Brabantia, the Dutch company most well known for making steel bins, has been hacked within the last 24 hours, and customer details may have been exposed.
An email Brabantia has sent to consumers explains that "as part of our routine monitoring, we have been made aware that our database accounts have been subject to unauthorised access in the last 24 hours and that some customer details may have been compromised".
Brabantia has released little information regarding the extent to which customer details have been jeopardised.
The firm stressed that it does not store credit card or debit card details and that it believes "the potentially vulnerable data is limited to name, email(address), and products ordered".
The Register was unable to confirm whether "email(address)" meant postal as well as email address, however both bits of information are retained on the account section of the site.
The company notes that "as a precautionary security measure" it has "cancelled all account passwords", which raises all of the standard questions about how those passwords were being stored.
The retail industry is not as commonly targeted by malicious actors as other areas, such as the financial services industry. According to a Freedom of Information request to the Information Commissioner's Office, data breach investigations within the financial services industry have almost trebled over the last two years, with human error almost always responsible.
El Reg signed up for a Brabantia account and found none of the typical red-flags suggesting passwords may be stored in plain text – the most common reason for a rescinding of all passwords following a breach.
The email returns a standard-length series of asterisks and user password selection does not have a character limit.
Brabantia advises: "If you have previously set up an account with us, we invite you to use your existing user name to set up a new password to regain access to your account."
The Register has been told that nobody dealing with the breach was based at Brabantia's head office. We were passed through to Eric van der Palen, an "Online Marketeer", who was unable to offer comment but told us he would attempt to put us in contact with a member of the board.
The company also issued a statement on its website about the breach. ®