RC RANDOM CHAOS
cybersecuritycloudidentity

Seiko USA site defaced with ransom note claiming Shopify customer DB theft

· via BleepingComputer

Original source

Seiko USA website defaced as hacker claims customer data theft

BleepingComputer →

Attackers replaced the Press Lounge section of Seiko USA’s website over the weekend with a ransom message claiming they had breached the company’s Shopify backend and exfiltrated its full customer database. The notice listed allegedly stolen fields — names, emails, phone numbers, order and shipping history, and account metadata — and gave Seiko USA 72 hours to open negotiations before publishing the data.

The extortion routing was unusual: rather than a direct contact channel, the attackers told Seiko to locate a specific customer record (ID 8069776801871) in the Shopify admin and use the contact email they had injected into that profile. That implies write-level access to the store’s admin, not just a read-only data dump.

Seiko USA has since stripped the defacement but has not confirmed a breach or responded to press inquiries. The identity of the threat actor and the authenticity of the stolen dataset remain unverified, though the admin-panel foothold described in the note would be consistent with a compromised Shopify staff account or API token rather than a platform-level flaw.

Read the full article

Continue reading at BleepingComputer →

This is an AI-generated summary. Read the original for the full story.