According to Zalando, the security of the company’s online store has not been compromised.
PDO
The German company Zalando has answered Iltalehti’s questions regarding the attacks on the company’s online store.
Iltalehti reported on Thursday how Finns’ Zalando accounts may have been used to order products around Europe.
After the story was published, Iltalehti was contacted by numerous people who said that similar account hijackings had already taken place in the spring. You can read more about the cases here.
Zalando’s communications said on Thursday that the company is not aware of a possible data breach.
This is how Zalando responds
Zalando responded to Iltalehti’s interview request again on Friday evening. The company emphasizes several times in its response via e-mail that the security environment of its online store has not been compromised.
In Zalando’s view, the mentioned cases are related to attacks where fraudsters try to log into accounts with previously leaked password-username combinations.
– Over the past two years, malicious actors have actively used publicly leaked username and password combinations elsewhere to try to access accounts on other platforms. This attack is only possible if the customer reuses the username and password that have been compromised before, the company’s communications say.
Zalando believes that the cases are not related to systematic activity that specifically targets their online store.
– It is important to note that many leaks have occurred in the past on different platforms and online services, which has resulted in a very large amount of identification information that is easily available to attackers, the company’s communication reads.
Dissatisfied customers
The reader who contacted Iltalehti on Thursday said that his son’s account was hacked in May. Based on the orders placed on the account, the traces led to France and Belgium. The reader contacted Zalando’s customer service, where, according to him, the matter was treated with indifference.
According to Zalando’s email response, it handles each similar case “very carefully” and “always puts the customer first”.
– We are also constantly developing our fraud detection mechanisms to protect our customers. Of course, if any customer notices anything out of the ordinary, we encourage them to contact our customer service team for support, the communication says.
The Cyber Security Center told Iltalehte on Thursday that it had received reports of similar cases, but could not yet comment on the scope of the case.