- I have only recently registered - does this not affect me?
To find out if your account is affected, please contact our customer service department by email at [email protected]
- How do I know if I am affected?
To find out if your account is affected, please contact our customer service team by email at [email protected]
- Why did the data leak not become known until 2020?
The attack remained undetected by ourselves. It was only through a tip from another affected person that the cyber attack was finally uncovered.
- When exactly did this happen?
Unfortunately, we can only guess when exactly the attack took place. We estimate that it took place between mid-2016 and early 2018.
- Can this happen again? Is your data protection now sufficient?
Unfortunately, cybercrime is a bitter reality today and many companies have been affected by such attacks in the past. We are doing our utmost to protect ourselves and your data even better from such attacks in the future. As we have not been using the affected development instance shopneu.veggie-shop.de for over two years, this security gap has already been closed.
Furthermore, we have already significantly strengthened our data protection in recent months, e.g. by using CloudFlare.
- Does this only concern e-mail addresses and passwords?
Only e-mail addresses and passwords have been leaked. However, if these were used to log into the customer account, it is possible that the data contained there (date of birth, order history, address etc.) were also viewed. Particularly sensitive data such as bank details are not affected.
- How can I protect myself against this?
Use secure passwords, i.e. long passwords with unconnected series of letters, numbers, special characters, upper and lower case letters.
Change your password regularly.
Don't use one password for several accounts/shops /portals etc.
- Who is responsible for this attack? Who was it?
Unfortunately we do not know. After all this time, it is unfortunately very difficult to find that out.
- What happened to the stolen data?
The data was apparently offered for sale in Darknet. Whether they were actually sold, we unfortunately do not know. There is a helpful online tool with which you can find out if your data/passwords have been leaked before. You can find it here: https://haveibeenpwned.com