Security Incident

Michael and Mami
October 22nd, 2020



1. 経緯


2. 被害への対応




3. セキュリティ対策について






1. Details

On June 29th, at approximately 9am, we received a message from our distribution center reporting that they are unable to access the site. In our investigation, we determined that a hacker infiltrated the site, deleted the user database and left a message stating, “To recover your lost database and prevent leaking it, pay the required amount of bitcoin to get it back”.

2. Our Response

We took immediate action to contain the attack by closing the website, securing the the database, renewing all relevant credentials, contacting affected users, posting a statement to social media and contacting cybersecurity authorities, law enforcement and the personal information protection committee.

To the best of our knowledge, the attacker utilized a brute force attack to gain access to the MySql database via PHPMyAdmin. The breach may have compromised the data of 1,169 users including emails, names, usernames, phone numbers and addresses. The infiltrated database did not include any critical payment processing information.

3. Future Security

We have spent the last 3 months taking measures to ensure that our website and our users data is secured to the highest standard. We brought in a security specialist to advise our team and run sophisticated penetration tests using professional hacking tools in order to identify any potential vulnerabilities.

Following our assessment, we rebuilt the site core, strengthened all site and server credentials and migrated the site and databases to servers with industry-leading security services. We have since run penetration tests to validate our changes and will conduct routine security status evaluations going forward. Additionally, we will be requiring all new and returning users to create new passwords which meet a strong password standard as well as complete a simple captcha to log in.

We sincerely apologize for any inconvenience this may have caused. At this stage, we believe we have taken every measure available to us in ensuring the security of our users’ data going forward. Thank you so much for your understanding and support.

– Michael and Mami

Public tool for assessing the vulnerability of websites:
Mozilla Observatory