Skoda Auto's German online shop breached via e-commerce software flaw - customer names, addresses, phones, and password hashes exposed; server logs cannot confirm full exfiltration

Skoda Auto, the Volkswagen Group's Czech-built carmaker with 34,000 employees and 27 billion euros in annual sales, disclosed that attackers exploited a flaw in its German online shop software to access customer data. The breach hit shop.skoda-auto.de, not Skoda's global systems or the Skoda Connect portal. Exposed information includes names, addresses, email addresses, phone numbers, order history, account data, and password hashes. Payment card details were not stored on the affected system. Skoda took the shop offline, patched the flaw, and engaged external forensics, but admitted its server logs cannot retrospectively confirm exactly what data was copied out during the intrusion window.

Check

Check the email account used for any past Skoda online shop orders, search your password manager for credentials reused across Skoda and other services, and watch for German-language phishing referencing real order numbers.

Affected

Customers who created an account or placed an order on shop.skoda-auto.de (Skoda Auto Germany's online store). The Skoda Connect Portal and Skoda's global systems are not affected per the company.

Fix

Change the Skoda online shop password and any other service using the same credentials, and enable MFA where available. Do not click links in emails or texts about Skoda orders; verify directly through the shop website.