Flatpack furniture giant Ikea has confirmed it is currently under assault from cyber attack on its systems, which has seen malicious internal emails sent throughout the organisation as well as to suppliers and business partners.
The email, seen by Bleeping Computer, informs staff that rogue emails are being circulated around the business and are appearing as a genuine reply to an existing email chain.
Attacks of this nature begin with an email account being compromised and hijacked through phishing or password spraying, although it is not unknown to emanate from hackers infiltrating email servers to gain admin access.
The attackers are then able to monitor emails and watch for opportunities to send malicious links or malware disguised as legitimate documents. Hackers often set up an alternative inbox to receive replies, so that the owner of the compromised account remains unaware.
Ikea has confirmed that a “full-scale investigation” into the incident is underway, although insists there is no indication that customer data has been compromised – as yet.
The Ikea Family loyalty scheme has over 52 million members and operates throughout Europe, the Far East and the US.
An Ikea spokesperson said: “We are aware of the situation regarding the phishing attack against parts of the Ikea organisation. Actions have been taken to prevent damages and a full-scale investigation is ongoing to seal and solve the issue. We take the matter very seriously as safeguarding personal data is a primary concern for Ikea.”
Related stories
Bored with Billy or Poäng? Ikea plots buy back scheme
Lockdown online shopping saved our skins, says Ikea
‘Gold Digger’ Ikea grovels after double charge gaffe
Proximity triumphs as Ikea builds for expansion drive
Ikea online expansion is ‘biggest change since launch’