Škoda warns customers after online shop cyberattack exposes personal data

Škoda Auto has warned customers to stay alert for phishing attempts after attackers exploited a vulnerability in its online shop software and gained temporary unauthorised access to customer data.

The car manufacturer said the incident was discovered during technical security monitoring after unauthorised parties exploited a flaw in the standard shop software used by its ecommerce portal. Škoda took the shop offline, removed the attackers from its systems, engaged external IT forensics specialists and notified the relevant authorities.

The company has not disclosed exactly when the attack occurred, how long the attackers had access, who was responsible, or how many customers may have been affected. It also has not said whether the incident involved ransomware or another form of cyber intrusion.

The potentially exposed information includes customer names, postal addresses, email addresses, phone numbers in some cases, order information, usernames and hashed passwords. Škoda said payment card data was not compromised because credit card details are handled by payment service providers and are not directly stored in the shop system.

While hashed passwords are not plain-text passwords, they are still sensitive. If attackers obtain password hashes, they may attempt to crack them offline, especially if users chose weak or reused passwords. Customers who reused their Škoda online shop password on other services should change those passwords immediately and use unique login credentials for each account.

Škoda said its technical analysis showed that access to shop data was possible in principle, but that available logs do not allow the company to determine in full detail whether, or how much, data was copied or retrieved. The company said it has not yet found evidence that the data is being misused.

That uncertainty is dangerous. Even without payment card details, stolen names, addresses, email addresses, phone numbers and order histories can be used to build convincing scams. Criminals can use real purchase information to send phishing emails that appear to relate to genuine Škoda orders, refunds, delivery updates, account resets or warranty notices.

Customers should be suspicious of unexpected emails, text messages or phone calls claiming to relate to Škoda orders or account security. They should avoid clicking unknown links, opening suspicious attachments, or providing login credentials through any message that arrives unexpectedly.

The incident appears to involve Škoda’s online shop rather than its wider connected vehicle services. Some reporting indicates the breach was tied to the German online shop, shop.skoda-auto.de, and did not affect the Škoda Connect Portal, although customers should follow official advice from Škoda and their local importer if they are unsure whether they are affected.

The attack is the latest reminder that ecommerce portals remain attractive targets for cybercriminals. Retail systems often hold enough personal and transaction data to make follow-up scams highly believable, even when financial data is not directly exposed.

For affected customers, the immediate steps are clear: change reused passwords, enable multi-factor authentication where available, monitor bank and card statements, and treat any unexpected Škoda-related communication with caution.

For businesses, the lesson is broader. Standard ecommerce software must be patched, monitored and tested continuously. A single software flaw can expose customer data, trigger regulatory reporting obligations and create a long tail of phishing risk for users.

As cyberattacks become more frequent and more convincing, defensive knowledge is one of the strongest protections available. Knowledge is power. Upskill your cybersecurity awareness and learn how to recognise modern threats with The Hack Academy’s online courses: https://training.thehackacademy.com/course/

Photo Credit: DepositPhotos.com