Cyberattack on our online store

25.11.2020 - We have been informed that our online store vantastic-foods.com became the target of a sneaky cyber attack between mid-2016 and early 2018.
At this time the store was still called alles-vegetarisch.de or veggie-shop24.com.

The development instance of the store at that time was hacked. The contained e-mail addresses and passwords of our customers were stolen and these were offered for sale in the data leak "CIT0DAY Breach Collection" in Darknet. Only then was the data leak uncovered. About 8949 domains are affected by this leak, of which the websites of over 400 companies like ours could be identified directly. More information about the data leak can be found in an article by Troyhunt.

We took immediate action and immediately reset all customer passwords. For this reason, you will be asked to enter a new password when you log in again.

Important: please click on "Forgot your password" and request a new password!

If you have used the previous password for other stores, portals etc., please change it there as well.

The leak contained e-mail addresses and passwords. However, if these were used to log into the customer account, it is possible that the data contained there, such as date of birth, order history, address, etc., were also viewed. Particularly sensitive data such as bank details are not affected by this.

At the moment we are again and with full intensity reviewing our current data protection in close cooperation with our data protection officer of Projekt 29 and our external IT company. Since we have not used the affected development instance shopneu.veggie-shop.de for more than two years, this security gap has already been closed.

It makes us sad and angry that we became a victim of such an attack - despite all our efforts to ensure strong data protection and to keep it at a high level.

We deeply regret that this has happened and would like to apologize to you formally. You can be sure that we will increase our efforts many times over from now on in order to further improve our data protection and better ward off such perfidious attacks in the future. It is very important to us that you can shop with us safely and carefree.

Since you surely have many questions, we have already prepared some of them and answered them here for you. If you have any further questions or would like to know whether your customer account is one of the affected accounts, please do not hesitate to contact our customer service, preferably by e-mail to [email protected] or via our contact form. Of course you can also contact our data protection officer by e-mail to [email protected]

FAQ

  • I have only recently registered - does this not affect me?

To find out if your account is affected, please contact our customer service department by email at [email protected]

  • How do I know if I am affected?

To find out if your account is affected, please contact our customer service team by email at [email protected]

  • Why did the data leak not become known until 2020?

The attack remained undetected by ourselves. It was only through a tip from another affected person that the cyber attack was finally uncovered.

  • When exactly did this happen?

Unfortunately, we can only guess when exactly the attack took place. We estimate that it took place between mid-2016 and early 2018.

  • Can this happen again? Is your data protection now sufficient?

Unfortunately, cybercrime is a bitter reality today and many companies have been affected by such attacks in the past. We are doing our utmost to protect ourselves and your data even better from such attacks in the future. As we have not been using the affected development instance shopneu.veggie-shop.de for over two years, this security gap has already been closed.

Furthermore, we have already significantly strengthened our data protection in recent months, e.g. by using CloudFlare.

  • Does this only concern e-mail addresses and passwords?

Only e-mail addresses and passwords have been leaked. However, if these were used to log into the customer account, it is possible that the data contained there (date of birth, order history, address etc.) were also viewed. Particularly sensitive data such as bank details are not affected.

  • How can I protect myself against this?

Use secure passwords, i.e. long passwords with unconnected series of letters, numbers, special characters, upper and lower case letters.
Change your password regularly.
Don't use one password for several accounts/shops /portals etc.

  • Who is responsible for this attack? Who was it?

Unfortunately we do not know. After all this time, it is unfortunately very difficult to find that out.

  • What happened to the stolen data?

The data was apparently offered for sale in Darknet. Whether they were actually sold, we unfortunately do not know. There is a helpful online tool with which you can find out if your data/passwords have been leaked before. You can find it here: https://haveibeenpwned.com