Image: tanitost/Shutterstock.com

A cyberattack is currently causing concern among many online customers. As reported by the portal chip.de with reference to connect.de, attackers were apparently able to access sensitive customer data at the electronics retailer asgoodasnew, which specializes in refurbished devices. Among other things, names, addresses, and email addresses have been affected.

This shows once again how vulnerable even established online shops can be—and why consumers should remain particularly vigilant when it comes to their digital accounts.

Security vulnerability in the payment module

According to initial findings, the attackers were able to hack into the system via a vulnerability in a payment module belonging to an external service provider. This was reported by the tech portal "Connect."

Many online shops use such modules to process payment transactions. This is precisely where the risk lies: if a security breach occurs, it could potentially affect several retailers at the same time.

However, the attack was specifically directed at the asgoodasnew store. The company has since informed its customers about the incident and is currently investigating the circumstances with experts.

This customer data could be viewed

According to current information, the intruders were able to access various customer data. This includes:

• names
• addresses
• email addresses
• complete order histories

Passwords were also part of the database. However, these were only available in encrypted form. While this reduces the risk of direct misuse, it does not completely rule it out.

As a precautionary measure, the company has reset all customer passwords; users must set a new password using the "Forgot password" function.

In addition, the relevant data protection authorities were informed about the incident.

Beware of deceptively genuine phishing emails

The stolen order history is particularly problematic. Criminals can use it to create very credible emails.

For example, if a message refers to a product that has actually been purchased, it appears much more credible. This is precisely what fraudsters rely on in so-called phishing attacks.

Customers should therefore remain vigilant:

• Do not click on any suspicious links.
• Do not enter access data via email
• If in doubt, ask the dealer directly.

Anyone who, contrary to all recommendations, uses the same combination of email address and password for multiple services should create new—and, if possible, different—login details everywhere after an attack.

Cyberattacks are increasing dramatically

This case fits into a bigger picture. According to the 2026 Annual Threat Report by British security company Darktrace, Germany is currently the country in Europe most affected by cyberattacks.

A new method is particularly insidious: QR code phishing, also known as "quishing." Instead of a link, emails contain a QR code. When scanned, the victim is taken to a fake website. Such attacks have recently increased by 28 percent to more than 1.2 million cases.

A critical look at the situation

The attack highlights a structural problem in online commerce: many shops are technically connected to each other—via payment providers, plugins, and external services. This is often where the most dangerous vulnerabilities arise.

The real question is therefore no longer whether an attack will happen, but when. Anyone who still believes that cybersecurity is only an IT issue is significantly underestimating the reality of the digital economy.

Source: chip.de, connect.de