"The incident, the company says, was discovered as part of its technical security monitoring and was the result of a vulnerability in the portal's software. Immediately after learning of the cyberattack, the car maker took the shop offline, patched the exploited vulnerability, reviewed existing security mechanisms, and retained external forensics experts to help with the investigation. It also notified the relevant authorities."
"The hackers, it explains, exploited the bug to access the shop system and accessed data processed through it, including customer names, addresses, email addresses, phone numbers, order details, and information on user accounts. According to Skoda, password hashes were also accessed as part of the breach, but no credit card data was compromised, as these details are processed exclusively through payment service providers and not stored on its systems."
"The protocols it has in place make it impossible to determine if and to what extent data was exfiltrated from its servers. The company has yet to disclose how many individuals were potentially affected. Skoda says it has no evidence that the potentially compromised data might have been misused, but tells users to remain vigilant for phishing messages and unauthorized account logins."
"The company also recommends that users change their passwords, especially if used with multiple accounts across different services, and refrain from disclosing personal information or clicking on links in communication that refers to their relationship with Skoda."
Skoda disclosed a data breach affecting users of its online shop. The issue was found through technical security monitoring and traced to a vulnerability in the shop portal software. After detection, the shop was taken offline, the exploited vulnerability was patched, security mechanisms were reviewed, and external forensics experts were engaged while relevant authorities were notified. The attackers used the bug to access the shop system and obtained data processed through it, including customer names, addresses, email addresses, phone numbers, order details, and user account information. Password hashes were also accessed, but credit card data was not compromised because payment processing occurs through external payment service providers. Skoda cannot determine whether data was exfiltrated or how many individuals were affected, and it has no evidence of misuse. Users are advised to watch for phishing and unauthorized logins, change passwords, and avoid sharing personal information or clicking links in messages referencing Skoda.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]