Toshiba becomes latest hack victim – customers targeted

Toshiba has suffered a hacking attack, possibly because it angered groups in Asia, a security expert has said.

The comments come as the company looks like it fell foul of two attacks over the weekend.

Firstly it was targeted by hacking group V0iD, which got into a server for Toshiba America.

The group said it had managed to gain usernames and passwords on 450 of the company’s customers and around 20 resellers, as well as around twelve administrators on the company’s Electronic Components and Semiconductors and Consumer Products wings.

Today Toshiba issued an announcement admitting that its US based servers – Toshiba America Information Systems (TAIS) – containing customer registration were hacked.

The database included information on 7,520 of TAIS’s customers, but did not contain such personal data as financial information or credit card and social security numbers. However hackers were able to get away with e-mail addresses and passwords affecting 681 customers confirmed.

Toshiba told us that the information stolen was relating to people who had bought products from registered Toshiba retailers.  

It seems a bizarre target to earn kudos from, leading one security expert, talking under anonymity, to reason it may be something not yet in the public domain. Our source tells us: “Over the past few months we’ve seen a range of high profile attacks on companies such as Sony. While these aren’t really a surprise – hackers target high profile sites for notoriety and to show that they can – what is a bit confusing is that Toshiba has come under fire.

“It’s not a popular company, and although it’s worth millions, hacking this company won’t get as much recognition as say, Nintendo. So why have they done it?

“Firstly, because they can. I assume Toshiba hasn’t listened to warnings that companies are being targeted. 

“Another reason is that the hackers know something about the company we don’t. Let’s not forget the likes of Anonymous who make their point against a company’s policies through DDoS.

“Perhaps Toshiba has something to hide in Asia that hasn’t come out here yet.

“Whatever the reason other companies should learn by example and make sure their security is completely up to date.”

Graham Cluley, Senior Technology Consultant at Sophos however, pointed out that the company could have been targeted for financial gains.

“Different hacking groups out there have different motives,” he said.

“LulzSec hacked computer gaming companies because it was a fan of rival consoles, while others hack for financial gain. This attack looks like the latter.

“Although Toshiba has said no financial data was taken, the email addresses and passwords are powerful enough to as they can be used to help the hackers log into other sites.

“This is because many of us use the same details for many sites meaning they may get into bank accounts or log into the likes of Amazon. Using these email addresses the hackers could also send out malicious mails.

“The hackers could have accessed the site in a range of ways. Perhaps the site wasn’t written well enough so they could have used what is called a Sequential injection attack. But I don’t know the specifics so it could also be something else. “