The shoe shop chain Office has announced through their website, which hundreds of thousands of international customers frequent per month, had been hacked and account data had been lost to whoever was behind the attack.
The UK-based retailer took to its Twitter to inform the world that their servers had been compromised, and that anyone registered on the site should change their usernames and passwords as soon as they get the opportunity.
They refused to elaborate on whether or not the information stolen was stored in plaintext or an encrypted format, and unfortunately their silence on the matter is probably all one needs to discern that the answer is likely leaning more toward the former than it is the latter.
“Unfortunately we have been the subject of a security breach resulting in unauthorised access to some Office.co.uk accounts. We can confirm that no credit card, debit card, Paypal or bank details were compromised in any way. Only accounts created prior to August 2013 have been affected, but the information does include name, address, phone number, email address and the password to your OFFICE account. We have contacted all affected customers directly via email.”
This breach is just another in a long line of recent credential hacks that have been steadily creeping their way across the web ever since the Adobe password dump gave hundreds of hackers all the ammunition they needed to crack the servers of a litany of weaker, less-frequented websites who share users with the popular photo editing software manufacturer.
So far the company hasn’t had any reason to believe that the vital financial details of their customers were compromised, although a full rundown of the damage still has yet to be done by any third parties who could properly evaluate whether or not those areas of the system had fallen to the initial hack.
They also released a set of instructions for what their customers can do to mitigate any damage that might come as a result of their information being stolen from the server:
“WHEN AN AFFECTED CUTOMER NEXT VISITS THE OFFICE WEBSITE Customers can create a new password by logging into the OFFICE website and using the ‘forgot your password’ link. We are also recommending that if customers use their OFFICE passwords on other sites that, they also change those.
THINGS CUSTOMERS NEED TO BE AWARE OF Until a customer requests a password reset through the ‘forgot your password’ link on our website, no password reset link will be sent. We will also never contact customers by phone regarding a customer account password.”
Thankfully only the accounts created prior to August of 2013 were affected, suggesting that whichever piece of the puzzle was lost in the assault was likely a backup or an offsite storage drive, rather than the live server itself. This means that once users successfully change their details, they should be able to shop on the site without any problems popping up from here on out.