Seiko USA Hacked, Customer Data Stolen
▼ Summary
– Attackers defaced the Seiko USA website, displaying a ransom message claiming they stole the Shopify customer database.
– The compromised data allegedly includes customer names, contact details, order history, shipping addresses, and account information.
– The hackers demanded Seiko USA contact them via a specific, altered customer account profile within 72 hours to prevent data publication.
– Seiko USA has removed the defacement but has not publicly confirmed the breach or the attackers’ claims.
– The legitimacy of the attack and the identity of the threat actors remain unverified.
A significant cybersecurity incident has impacted the official U.S. website of the renowned watchmaker Seiko. Over the weekend, attackers defaced the site, posting a message claiming they had stolen the company’s entire Shopify customer database. The hackers issued a direct ransom threat, stating they would leak the data publicly unless their demands were met.
Visitors navigating to the site’s Press Lounge section encountered a page titled “HACKED” instead of normal content. This page served as both a breach notification and an extortion demand. The posted message asserted that the threat actors had successfully penetrated Seiko USA’s Shopify backend security, extracting a comprehensive cache of sensitive customer information.
The defacement contained a stark warning: “This is an urgent security notification regarding your Shopify store. Your customer database has been compromised.” It further detailed that the attackers had downloaded the complete database. According to their claims, the stolen customer data includes full names, email addresses, and phone numbers. The breach also allegedly encompasses detailed order history and transaction records, shipping addresses and preferences, plus account creation dates and internal customer notes.
The attackers set a specific ultimatum, giving the company a 72-hour window to initiate negotiations before proceeding with the data leak. As a proof of access and a means for contact, they instructed Seiko USA to locate a particular customer account within the Shopify admin panel, identified by ID 8069776801871. The hackers stated they had added a contact email to that profile, which the company should use to communicate.
While the website’s defacement has since been removed, Seiko USA has not issued a public statement confirming or denying the breach. The legitimacy of the attackers’ claims and their specific identity remain unverified at this time. The incident highlights the ongoing risks to customer data security that companies face, particularly when managing extensive e-commerce platforms.
(Source: BleepingComputer)
