Toshiba website hacked - email addresses and passwords exposed

by Graham Cluley on July 18, 2011 | 1 Comment

Filed Under: Data loss, Privacy, Vulnerability

Toshiba logoToshiba announced this weekend that a web server run by its US sales subsidiary had been hacked, and the email addresses, telephone numbers and passwords of hundreds of customers had been compromised.

The Japanese electronics firm said that the server was run by Toshiba America Information Systems Inc., and held personal data relating to 7,520 customers. Fortunately, according to the firm, the personal information exposed did not include any credit card data.

Nevertheless, you don't want your email address and password falling into hands of malicious hackers.

Not only could cybercriminals "try out" your passwords to see if they unlock any of your other online accounts (too many people use the same password on multiple websites), but they could also target you with attacks pretending to come from Toshiba.

After all, you have a business relationship with Toshiba - so you would be less suspicious of opening an email or clicking on a link which appeared to have been sent by them. Especially if some clever social engineering made the email appear particularly enticing.

A Toshiba spokesperson told the Wall Street Journal, that the Toshiba subsidiary's IT staff first noticed a problem with the web server on July 11th, and confirmed on July 13th that it had been hacked.

"We will continue the investigation and intend to thoroughly protect customers' information and manage (related computer) systems to prevent a recurrence."

All customers potentially affected by the hack are said to have been informed of the problem by the firm.

If you run a website it's essential to ensure it is as secure as possible from hacker attacks.

If you haven't already done so, read this informative paper by SophosLabs, "Securing websites", which covers some of the issues.

Tags: , , ,

One Response to Toshiba website hacked - email addresses and passwords exposed

  1. Anon says:
    July 20, 2011 at 12:24 pm

    Like Sony looking out for customers?. Game over guys if my info got taken it's already too late, too late for sony too, pulled my details from their network the second their WELCOME BACK campaign was started. Does Toshiba know how they got in? companies should have to file a detailed report when they get hacked, a report that states what was done' if the hack was using a known exploit, ports, data downloaded and ip addresses, these reports should be checked to see if the hack/exploit was preventable and the company held responsable for customer losses if it is found that it was. I am sick to death of companies like sony turning around and yelling hackers hackers hackers, when if my data was taken its their fault, YOU WOULD NEVER SEE A BANK TURN AROUND LOSE MILLIONS OF PEOPLES PERSONAL INFORMATION/ACCOUNTS AND SAY "OH NO IT'S THOSE HACKERS...IT'S NOT OUR FAULT" Companies that lose customers details should be treated like a bank that just lost your life savings....screw them.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.