Cyber Incident Victim: Thalia Bücher GmbH

On January 19, 2022, Thalia Bücher GmbH’s online bookstore experienced a brute-force attack targeting customer accounts. Attackers systematically tested numerous username and password combinations over several hours to gain unauthorized access. Thalia confirmed the attack succeeded in compromising "some customer accounts" but stated no unauthorized orders were placed in the E-Book Store and no account data was altered. The company detected the intrusion by January 20 and notified affected customers via email, advising those with reused passwords to change them immediately across all services to prevent secondary compromises. Thalia reset all customer passwords as a containment measure, invalidating existing credentials to block further attacker access.

The incident revealed deficiencies in Thalia’s security infrastructure, as no intrusion prevention systems like Fail2ban or firewall-based IP blocking mechanisms were in place to halt repeated login attempts. Multiple customers, including users of password managers with complex credentials, reported receiving Thalia’s breach notification, indicating the attack’s broad scope and persistence against robust passwords. While no direct data exfiltration or fraudulent transactions occurred, the breach necessitated widespread password resets and eroded customer trust. Thalia publicly committed to strengthening its online shop’s defenses against external attacks to prevent recurrence, though specific technical improvements were not disclosed. The company’s response focused on operational remediation rather than detailed transparency about the attack’s origin or full impact.