The Reporting and Analysis Centre for Information Assurance (MELANI) of the Swiss Confederation published a warning on 29. August that unauthorized entities have access to thousands of e-mail accounts all over Switzerland.On this day, we were already engaged with the attackers.
Please note: Neither digitec nor Galaxus were hacked! However, according to the information at hand, we have to assume that the scammers were able to access accounts of our customers with the externally snatched login-data. Unauthorized people are hence in the possession of an extensive list of e-mail addresses and corresponding passwords. The scammers tried to access our online shops with those. The probability is high that also other companies – or rather their customers – are affected.
At noon of 31. August we sent an e-mail to those customers of whom we have to assume that the scammers had access to their accounts. In the e-mail, we urgently ask the customers to change the password of their e-mail account. Due to security reasons, we also acted swiftly and initiated a reset of the digitec/Galaxus-accounts of the affected customers. Upon their next login, the customers have to request a new password. By doing so, they will again have access. We also point out that the customers should change the password of their e-mail accounts before doing the same with their digitec/Galaxus account.
Here you can read an article in German by 20minuten.ch on the subject. In the meantime, we increased our security, amongst other things by integrating a so-called reCAPTCHA-Function. By doing so, were successful in deflecting recent attacks.
Is my e-mail address secure?
What to do if I am affected?
MELANI advises all persons and companies to check their e-mail addresses with the service in the link above. We also recommend the use of «Have I been PWNED». Should your account be affected, MELANI advises you to take the following actions:
- Change the password of all of your online-accounts that are linked to the affected e-mail address (e-mail account, online-shops, e-banking, social media etc.).
- Use a separate password for each website/service.
- If possible, activate a so-called two-factor authentication.
- In the coming weeks, you should also check bank statements, iTunes-debiting etc. Should you find irregularities, please get in touch with your bank or the corresponding company.