I could spend all day, every day, reporting on nothing more than the latest cyber criminal targeted intrusions into enterprise IT systems. Two reports from my today’s Tech Net News column illustrate that we are barely scratching the surface of this significant, continuous, and rapidly expanding problem:
European Space Agency website and FTP servers hacked
Dramatic increase in cyber attacks on critical infrastructure
If you’re an everyday reader here, then you may recall that I regularly recommend that you take advantage of the German software developer Ashampoo’s, occasionally offered free application multipacks.
The downside (for some) is, you must register and provide an email address. Additional benefits can be gained by registering as an Ashampoo member, which includes creating a password.
Unfortunately, Ashampoo has become a victim of a cyber criminal targeted intrusion aimed at their customer database. According to the company:
“Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.
The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected … it is not stored on our system.”
If you have taken advantage of Ashampoo’s offers, then it’s important that you exercise extreme caution with any future emails sent by the company and, any unsolicited email sent by any company, for that matter.
As well, if you have registered as an Ashampoo member, it’s important that you change your account password. Additionally, if you have used the same password elsewhere (you’d be surprised how often this occurs), it’s imperative that you change these passwords immediately.
My thanks to my buddy John B. (a great Scot!), for bringing this unfortunate incident to my attention this morning.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
I have had WinOptimizer 6 (free) for a few weeks & they have had my email address to send me the key
I wonder why I get their special ‘offers’, but not this critical info about a security hole ?
Hi Michael,
It’s very curious. I have an account with Ashampoo which includes a password (not used elsewhere), and I did receive “official” notice of this breach, yesterday – (in my Spam folder, of course).
Your question prompted me to check with a few others, who subscribe to Ashampoo, and it appears that they have been notified as well.
Might I suggest that you email Ashampoo directly, and query them on “what the hell is going on?”
Best,
Bill
Cheers ~ will report back
Thanks Michael.
Best,
Bill
Email Subject: Sadly, Ashampoo has become target of a hacker attack as well…
arrived two hours ago. A trifle late
Hi Michael,
Better late than never, does not apply here. A very poor performance.
Best,
Bill
I also got the same email about then being hacked. This is days after wordpress.com reported that they being hacked into as well.
I don’t use any of Ashampoo software now because they send too many emails, and most of then is just spam.
Hey Daniel,
Thanks for this
I just direct emails from Ashampoo directly into my spam folder – which is how I missed the notice. Luckily, John B. let me know.
Bill
As a user who enjoys the full versions of several of their applications, I too received notification from Ashampoo about their data breach. I added a password to my MyAshampoo account and changed my e-mail address associated with it. The process is a two stepper. The second step being that they send you a link within an e-mail to confirm the change of address.
The problem is they sent the e-mail to the address I changed it to rather than my original e-mail address. When a user’s account gets hacked, doesn’t the hacker often change the e-mail address and/or password so that the user can no longer gain access? Am I wrong to think that sending the confirmation e-mail to the new address is a waste or at the very least counterproductive?
In any case, while it’s dismaying that this type of breach seems to happening with alarming frequency, I’m grateful that reading blogs like yours everyday keeps me as security-conscious as one can be and still enjoy the use of computers and the internet! So once again, I thank you.
Kat
Hi Kat D,
You’re right – a hacker will often restrict a users access to a hacked account. In your case, you have taken the correct steps.
You’re ahead of the game, and it’s anything but counterproductive.
Bill
Hey Bill,
Thanks for the heads up, I got the emails today from ashampoo today as well.
another day, another hacked website. Unfortunately It’s becoming routine
TeX
Hi TeX,
Thanks for letting me know you received the notice.
Best,
Bill
Hmm. Something’s odd here.
While I have never had a full account with a password at Ashampoo, I did have a unique e-mail address registered with them for free software licences. I unsubscribed from their newsletter last year after being inundated with offers for software I no longer needed, and about a month ago I receiving two or three spam e-mails to that address.
My distrust of businesses being what it is, my initial thought was that someone had deliberately passed my information on to spammers now that I was no longer a customer. I have strong suspicions that similar things have happened with other companies. But of course I have no real evidence for this, and to be fair the expected flood of spam has not materialised. Just the initial two or three messages so far.
But now the news of this hacker attack breaks, stating that “security systems fell victim to such an attack recently” and that the “security gap […] was closed immediately” (emphasis mine). I got my Ashampoo warning message this afternoon.
This leads to some inconsistencies, especially dependent upon one’s interpretation of ‘recent’:
1. If the hack was detected and thwarted within the last two or three weeks then my e-mail address must have leaked via some other vector, since it was in the wild at least four weeks ago.
2. If the hack was detected and thwarted four or five weeks ago then Ashampoo are being a bit broad with their definition of ‘recent’.
3. If the hack occurred four or five weeks ago, but the hole has only
just been plugged, then Ashampoo are being broad with their definition of ‘immediate’.
4. I unsubscribed from all of Ashampoo’s mailing lists last year but received their warning e-mail this afternoon, which means Ashampoo must be keeping former customer names and e-mail addresses on record even when those customers have unsubscribed from all of their mailing lists. Probably not against any laws, but not the behaviour I would expect.
Whatever is going on it feels as though something doesn’t add up. Does anyone else have any evidence of addresses unique to Ashampoo receiving junk mail prior to the announcement of this security breach?
Thanks for the comment.
Bill