A tech retailer, CeX, has suffered data breach from a hack, prompting an advice to two million shoppers to change their current passwords. The online technology and video games company has confirmed that in deed the credentials of its customers have been tampered with.
“It’s true that our online security has been compromised,” said the company without providing further information.
A leak from the firm suggests that among the data breached include customer email addresses, names, phone numbers as well as shipping and billing addresses. WeBuy.com warned of the possibility that encrypted expired credit card data may have been affected. “Shared financial information is still kept at a minimum.”
But the firm has been adamant that none of its financial information was compromised in the hack.
“We would like to stress on the fact that any acquired credit card information has since expired. From 2009, we shifted from the storage of financial data,” announced CeX.
Analysts are still speculating on the company’s motive towards storing expired financial data instead of the latest one.
The call to change passwords across the UK and abroad stores was prompted by the fact that stored passwords weren’t encrypted. This sophisticated attack is said to have been carried out late 2016. “A third party contacted us earlier this month claiming that they can access our UK website data,” said CeX.
This firm has more than 350 stores in the UK and 100 others abroad in India, Australia and abroad. It also runs WeBuy.com – a popular online company that purchases technology stuff like old games, music, and DVDs.
Both the National Crime Agency (NCA) and Information Commissioners Office (ICO) have been notified of the attack and investigation is underway. The retailer also assures that its cyber security team will put in place tough security measures to stop such futures occurrences.
“Not all our customers were impacted by the hack.”
CeX has explained that the attack didn’t touch on highly sensitive data storage points. “We are not in a position to serve you with more information considering investigation is still ongoing.” All customers have been urged to change their passwords as a way to remain safe. But even as they circulate this advice, CeX remains adamant that it did not store the passwords in plain text.
“The password is a precautionary measure to block third parties from accessing your passwords and use them for unrelated services.” Considering not all shoppers were impacted, if you didn’t get the circular to change your password you can continue assuming your password is still safe. But either way, the best action is to change your password.
“The security of our customers is our top priority. We have robust programs to ensure data integrity and combat latest threats. But this attack shows that we have to put in place additional measures to counter similar sophisticated breaches. We have consulted a cyber security specialist to help us through,” read the CeX statement.