Hackers gain access to Thalia accounts
The online bookseller thalia.de has fallen victim to a so-called brute force attack. The attackers tried passwords to customer accounts on a large scale and were also successful.
On the morning of January 20, 2022, a computer program was able to try out combinations of user names and passwords on thalia.de for several hours. The online bookseller informed its customers of this in an email that tarnkappe.info documented.
Tens of thousands of affected accounts, but only some hacked
Thalia told heise.de that the "number of affected accounts is in the mid five-digit range". The attackers were successful with some accounts.
Thalia "initiated extensive countermeasures immediately after the hacker attack became known". These included resetting the passwords of the affected accounts. The online bookseller is also working to "protect its systems even more strongly against unauthorized access." That seems necessary. However, if common security standards are adhered to, a brute force attack that lasts for hours should not be successful at all.
According to thalia.de's current knowledge, no customer accounts were changed or unauthorized orders placed as a result of the attack. However, the stolen username and password combinations could be problematic for anyone who, contrary to common recommendations, also uses them to log in to other services.
If you have an account at thalia.de, it would not hurt to take a look at your customer account - even if you have not received an email. If your password has been reset, you can enter a new one via "Forgotten password".
Thalia Holding also owns Orell Füssli in Switzerland and the Mayersche bookstore in Austria. However, the online offerings there do not appear to have been the target of the attack.
When I was but a young student, I'd sit in my friend's living room with all my classmates and play on his SuperNES. Since then I've had the opportunity to test out all the newest technology for you. I've done reviews at Curved, Computer Bild and Netzwelt, and have now arrived at Galaxus.de.