The company said that hackers gained access to one of their servers and stole names and email addresses of customers, which number around 14 million. Credit card information and bank account information were not stolen, it stressed.
The hackers have tried to send bogus order confirmations with malicious email attachments. These contained a PDF document that uses security vulnerabilities to load malicious code, Ashampoo explained.
Commenting on the Ashampoo breach, Troy Gill, a security analyst with AppRiver, said that it is similar to the Epsilon data breach earlier in the month.
“Just like the attack against Epsilon several weeks ago, this information will likely be used to leverage attacks against these individuals. With this list of names and addresses of customers of Ashampoo, hackers can tailor specific malware or phishing campaigns to target this group specifically.”
Ashampoo provided the following advice to its customers. “If you for example receive a confirmation of an order... without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately. Please make sure that there always is an anti-virus program installed, whose security signatures are up to date. System checks should be carried out regularly.”
The company apologized for the breach and said it had contacted German law enforcement, which is investigating the incident.