Customers of Fanatec have been receiving emails over the last 48 hours explaining details of a data breach suffered at the gaming peripherals manufacturer.
The communications call for confidentiality, but they have been published by online magazine, The Digital Fix, because the publication feels email is not “a reliable enough mechanism to ensure everyone affected is aware of the breach in order to take precautions.”
In the Fanatec email, the company’s CEO Thomas Jackermeier expressed his regret over the way in which the company’s online shop came to be exposed by a cyber-attack that took place in mid-July of this year.
“In the process, previously unknown third parties gained access to parts of our customer database. In this context, personal data of our customers were disclosed to the attackers against our will,” Mr Jackermeier said.
“For security reasons, we have reset your password and ask you to follow the instructions for re-assigning a password. We also recommend that you change your password not only in our online shop, but also wherever you have used it again,” the email continued.
The number of user accounts caught up in the breach is not yet known, however, The Digital Fix claims it has reached out to Fanatec to ask for further confirmation regarding the nature of the data stolen, and how passwords were stored at the firm.
Fanatec’s email did not advise customers to get in touch with credit or payment card providers. The company then asked recipients to stay quiet about the notification to stop the hacker from finding out that a dialogue had taken place in reaction to the incident.
“Please keep the information contained in this email confidential. This reduces the potential for the hacker to be aware of our official communication, and gives affected customers a better opportunity to take the necessary steps to inform their credit card providers,” the Fanatec email read.
The Digital Fix understood this as confirmation that real risk exists that payment card details have in some way been exposed.
The post #privacy: Data breach victims asked to keep notification email a secret appeared first on PrivSec Report.