Fanatec suffer data breach - time to change your passwords if you're a customer. Updated: Fanatec Respond

Originally posted 4pm 22nd August:

Gaming peripherals manufacturer, Fanatec, have today emailed customers informing them of a data breach. While the email asks for confidentiality, we're publishing the details as it is our view that email isn't a reliable enough mechanism to ensure everyone affected is aware of the breach in order to take precautions.

In the email Fanatec CEO Thomas Jackermeier said "We regret to inform you that our online shop of our company was compromised by a cyber-attack on 16.08.2019. In the process, previously unknown third parties gained access to parts of our customer database. In this context, personal data of our customers were disclosed to the attackers against our will."

The email also went on to say "For security reasons, we have reset your password and ask you to follow the instructions for re-assigning a password. We also recommend that you change your password not only in our online shop, but also wherever you have used it again."

Right now, our assumption is that all accounts may have been compromised - at least as far as personal information and passwords are concerned and we've reached out to Fanatec for further confirmation of what data may have been stolen and how passwords were stored.

Despite not recommending customers contact their credit card providers elsewhere in the email, the request for confidentiality reads:

Please keep the information contained in this email confidential. This reduces the potential for the hacker to be aware of our official communication, and gives affected customers a better opportunity to can take the necessary steps to inform their credit card providers.

It is therefore our assumption that there is a real risk that payment/credit card details have been compromised in some way. With this in mind, if you have ever signed up to the Fanatec website, we recommend you take urgent action to protect your data.

We reached out to Fanatec for comment and received the following reply (copied exactly):

"Full details I am not even given access to as those cannot be undisclosed due to police investigations against the hackers. That said, the website is now safe and the problem has been fixed. If more details are to come we will gladly share but at this time we cannot but are taking all necessary actions to protect our customers and as mentioned, the “door” per say or the way that we were able to be hacked has since been fixed as well as strengthened."

Our view is that this isn't good enough and that Fanatec are deliberately withholding information on the hack and what information has been exposed to 'hackers'. We have responded to their email to request further details.

The full email sent out to customers is reproduced below...

Dear valued custumer,

We are writing to you because you have a registered account on our online shop at www.fanatec.com.

We are always anxious to keep our IT systems up to date. Data protection and data security are not just empty words for us but have a high value for us. All the more we regret to inform you that our online shop of our company was compromised by a cyber-attack on 16.08.2019. In the process, previously unknown third parties gained access to parts of our customer database. In this context, personal data of our customers were disclosed to the attackers against our will.

According to the information available to us so far, we must unfortunately assume that your account and the information contained therein was subject to the attack as well. We have already contacted the responsible public prosecutor's office and hope that the perpetrators can be identified quickly. We have also informed the responsible data protection authority in Ansbach (Bavaria) of the incident. We have also commissioned a specialist IT security company to investigate the attack and help us better protect our IT systems against similar attacks in the future.

For security reasons, we have reset your password and ask you to follow the instructions for re-assigning a password. We also recommend that you change your password not only in our online shop, but also wherever you have used it again.

IMPORTANT: Please keep the information contained in this email confidential. This reduces the potential for the hacker to be aware of our official communication, and gives affected customers a better opportunity to can take the necessary steps to inform their credit card providers.

If you have any questions, please do not hesitate to contact us under https://www.fanatec.com/contact.

Yours sincerely

Thomas Jackermeier
-CEO-

We need your help

Running a website like The Digital Fix - especially one with over 20 years of content and an active community - costs lots of money and we need your help. As advertising income for independent sites continues to contract we are looking at other ways of supporting the site hosting and paying for content.

You can help us by using the links on The Digital Fix to buy your films, games and music and we ask that you try to avoid blocking our ads if you can. You can also help directly for just a few pennies per day via our Patreon - and you can even pay to have ads removed from the site entirely.

Click here to find out more about our Patreon and how you can help us.

Did you enjoy the article above? If so please help us by sharing it to your social networks with the buttons below...

Category news

Latest Articles