AMG Private Lounge - Data Breach

[st13phil]

Just received a notification email from the AMG Private Lounge Team indicating that "data records from our old AMG Private Lounge user accounts have been illegally obtained and put up for offer on the internet by perpetrators who are yet to be identified". If you have re-used the password from the old AMG Private Lounge on any other sites, it is advised that you change your password wherever it has been re-used as a matter of urgency.

Full text of email follows:

Dear Mr. XXXXX,​

​

We place a high priority on the protection of your personal data and your privacy.​

​

We therefore regret to inform you that data records from our old AMG Private Lounge user accounts have been illegally obtained and put up for offer on the internet by perpetrators who are yet to be identified. There is a high chance that data from your former account is affected.​

​

User data from the old AMG Private Lounge, which was in operation until the switch to our new digital platform in 2019, is affected. The current AMG Private Lounge is not affected.​

​

Mercedes-AMG GmbH attaches great importance to complying with the EU-General Data Protection Regulations (GDPR) and we therefore immediately reported the incident to the responsible supervisory authority in Europe. In addition, a criminal complaint has been filed with the responsible investigative authorities.​

​

Despite there being no immediate security risk to user data in the current AMG Private Lounge, we would strongly encourage you to change your password, particularly if you are still logging in with your old access data, or if your password is used across multiple accounts (e.g. for your Mercedes me ID or other websites).​

​

Please be particularly vigilant in the near future if you are contacted by an unknown source. If you receive suspicious messages or emails please delete these immediately and do not reply. Attachments should not be opened.​

​

A trusted business relationship with transparent communication is important to us. We very much regret this incident and apologize for any inconvenience caused.​

​

Yours sincerely,​

​

Your AMG Private Lounge Team​

 

[AMGeed]

I received the same email today.
Password changed, just in case.

 

[Carlos2k]

Run your email address through here, see if it's been posted on any dark websites etc

https://haveibeenpwned.com/

 

[ShaunB]

Hnmmmmmmnn
Seems my email address has 8 pwnde breaches
How do you find out what is breached?

 

[markjay]

Hnmmmmmmnn
Seems my email address has 8 pwnde breaches
How do you find out what is breached?

Scroll down to the bottom of the page, it will show the services that were breached (e.g. Dropbox, etc). But some of it will be very old and possibly no longer relevant.

 

[st13phil]

But some of it will be very old and possibly no longer relevant.

Unless you do as many do, and reuse passwords across multiple sites and fail to change them periodically.

Using a password manager to create and administer strong passwords plus using two-factor authentication when available reduces the chances of becoming a victim of impersonation fraud. It all seems a bit of a faff, but becoming a victim is a whole world of pain.

 

[Steveml63]

Hi,
Got the same email the other day!
Not bothered - as I use a different password for every single site that requires one!
I use a special way to create & remember every password very easily!
Cheers
Steve