The Reporting and Analysis Centre for Information Assurance (MELANI) of the Swiss Confederation published a warning on 29 August stating that unauthorised individuals have gained access to thousands of email accounts all over Switzerland. On this day, we were already working on blocking the attacks.
What’s important to know is that neither digitec nor Galaxus were hacked. However, according to the information at hand, we have to assume that the scammers were able to access accounts of our customers using the login data that was stolen externally. How is this possible? Unauthorised individuals are in the possession of an extensive list of email addresses and corresponding passwords, which they used to try to access our online shop accounts. The probability is high that other companies – or rather their customers – are affected, too.
At noon of 31 August, we sent an email to those customers who we suspect are affected. In the email, we urgently asked the customers to change the password of their email account. For security reasons, we also took prompt action and reset the digitec/Galaxus account of the affected customers. These customers were asked to request a new password in order to log in again. We also pointed out to the affected customers that changing their email account password is necessary before resetting their digitec/Galaxus account.
Here you can read an article in German by 20minuten.ch on the subject. In the meantime, we have increased our security measures, for instance by integrating a so-called reCAPTCHA function. By doing so, we’ve been successful in deflecting recent attacks.
You can check your email with MELANI’s «checktool » as well as with the service «Have I been PWNED» by the Australian director of Microsoft:
MELANI advises all persons and companies to check their email addresses with the service in the link above. We also recommend the use of «Have I been PWNED». Should your account be affected, MELANI advises you to take the following actions:
You have to be logged in to create a new comment.
You're not connected to the Internet. Please check that your connection is enabled to keep browsing the site.