The attackers are the ones who breached Adobe and PR Newswire
The German website of Citroen, the French car manufacturer, has been hacked by cybercriminals. The company has alerted authorities and an investigation has been launched.According to The Guardian, the attackers planted a backdoor on the shop.citroen.de website, allowing them to steal any data hosted on the webserver. The car maker has determined that some customer information has been compromised, but it’s uncertain how many individuals are impacted.
Alex Holden of Hold Security has investigated the breach. The backdoor has been removed, but it appears to have been present since August 2013 on the gift site.
It’s uncertain what type of data has been compromised, but the steps taken by Citroen and the company that operates the website, anyMotion, provide some clues.
User and administrator passwords have been reset, purchases have been temporarily disabled, and customers are advised to keep a close eye on their bank accounts. This indicates that some financial information might have been obtained by the hackers.
Shipping addresses are also said to have been stored on the compromised server.
So how did the cybercriminals breach the Citroen’s website? This is where things get interesting.
Holden believes these are the same cybercriminals who breached Adobe, PR Newswire and data brokerage companies last year. In most of the attacks, the hackers exploited vulnerabilities in Adobe ColdFusion to gain access to the targeted organization’s servers.
Brian Krebs, who has been closely monitoring these attacks, has published a new report to reveal that a number of other companies have also been hacked.
Elightbulbs.com, a Minnesota-based company that provides lighting solutions, found out that its systems were penetrated back in early November 2013. The company paid a security firm thousands of dollars per year to test the website for vulnerabilities, but the ColdFusion flaws were overlooked for two years.
Following the incident, Elightbulbs.com started outsourcing credit card processing to make sure no customer financial information is stored on their servers.
Another lighting company that decided to outsource credit card processing after being hacked by this cybercriminal group was Kichlerlightinglights.com.
LaCie, a hardware company owned by Seagate, also learned this week that a server hosting its website has been breached. The company’s representatives have told Krebs that so far there’s no evidence to suggest that any company or customer data has been compromised. The server hosting LaCie.com was also breached sometime in 2013.
Other victims of the cybercrime ring that relies on Adobe ColdFusion exploits are Smucker’s and credit card processor SecurePay.