The effects of the recent cyberattack against co-op could be much more harmful than previously assumed after the apparent hackers boasted of stealing huge amounts of company data, including customer information.
“Dragonforce” hackers contacted BBCSharing screens of their communication with the company, claiming to have stolen “customer database and co-op membership card data”.
Co-up later seemed to confirm theft and said in a statement to Bleeping computer“” As a result of ongoing forensic studies, we now know that the hackers were able to access and extract data from one of our systems. “
Co-op Customer data stolen
“The access data included information relating to a significant number of our current and former members,” Co-op’s statement continued.
“This data includes CO-OP group members’ personal data such as names and contact information and did not include members’ passwords, banking or credit card information, transactions or information relating to members’ or customer products or services with the CO-OP group.”
In an attempt to prove himself BBC Says Dragonforce shared databases including usernames and passwords for all CO-OP employees as well as a sample of 10,000 customers’ data including CO-OP membership card numbers, names, home addresses, emails and phone numbers.
The hackers say that as many as 20 million people have registered or have registered in the past with CO-OP’s reward program, which means the selection of affected users could be huge.
Dragonforce said they contacted CO-OP’s head of cyber security and other leaders via Microsoft teams and shared screens of extortion announcements with the BBC.
Co-Op had asked employees to keep their cameras on while using Microsoft Teams for meetings, as well as being told not to register or transcribe calls and verify that all participants were genuine co-op staff-what hinted that the hackers were actually able to access internal systems.
Co-Op has more than 2,500 supermarkets as well as 800 funeral houses and an insurance company and employs about 70,000 employees throughout the UK.
The attack on co-op was the third in a number of events to influence major British retailers, with Marks and Spencer and Harrods also hit in recent days.
Dragonforce told BBC They were also responsible for other attacks, but apparently did not shared any evidence that proves this and refused to elaborate.
How can I remain in safety?
While it is still not known how accurate the Dragonforce requirements are, co-op customers must be careful over the next few days just to be on the safe side and to get ahead of any consequences if their information has been affected.
In an incident like this, where it is not clear what, if any, data has been affected – the first thing to do is change your password linked to your CO -OP account, as well as other sites with the same credentials – we have put together a guide on how to create a secure password to make sure you are as secure as possible.
The next and probably most important step is to keep vigilant. With your name and e -mail address, a criminal can send sophisticated social engineering attacks, for the purpose of tricking you into handing more information or unintentionally downloading malware.
Make sure to double -check any unexpected communication and e -mail addresses -especially cross -announcement of these against the legitimate E email addresses (these can be found on Google).
In particular, be wary of any e -mail that asks you to enter all information, click a link, or scan a QR code. Phishing -attacks that use QR codes become more common and are more dangerous than ever before, so make sure everything you scan is verified in advance.
If a criminal e -email you will likely be signs. The first is the E -Mail address from which the communication comes from -if it is G00GLE or M1CROSOFT instead of their legitimate addresses, just delete the E email. If you get an unexpected text, e email or phone call from anyone who claims to be a “friend” from a number or address that you do not recognize, especially one who asks you to log in, send money, buy a gift card, be very suspicious.
