Ashampoo suffers attack, user data compromised

By on April 21, 2011, 3:54 PM
'Tis the season for data breaches, apparently. German software firm Ashampoo issued a warning this week to inform users of a break-in. Hackers gained unauthorized access to servers containing names and email addresses of customers. The company didn't reveal precisely how many accounts are affected, saying only that "pieces of information" were taken.

On the bright side, Ashampoo said billing information such as credit card and banking details weren't compromised. Since we're only talking about names and email addresses, the primary concern is that those individuals will be targeted in malicious attacks. For example, attackers are posing as the UK retailer PurelyGadgets to send fictitious order confirmations.

The emails reportedly contain an infected PDF attachment. Naturally, once you open the file, it uses a security vulnerability to load malicious code. Ashampoo didn't specify what software contains the vulnerability, nor is it clear what the infection does. Keeping safe should be pretty straightforward: don't open any suspicious attachments from unknown senders.


Ashampoo has linked a couple VirusTotal scans of two PDFs known to be in circulation (PDF1, PDF2). You can click those links to determine if your antivirus is capable of detecting the malware. PDF1 seems to be caught by most popular scanners, but PDF2 manages to slip by 33 out of 40 antiviruses, including those offered by AVG, Kaspersky, Microsoft, and Symantec.

Just last week, hackers gained low-level root access to WordPress' servers and copied sensitive data. That followed only a couple weeks after hackers gathered millions of names and email addresses by breaching the servers of Epsilon, an email marketing firm who represents major retail and financial companies including JPMorgan Chase, Best Buy and Target.



User Comments: 2

Got something to say? Post a comment
Leeky Leeky said:

Loving the picture in the article!!!

Could have been worse though, although never nice.

motrin said:

hha i too like the picture!

to think i delete e-mails from Ashampoo on a daily basis. i'v yet to receive one about my information being breached.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.