Personal information of 150,000 online customers of the German drugstore chain Schlecker was available online for everyone to access due to an error of the chain’s service provider, reports The Local.
The situation has been rectified and the information is now safe, but for an unspecified period of time names, addresses and profiles of the customers, and some 7.1 million email addresses of the customers who are on the list for receiving the company newsletter, were available for anyone to harvest.
Schlecher’s spokesman made sure to mention that account numbers and passwords were not compromised in any way, but the information that was accessible could be enough for criminals to effectively impersonate the company and contact the customers through the publicly available mail server. The victims could then be persuaded to make their purchases and, thus, hand over their bank account details to the criminals.
According to SC Magazine, Schlecker sent its online customers a 5-Euro voucher via email as a “general goodwill gesture”. It remains to be seen if that will placate the understandably upset customers.