only to be safe and to get ahead of any impact if their information has been affected.
In an incident like this in which it is not clear that the data, if any, have been affected, the first thing to do is change their password linked to their CO -OP account, as well as any other site with the same credentials, we have gathered a guide on how to create a safe password to ensure that it is as safe as possible.
The next step, and probably the most important, is to stay attentive. With his name and email address, a criminal can send sophisticated social engineering attacks, intended to deceive him to deliver more information or discharge malware.
Be sure to verify double unexpected communication and email addresses, especially cross reference against legitimate email addresses (these can be found in Google).
Be careful especially with any email to ask you to enter any information, click on a link or scan a QR code. Phishing attacks using QR codes are increasingly common and are more dangerous than ever, so make sure everything you scan be verified in advance.
If a criminal sends an email, most likely there are signs. The first is the email address from which communication comes: if it is G00GLE or M1Crrosoft instead of its legitimate addresses, simply eliminate email. If you receive a text message, email or unexpected phone call from anyone who claims to be a “friend”, of a number or address that does not recognize, especially one that asks you to log in, send money, buy a gift card, be very suspicious.
