Seiko USA website defaced as hacker claims customer data theft
Seiko USA website defaced; attackers claim Shopify customer database theft and demand ransom.
Summary
The Seiko USA website was defaced over the weekend with attackers claiming they breached the company's Shopify backend and exfiltrated customer data including names, emails, phone numbers, order history, and shipping addresses. The threat actors issued a 72-hour extortion demand, threatening to publicly release the stolen database unless Seiko USA initiates ransom negotiations via a contact email added to a specific customer account. Seiko has removed the defacement but has not publicly confirmed the breach or responded to inquiries about the incident's legitimacy.
Full text
Seiko USA website defaced as hacker claims customer data theft By Lawrence Abrams April 20, 2026 02:22 PM 0 The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the "Press Lounge" section of the site were shown a page titled "HACKED," which replaced normal content with what appeared to be a ransom demand and data breach notification. The message warned that attackers had gained access to the company's Shopify backend and exfiltrated sensitive customer information. "This is an urgent security notification regarding your Shopify store. Your customer database has been compromised," read the defaced webpage. "We have successfully breached your Shopify store's security systems and downloaded the entire customer database." Seiko website defaced to show extortion messageSource: BleepingComputer The threat actors claim the stolen data contains the following information: Customer Information: Names, email addresses, phone numbers Order History: Purchase records, transaction details Shipping Data: Addresses, shipping preferences Account Details: Account creation dates, customer notes The attackers warn that the stolen data will be publicly released unless Seiko USA enters into negotiations. As part of the demand, they instructed the company to locate a specific customer account, identified as ID 8069776801871, within the Shopify admin panel. The threat actors say that a contact email address was added to that account profile and should be used to initiate negotiations. The defacement further warned that Seiko USA had 72 hours to contact them or the alleged database would be published. BleepingComputer has not been able to determine what threat actor is behind the attack and whether their claims are legitimate. Seiko USA has not publicly confirmed or responded to BleepingComputer emails about the incident, but has since removed the extortion message from the website. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Vercel confirms breach as hackers claim to be selling stolen dataCrypto-exchange Kraken extorted by hackers after insider breachStolen Rockstar Games analytics data leaked by extortion gangSnowflake customers hit in data theft attacks after SaaS integrator breachGoogle: New UNC6783 hackers steal corporate Zendesk support tickets