The alleged hijacking of Zalando accounts has already taken place in the spring, Iltalehti readers say.
According to the suspicions, the scammers have been able to log into Finns’ Zalando accounts through something. PDO
Iltalehti reported yesterday how Finns’ Zalando accounts may have been used to order products around Europe. German company Zalando is one of the most popular clothing online stores in Finland.
After the publication of the story, Iltalehti received contacts saying that similar account hijackings had already taken place in the spring. The operating model has been completely the same. The people who contacted did not want to be named as they were victims in the case, but their identities are known to Iltalehti’s editorial staff and the editorial staff has seen documents related to the cases.
In the contact, the reader tells how he managed to log into the Zalando account in May. At that time, the person had received an order confirmation in his e-mail, which showed that the products had been ordered in Sweden.
– In my case, Zalando did almost nothing. I managed to change the passwords myself right away, but later Zalando closed my account. The customer service did not agree to help in telling me if I had been billed for nothing, the reader says.
– I found out from my e-mail that the invoicing had gone through PayPal and I immediately closed my own account there.
Zalando: no information about the break-in
In another contact, the reader says that his son’s account was also hacked in May. Based on the orders, the tracks led to France and Belgium. A reader shared the conversation from May to Iltalehti.
– My son reported the matter to Zalando, which never responded. In general, reporting was particularly difficult when there were no customer service opening hours, the reader says.
– I got worried and annoyed, so I called customer service the next day. The customer service representative agreed to speak with me, even though it was about my adult son. Zalando’s attitude was indifferent. I was left feeling incredulous.
The account in question was restored by itself, which, according to the reader, indicates the weakness of the system.
The Cyber Security Center said it had received reports of similar cases, but could not yet comment on the scope of the case.
It is possible that the login information has been leaked due to some previous data breach. However, the break-ins to the accounts seem to have happened at the same times in the spring and now in the fall, which may indicate systematic activity.
Zalando’s communications stated that the company is not aware of a possible data breach.