The Seiko USA website online was once defaced over the weekend, exhibiting a message from attackers claiming they stole its Shopify buyer database and dangerous to leak it until a ransom is paid.
Guests to the “Press Living room” segment of the web site had been proven a web page titled “HACKED,” which changed customary content material with what looked to be a ransom call for and information breach notification.
The message warned that attackers had won get entry to to the corporate’s Shopify backend and exfiltrated delicate buyer knowledge.
“That is an pressing safety notification referring to your Shopify retailer. Your buyer database has been compromised,” learn the defaced webpage.
“We have now effectively breached your Shopify retailer’s safety methods and downloaded all the buyer database.”
Supply: BleepingComputer
The danger actors declare the stolen information accommodates the next knowledge:
- Buyer Data: Names, electronic mail addresses, telephone numbers
- Order Historical past: Acquire information, transaction main points
- Delivery Knowledge: Addresses, transport personal tastes
- Account Main points: Account introduction dates, buyer notes
The attackers warn that the stolen information will probably be publicly launched until Seiko USA enters into negotiations.
As a part of the call for, they recommended the corporate to find a selected buyer account, recognized as ID 8069776801871, inside the Shopify admin panel. The danger actors say {that a} touch electronic mail deal with was once added to that account profile and must be used to start up negotiations.
The defacement additional warned that Seiko USA had 72 hours to touch them or the alleged database can be revealed.
BleepingComputer has now not been ready to resolve what danger actor is at the back of the assault and whether or not their claims are official.
Seiko USA has now not publicly showed or replied to BleepingComputer emails concerning the incident, however has since got rid of the extortion message from the website online.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of latest exploits is coming.
On the Self reliant Validation Summit (Would possibly 12 & 14), see how self sustaining, context-rich validation reveals what is exploitable, proves controls dangle, and closes the remediation loop.
