Škoda Auto has confirmed a cybersecurity incident involving its online shop, where attackers exploited a vulnerability in the ecommerce software to gain temporary access to customer data including names, contact details, and order information.
- Vulnerability in ecommerce software allowed unauthorized access
- Names, contacts, and order info potentially exposed, no payment data leaked
- Škoda took the online shop offline and launched forensic analysis
What happened
Škoda Auto detected unauthorized access to its online shop caused by a security vulnerability in the used ecommerce portal software. The breach was identified through their technical security monitoring systems, which indicated that attackers had exploited a software flaw to temporarily penetrate the shop’s backend.
In response, Škoda immediately took its online shop offline and removed the intruders from its systems. The company handed over the incident to specialized IT forensic experts and reported the breach to relevant authorities. Specific details about the timing, actors involved, or the full scope of the attack remain undisclosed.
Why it matters
Customer data including names, postal and email addresses, phone numbers, order information, usernames, and hashed passwords were potentially exposed during the attack. However, Škoda confirmed that credit card and other payment data were not accessed due to separate handling of this information.
Despite the lack of evidence so far indicating data theft or misuse, the company cautions customers to remain vigilant against phishing attempts leveraging the exposed contact details. This incident underscores the importance of maintaining secure ecommerce environments within the automotive industry, where digital sales channels are increasingly vital.
What to watch next
Škoda will continue its forensic examination to determine if any data was actually copied or transmitted out of its systems. Customers are advised to monitor their communications closely for suspicious messages and follow established cybersecurity best practices to protect their accounts.
More broadly, the outcome of this investigation could influence how automakers and their software vendors prioritize ecommerce security. Watch for follow-up announcements from Škoda about remediation efforts and any regulatory responses that may arise due to this breach.