SINGAPORE – Customers of consumer electronics retailer Audio House may have had their personal details such as names and contact numbers stolen by a hacking group that had allegedly hacked furniture retailer Vhive.
Audio House told customers in an e-mail it was alerted on Monday that hacking group Altdos might have gained unauthorised entry into its servers.
The group claimed to have accessed the retailer’s membership database, stolen information from it and used the data to blackmail Audio House, the retailer added.
The company is now working with the police and other authorities, as well as a team of Web experts, to ascertain if its servers had been breached and to what extent.
The police confirmed a report was lodged and they are investigating the matter.
Audio House told The Straits Times its database contains information of about 180,000 customers, adding that Altdos had threatened the company through e-mails, which it has not responded to.
It said Altdos had used fear tactics to pressure the company to pay it, as well as use Audio House as a case study to blackmail other firms in future.
In previous hacking incidents, Altdos, operating mainly in South-east Asia, had stolen customer data from companies, blackmailed the compromised firm, leaked the data online when their demands were not met, and publicised the breaches.
In the Audio House breach, the data that could have been stolen included members’ names, e-mail addresses, home delivery addresses, contact numbers, credits with the company, and members’ past sales transaction records.
Audio House said all customer payment details and credit card information are handled by a third party payment gateway, so no credit card information was stored or possibly breached.
“All our members’ eCashback and credits are safely stored with us, and you will still be able to use them in your purchases with us,” the firm said.
The retailer added it had strengthened its firewall and system’s security after the incident, and had suspended its website temporarily to conduct more tests and the firewall upgrade.
Apologising for the potential breach, Audio House advised customers who receive any spam e-mails from Altdos not to respond to it.
The company also urged customers not to spread unverified facts about the incident that could bolster the hacking group’s efforts.
Those who need help can contact Audio House. Altdos had previously claimed responsibility for hacking Vhive.
The furniture retailer had said its server was hacked on March 23.
Compromised information included customers’ names, physical and e-mail addresses and mobile numbers, but did not include identification numbers or financial information, said the company.
In an e-mail to affected customers in early April, Altdos said it managed to hack into Vhive three times in nine days and claimed to have stolen information related to more than 300,000 customers and nearly 600,000 transaction records.
The group said it would leak 20,000 customer records daily, until its demands to Vhive’s management were met.
Cyber-security experts had previously said personal details stolen by hackers could be used by cyber criminals to, among other things, send victims personalised phishing e-mails that would allow them to steal passwords or drop ransomware to lock up digital files until the crooks are paid.