Framework, celebrated for its groundbreaking approach in creating user-serviceable and upgradable laptops, recently faced a significant setback in the form of a cybersecurity breach. While renowned for their innovative designs, even the most reputable tech companies are not immune to hacking threats. In a recent development, Framework notified a portion of its customer base about a successful phishing attempt that resulted in the unauthorized access to names and email addresses of an undisclosed number of users who made purchases through its online store.
The breach originated from a sophisticated social engineering attack on Framework’s external accountant firm. The attacker posed as the company’s CEO, successfully tricking the external accountant into revealing a spreadsheet containing sensitive customer data, including names, addresses, and outstanding balances of those who still owed money on their laptop or parts purchases. The compromised information was then disseminated to the affected customers via email, and the incident was subsequently exposed on Framework’s user forum, as reported by Bleeping Computer.
While a name and an email address may seem like minimal information, the potential risks are substantial. This stolen data could potentially be combined with information from other recent database breaches, creating a more comprehensive dataset and a potential avenue for identity theft. Framework has advised affected users to exercise caution and be vigilant against any emails pretending to be from the company.