Your latest update on the MitoQ Phishing Scam. We are very appreciative of all the support we have received over this period and would like to apologize for any issues or distress this event caused you. Please let us know if you have any further questions regarding this.
It has been a very challenging week and I am very much appreciative of all the support from our customers as we learned of the attack and remediated the situation. We have monitored the site closely since the attack and no further instances of hacking have been identified since our last communication to you. There are lessons that we have learned from the attack and we are working with experts to further strengthen our site security.
We have sent out an update to all customers affected (email sent 08/03/18), if you have not received this email and would like to, please contact us at email@example.com.
Again, I want to apologise for any issues or distress this event has caused you. We appreciate your business and value you as our customer, and appreciate your patience as we have worked through this.
We now have reason to believe that the credit card information of a subset of customers who have recently transacted with us may have been accessed. If you are a potentially affected customer, you will have received an email directly from and we are also contacting all potentially affected customers by phone. The phone number we are calling from will be +64 9-928 7665.
You may, by now, be aware that we were the victim of a sophisticated attack on our customer order system. As a result customers were contacted with ‘phishing’ emails purporting to come from MitoQ. These emails induced customers to visit a cloned version of our website, hosted on a similar domain name, and share their credit card details with false promise of a refund.
I would like to give you an update on what we have learnt over the past 24 hours and what we have done to deal with the situation.
Firstly, I would like to apologise for any issues caused by this attack. The entire MitoQ team works very hard to deliver a credible and trustworthy service and it is devastating when an incident like this undermines our efforts. Protecting your information is important to us and we work hard to keep it safe.
Unfortunately, these sorts of attacks are becoming increasingly common.
What the hackers accessed;
The information that was accessed was via our ordering system which contains names, phone numbers, delivery and email addresses and order details. I want to stress that, as part of MitoQ’s cyber security practices, MitoQ does not store any payment card data and bank account information so this information was not accessed. The absence of this information is why the attack was designed to entice you into sharing those details.
In the last 24 hours we have;
- Identified the hacking and closed it down;
- Emailed you to advise of the issue;
- Updated our Facebook and Twitter contacts with details of the hack;
- Contacted the company hosting the phishing website and had it taken down; and
- Engaged third party security experts who will review all aspects of our data security to help enhance our safeguards and systems.
What you need to do;
If you provided your credit card information into the hacker’s website please contact your bank or provider immediately, advise them of what has happened, and ask them to cancel your card.
I know some of you are concerned that your private information has been accessed but I have been told, whilst there are no guarantees, that this sort of criminal venture is more interested in the quick harvesting of credit card details before moving on to their next target rather than using other information – if they did want to do that then they would not have notified us all of the hack via the phishing attempt.
If you have questions, our team is responding to queries as soon as practicable. Email: firstname.lastname@example.org
Greg MacPherson, CEO
Last Updated: 08/03/18