Ashampoo Hacked, Watch Out For Fake Customer Emails
Popular software developer Ashampoo is currently emailing their customers about a recently discovered successful hack on one of their servers. The break-in had been discovered by Ashampoo, and the company interrupted it and closed the security gap that the hackers used to gain access.
Unfortunately though, customer address data and email addresses were stolen by the hackers. Billing information, like credit card numbers or banking information have not been stolen according to Ashampoo who have put up a page with information about the issue on their official website.
Here is the official Ashampoo email:
Dear Ashampoo customer,
We are writing to you concerning an important issue. We regret to tell you that we also detected an unauthorized access to one of our server systems. We assume that the attackers were able to purloin data of customers. Sensitive data such as billing information etc. is not affected by this, because Ashampoo does not store this data.
We summarized all pieces of information concerning this incident for you and would like you to read the following website: http://www.ashampoo.com/datatheft
Emails are currently send out by hackers to Ashampoo customers that contain attached pdf documents. These pdf documents use a recently discovered security vulnerability in Adobe Flash to load malicious code on the system as soon as the pdf is opened on an unprotected system.
Ashampoo asks users to keep those emails unopened to avoid executing malicious code on the user system.
Hackers often follow the pattern that they make people insecure e.g. with a confirmation of an order whose attachment is then opened or rather executed. Generally it is always important that you stay suspicious of unknown senders and that you do not respond to requests that tell you to open attachments.
If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately.
It is not clear which security issue is being exploited by the hackers. It is however likely that it is a recent vulnerability in Adobe Flash which has been patched by Adobe. An Adobe Reader and Acrobat update was released yesterday that addresses the vulnerability. Users who have not installed the patches yet should do so to protect their system from the exploit.
Ashampoo has scanned several pdfs that the hackers have send out at Virustotal; The result was that half of the applications detect the malicious code.
To sum it up: Do not open emails that are related to or appear to be from Ashampoo if those contain an attached pdf document. If you have to open it download it to the computer first and open it in an online pdf viewer such as Google Docs. That way you stay safe and the malicious code cannot execute. (thanks Danny for the tip).Advertisement