Dear Ashampoo customer,
We in the Ashampoo group take data privacy protection very seriously. Therefore we constantly strive to guarantee the maximum possible safety for our technical systems.
Like many other companies we are targeted by organizations of hackers that try to break into IT systems in order to steal data. Unfortunately, one of our security systems fell victim to such an attack recently. An unauthorized access to one of our servers took place. However, subsidiary companies of the Ashampoo group are not affected by this incident.
Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately. At the same time we reported this incident to the police. Further investigations are underway. Unfortunately, the traces of the well-concealed hackers currently disperse abroad. That is why the expenditure of the German law enforcement agency was significantly increased and the clearing up has become more difficult.
Which data were stolen?
The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected, because our shop service contractors are concerned with this data and it is not stored on our system.
What are the hackers doing with the stolen information?
Among other things hackers try to use the vulnerabilities in mail server systems of other companies in order to send alleged order confirmations in their name. The company PurelyGadgets has for example announced on Facebook that their servers were used to send bogus confirmations of orders.
[Update (21.04.2011): According to the latest findings and in contrast to previously announced by PureleyGadets on Facebook, the servers of PurelyGadgets were not compromised, but the company name has been used for sending fictitious confirmations of orders.]
The e-mails contain a manipulated PDF document in the attachments that apparently uses security vulnerability in order to load malicious code as soon as one tries to open the PDF.
How to protect oneself?
Hackers often follow the pattern that they make people insecure e.g. with a confirmation of an order whose attachment is then opened or rather executed. Generally it is always important that you stay suspicious of unknown senders and that you do not respond to requests that tell you to open attachments.
If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately.
Please make sure that there always is an anti-virus program installed, whose security signatures are up to date. System checks should be carried out regularly.
Using the following links you can find out whether your anti-virus software can find and remove the malicious code that is currently sent:
VirusTotal PDF 1
VirusTotal PDF 2
Furthermore, do never use your access passwords repeatedly (eBay, Amazon etc.) and make your password as complicated as possible, for example by using special characters, numbers as well as uppercase and lowercase. Please change your passwords regularly.
The whole issue is very inconvenient for us as respectable software manufacturer. Therefore, we would like to apologize again for any inconveniences in connection with this issue.
If you have further questions concerning this issue, our e-mail support at firstname.lastname@example.org is on hand with help and advice for you. Inquiries in this context will be handled with the highest priority.
Thank you for your understanding.