Hackers have gained access to one of Ashampoos' servers and stolen customer names and email addresses. Ashampoo CEO Rolf Hilchner is assuring customers that credit card and banking details remain unaffected, because that information is not stored on their servers.
So, Ashampoo customers; please be extra vigilant with emails. Do not open any attachments or click on any links in emails from senders you do not know or recognise.
Here is what Ashampoo said about customers protecting themselves:
[quote:4pf8w94e]Hackers often follow the pattern that they make people insecure e.g. with a confirmation of an order whose attachment is then opened or rather executed. Generally it is always important that you stay suspicious of unknown senders and that you do not respond to requests that tell you to open attachments.
If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately.
Please make sure that there always is an anti-virus program installed, whose security signatures are up to date. System checks should be carried out regularly. [/quote:4pf8w94e]
September 2, 2010
Here's some first hand details about this.
Following my advice, a friend of mine uses a specific (alias) email address with Ashampoo which he doesn't use anywhere else. In late March, he got an email to that address, allegedly from Puremobile Inc. When he told me about it, I checked the headers and it was obviously a fake one. Since he has nth to do with Puremobile Inc., I adviced him to contact Ashampoo and ask if they had a security breach. He did and got a reply from them asking for the original email to "find out what happened". He didn't have the email anymore, so he sent them the headers; they were very greatful for and asked for some patience.
A few days later, he received another one from (allegedly) Puremobile Inc., the headers of which he also sent to Ashampoo.
After that, no news until today, but the fake emails stopped in early April.
Question is, why did it take three weeks to tell the customers, if they took care of the breach in early April?
I am human
Most Users Ever Online: 271
Currently Browsing this Page:
Guest Posters: 10
Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas
Moderators: dandl, Jason Shuffield, Jim Canfield, Dick Evans, Sergey Grankin