Toshiba said that an investigation into the hack confirmed that email addresses and passwords of 681 Toshiba America customers were stolen. It stressed that the server did not contain credit card or social security numbers.
The hacker group V0iD claimed responsibility for the hack, TechEye.net reported. In addition to the customer emails and passwords, the group said it gained access to 12 administrators on the company’s Electronic Components and Semiconductors and Consumer Products units.
Commenting on the hack, Graham Cluley, senior technology consultant at Sophos, said that the hackers might have been after financial gain, rather than notoriety.
"Although Toshiba has said no financial data was taken, the email addresses and passwords are powerful enough, as they can be used to help the hackers log into other sites. This is because many of us use the same details for many sites, meaning they may get into bank accounts or log into the likes of Amazon. Using these email addresses the hackers could also send out malicious emails”, TechEye.net quoted Cluley as saying.
“The hackers could have accessed the site in a range of ways. Perhaps the site wasn’t written well enough so they could have used what is called a sequential injection attack. But I don’t know the specifics so it could also be something else”, Cluley added.