Cyberattack targeting package delivering company compromised thousands of users

Recently an unidentified hacker deployed a cyberattack to force the opening of doors of more than 2 thousand 700 package delivery lockers in Russia. The attack, which occurred on December 4 in the afternoon, was launched against PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers in Moscow and St. Petersburg.

Thanks to this service, Russian citizens can order all kinds of products online and choose to be delivered in a PickPoint locker without using their real address. When the package is delivered, users receive an email or SMS message, and can submit and pick up their orders using the PickPoint app.

During this attack, the hacker compromised the system that allows users to open the locker, forging the doors to open without the authorization of legitimate clients. Using an exploit that has not been identified by the cybersecurity community, the attacker managed to open the doors of more than a third of the company’s lockers, leaving thousands of packages exposed to theft or loss.

The agents in charge of the investigation are unaware of the threat actor’s motives, although they are already working together with the company to reach these conclusions as soon as possible. For now, PickPoint continues to work to restore your networks with the necessary measures to prevent this from happening again. The company added that it is not aware of the theft of any package as a result of this incident, although they report that access was immediately restricted to prevent a disastrous scenario.

The company called a press conference Saturday afternoon to publicly acknowledge the incident, which appears to be the first attack on a company of its kind. Additional updates are expected in the coming days.